2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
14 * 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
15 * Naoyoshi Ueda <piyomaru3141@gmail.com>
19 * Wireshark - Network traffic analyzer
20 * By Gerald Combs <gerald@wireshark.org>
21 * Copyright 1998 Gerald Combs
23 * This program is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU General Public License
25 * as published by the Free Software Foundation; either version 2
26 * of the License, or (at your option) any later version.
28 * This program is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31 * GNU General Public License for more details.
33 * You should have received a copy of the GNU General Public License
34 * along with this program; if not, write to the Free Software
35 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 * IKEv2 http://www.ietf.org/rfc/rfc4306.txt?number=4306
39 * IKEv2bis http://www.ietf.org/rfc/rfc5996.txt?number=5996
41 * http://www.iana.org/assignments/isakmp-registry (last updated 2009-10-08)
42 * http://www.iana.org/assignments/ipsec-registry (last updated 2010-06-14)
43 * http://www.iana.org/assignments/ikev2-parameters (last updated 2010-10-11)
57 #include <epan/strutil.h>
58 #include <wsutil/file_util.h>
62 #include <epan/proto.h>
63 #include <epan/packet.h>
64 #include <epan/ipproto.h>
65 #include <epan/asn1.h>
66 #include <epan/reassemble.h>
67 #include <epan/dissectors/packet-x509if.h>
68 #include <epan/dissectors/packet-x509af.h>
69 #include <epan/dissectors/packet-isakmp.h>
70 #include <epan/prefs.h>
71 #include <epan/expert.h>
74 /* Struct for the byte_to_str, match_bytestr_idx, and match_bytestr functions */
76 typedef struct _byte_string {
82 static int proto_isakmp = -1;
84 static int hf_isakmp_nat_keepalive = -1;
85 static int hf_isakmp_nat_hash = -1;
86 static int hf_isakmp_nat_original_address_ipv6 = -1;
87 static int hf_isakmp_nat_original_address_ipv4 = -1;
89 static int hf_isakmp_icookie = -1;
90 static int hf_isakmp_rcookie = -1;
91 static int hf_isakmp_typepayload = -1;
92 static int hf_isakmp_nextpayload = -1;
93 static int hf_isakmp_criticalpayload = -1;
94 static int hf_isakmp_datapayload = -1;
95 static int hf_isakmp_extradata = -1;
96 static int hf_isakmp_version = -1;
97 static int hf_isakmp_exchangetype_v1 = -1;
98 static int hf_isakmp_exchangetype_v2 = -1;
99 static int hf_isakmp_flags = -1;
100 static int hf_isakmp_flag_e = -1;
101 static int hf_isakmp_flag_c = -1;
102 static int hf_isakmp_flag_a = -1;
103 static int hf_isakmp_flag_i = -1;
104 static int hf_isakmp_flag_v = -1;
105 static int hf_isakmp_flag_r = -1;
106 static int hf_isakmp_messageid = -1;
107 static int hf_isakmp_length = -1;
108 static int hf_isakmp_payloadlen = -1;
109 static int hf_isakmp_sa_doi = -1;
110 static int hf_isakmp_sa_situation = -1;
111 static int hf_isakmp_sa_situation_identity_only = -1;
112 static int hf_isakmp_sa_situation_secrecy = -1;
113 static int hf_isakmp_sa_situation_integrity = -1;
114 static int hf_isakmp_prop_protoid_v1 = -1;
115 static int hf_isakmp_prop_protoid_v2 = -1;
116 static int hf_isakmp_prop_number = -1;
117 static int hf_isakmp_prop_transforms = -1;
118 static int hf_isakmp_spisize = -1;
119 static int hf_isakmp_spi = -1;
120 static int hf_isakmp_trans_number = -1;
121 static int hf_isakmp_trans_id = -1;
122 static int hf_isakmp_id_type_v1 = -1;
123 static int hf_isakmp_id_type_v2 = -1;
124 static int hf_isakmp_id_protoid = -1;
125 static int hf_isakmp_id_port = -1;
126 static int hf_isakmp_id_data = -1;
127 static int hf_isakmp_id_data_ipv4_addr = -1;
128 static int hf_isakmp_id_data_fqdn = -1;
129 static int hf_isakmp_id_data_user_fqdn = -1;
130 static int hf_isakmp_id_data_ipv4_subnet = -1;
131 static int hf_isakmp_id_data_ipv4_range_start = -1;
132 static int hf_isakmp_id_data_ipv4_range_end = -1;
133 static int hf_isakmp_id_data_ipv6_addr = -1;
134 static int hf_isakmp_id_data_ipv6_subnet = -1;
135 static int hf_isakmp_id_data_ipv6_range_start = -1;
136 static int hf_isakmp_id_data_ipv6_range_end = -1;
137 static int hf_isakmp_id_data_key_id = -1;
138 static int hf_isakmp_id_data_cert = -1;
139 static int hf_isakmp_cert_encoding_v1 = -1;
140 static int hf_isakmp_cert_encoding_v2 = -1;
141 static int hf_isakmp_cert_data = -1;
142 static int hf_isakmp_certreq_type_v1 = -1;
143 static int hf_isakmp_certreq_type_v2 = -1;
144 static int hf_isakmp_certreq_authority_v1 = -1;
145 static int hf_isakmp_certreq_authority_v2 = -1;
146 static int hf_isakmp_certreq_authority_sig = -1;
147 static int hf_isakmp_auth_meth = -1;
148 static int hf_isakmp_auth_data = -1;
149 static int hf_isakmp_notify_doi = -1;
150 static int hf_isakmp_notify_protoid_v1 = -1;
151 static int hf_isakmp_notify_protoid_v2 = -1;
152 static int hf_isakmp_notify_msgtype_v1 = -1;
153 static int hf_isakmp_notify_msgtype_v2 = -1;
154 static int hf_isakmp_notify_data = -1;
155 static int hf_isakmp_notify_data_dpd_are_you_there = -1;
156 static int hf_isakmp_notify_data_dpd_are_you_there_ack = -1;
157 static int hf_isakmp_notify_data_unity_load_balance = -1;
158 static int hf_isakmp_notify_data_ipcomp_cpi = -1;
159 static int hf_isakmp_notify_data_ipcomp_transform_id = -1;
160 static int hf_isakmp_notify_data_redirect_gw_ident_type = -1;
161 static int hf_isakmp_notify_data_redirect_gw_ident_len = -1;
162 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4 = -1;
163 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6 = -1;
164 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn = -1;
165 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident = -1;
166 static int hf_isakmp_notify_data_redirect_nonce_data = -1;
167 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4 = -1;
168 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6 = -1;
169 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident = -1;
170 static int hf_isakmp_notify_data_ticket_lifetime = -1;
171 static int hf_isakmp_notify_data_ticket_data = -1;
172 static int hf_isakmp_notify_data_rohc_attr = -1;
173 static int hf_isakmp_notify_data_rohc_attr_type = -1;
174 static int hf_isakmp_notify_data_rohc_attr_format = -1;
175 static int hf_isakmp_notify_data_rohc_attr_length = -1;
176 static int hf_isakmp_notify_data_rohc_attr_value = -1;
177 static int hf_isakmp_notify_data_rohc_attr_max_cid = -1;
178 static int hf_isakmp_notify_data_rohc_attr_profile = -1;
179 static int hf_isakmp_notify_data_rohc_attr_integ = -1;
180 static int hf_isakmp_notify_data_rohc_attr_icv_len = -1;
181 static int hf_isakmp_notify_data_rohc_attr_mrru = -1;
182 static int hf_isakmp_delete_doi = -1;
183 static int hf_isakmp_delete_protoid_v1 = -1;
184 static int hf_isakmp_delete_protoid_v2 = -1;
185 static int hf_isakmp_delete_spi = -1;
186 static int hf_isakmp_vid_bytes = -1;
187 static int hf_isakmp_vid_string = -1;
188 static int hf_isakmp_vid_cp_product = -1;
189 static int hf_isakmp_vid_cp_version = -1;
190 static int hf_isakmp_vid_cp_timestamp = -1;
191 static int hf_isakmp_vid_cp_reserved = -1;
192 static int hf_isakmp_vid_cp_features = -1;
193 static int hf_isakmp_vid_cisco_unity_major = -1;
194 static int hf_isakmp_vid_cisco_unity_minor = -1;
195 static int hf_isakmp_vid_ms_nt5_isakmpoakley = -1;
196 static int hf_isakmp_vid_aruba_via_auth_profile = -1;
197 static int hf_isakmp_ts_number_of_ts = -1;
198 static int hf_isakmp_ts_type = -1;
199 static int hf_isakmp_ts_protoid = -1;
200 static int hf_isakmp_ts_selector_length = -1;
201 static int hf_isakmp_ts_start_port = -1;
202 static int hf_isakmp_ts_end_port = -1;
203 static int hf_isakmp_ts_start_addr_ipv4 = -1;
204 static int hf_isakmp_ts_end_addr_ipv4 = -1;
205 static int hf_isakmp_ts_start_addr_ipv6 = -1;
206 static int hf_isakmp_ts_end_addr_ipv6 = -1;
207 static int hf_isakmp_ts_start_addr_fc = -1;
208 static int hf_isakmp_ts_end_addr_fc = -1;
209 static int hf_isakmp_ts_start_r_ctl = -1;
210 static int hf_isakmp_ts_end_r_ctl = -1;
211 static int hf_isakmp_ts_start_type = -1;
212 static int hf_isakmp_ts_end_type = -1;
213 static int hf_isakmp_ts_data = -1;
214 static int hf_isakmp_num_spis = -1;
215 static int hf_isakmp_hash = -1;
216 static int hf_isakmp_sig = -1;
217 static int hf_isakmp_nonce = -1;
219 static int hf_isakmp_tf_attr = -1;
220 static int hf_isakmp_tf_attr_type_v1 = -1;
221 static int hf_isakmp_tf_attr_format = -1;
222 static int hf_isakmp_tf_attr_length = -1;
223 static int hf_isakmp_tf_attr_value = -1;
224 static int hf_isakmp_tf_attr_life_type = -1;
225 static int hf_isakmp_tf_attr_life_duration = -1;
226 static int hf_isakmp_tf_attr_group_description = -1;
227 static int hf_isakmp_tf_attr_encap_mode = -1;
228 static int hf_isakmp_tf_attr_auth_algorithm = -1;
229 static int hf_isakmp_tf_attr_key_length = -1;
230 static int hf_isakmp_tf_attr_key_rounds = -1;
231 static int hf_isakmp_tf_attr_cmpr_dict_size = -1;
232 static int hf_isakmp_tf_attr_cmpr_algorithm = -1;
233 static int hf_isakmp_tf_attr_ecn_tunnel = -1;
234 static int hf_isakmp_tf_attr_ext_seq_nbr = -1;
235 static int hf_isakmp_tf_attr_auth_key_length = -1;
236 static int hf_isakmp_tf_attr_sig_enco_algorithm = -1;
238 static int hf_isakmp_ike_attr = -1;
239 static int hf_isakmp_ike_attr_type = -1;
240 static int hf_isakmp_ike_attr_format = -1;
241 static int hf_isakmp_ike_attr_length = -1;
242 static int hf_isakmp_ike_attr_value = -1;
243 static int hf_isakmp_ike_attr_encryption_algorithm = -1;
244 static int hf_isakmp_ike_attr_hash_algorithm = -1;
245 static int hf_isakmp_ike_attr_authentication_method = -1;
246 static int hf_isakmp_ike_attr_group_description = -1;
247 static int hf_isakmp_ike_attr_group_type = -1;
248 static int hf_isakmp_ike_attr_group_prime = -1;
249 static int hf_isakmp_ike_attr_group_generator_one = -1;
250 static int hf_isakmp_ike_attr_group_generator_two = -1;
251 static int hf_isakmp_ike_attr_group_curve_a = -1;
252 static int hf_isakmp_ike_attr_group_curve_b = -1;
253 static int hf_isakmp_ike_attr_life_type = -1;
254 static int hf_isakmp_ike_attr_life_duration = -1;
255 static int hf_isakmp_ike_attr_prf = -1;
256 static int hf_isakmp_ike_attr_key_length = -1;
257 static int hf_isakmp_ike_attr_field_size = -1;
258 static int hf_isakmp_ike_attr_group_order = -1;
260 static int hf_isakmp_trans_type = -1;
261 static int hf_isakmp_trans_encr = -1;
262 static int hf_isakmp_trans_prf = -1;
263 static int hf_isakmp_trans_integ = -1;
264 static int hf_isakmp_trans_dh = -1;
265 static int hf_isakmp_trans_esn = -1;
266 static int hf_isakmp_trans_id_v2 = -1;
268 static int hf_isakmp_ike2_attr = -1;
269 static int hf_isakmp_ike2_attr_type = -1;
270 static int hf_isakmp_ike2_attr_format = -1;
271 static int hf_isakmp_ike2_attr_length = -1;
272 static int hf_isakmp_ike2_attr_value = -1;
273 static int hf_isakmp_ike2_attr_key_length = -1;
275 static int hf_isakmp_fragments = -1;
276 static int hf_isakmp_fragment = -1;
277 static int hf_isakmp_fragment_overlap = -1;
278 static int hf_isakmp_fragment_overlap_conflicts = -1;
279 static int hf_isakmp_fragment_multiple_tails = -1;
280 static int hf_isakmp_fragment_too_long_fragment = -1;
281 static int hf_isakmp_fragment_error = -1;
282 static int hf_isakmp_fragment_count = -1;
283 static int hf_isakmp_reassembled_in = -1;
284 static int hf_isakmp_reassembled_length = -1;
286 static int hf_isakmp_cisco_frag_packetid = -1;
287 static int hf_isakmp_cisco_frag_seq = -1;
288 static int hf_isakmp_cisco_frag_last = -1;
290 static int hf_isakmp_key_exch_dh_group = -1;
291 static int hf_isakmp_key_exch_data = -1;
292 static int hf_isakmp_eap_data = -1;
294 static int hf_isakmp_cfg_type_v1 = -1;
295 static int hf_isakmp_cfg_identifier = -1;
296 static int hf_isakmp_cfg_type_v2 = -1;
297 static int hf_isakmp_cfg_attr = -1;
298 static int hf_isakmp_cfg_attr_type_v1 = -1;
299 static int hf_isakmp_cfg_attr_type_v2 = -1;
300 static int hf_isakmp_cfg_attr_format = -1;
301 static int hf_isakmp_cfg_attr_length = -1;
302 static int hf_isakmp_cfg_attr_value = -1;
304 static int hf_isakmp_cfg_attr_internal_ip4_address = -1;
305 static int hf_isakmp_cfg_attr_internal_ip4_netmask = -1;
306 static int hf_isakmp_cfg_attr_internal_ip4_dns = -1;
307 static int hf_isakmp_cfg_attr_internal_ip4_nbns = -1;
308 static int hf_isakmp_cfg_attr_internal_address_expiry = -1;
309 static int hf_isakmp_cfg_attr_internal_ip4_dhcp = -1;
310 static int hf_isakmp_cfg_attr_application_version = -1;
311 static int hf_isakmp_cfg_attr_internal_ip6_address = -1;
312 static int hf_isakmp_cfg_attr_internal_ip6_netmask = -1;
313 static int hf_isakmp_cfg_attr_internal_ip6_dns = -1;
314 static int hf_isakmp_cfg_attr_internal_ip6_nbns = -1;
315 static int hf_isakmp_cfg_attr_internal_ip6_dhcp = -1;
316 static int hf_isakmp_cfg_attr_internal_ip4_subnet_ip = -1;
317 static int hf_isakmp_cfg_attr_internal_ip4_subnet_netmask = -1;
318 static int hf_isakmp_cfg_attr_supported_attributes = -1;
319 static int hf_isakmp_cfg_attr_internal_ip6_subnet_ip = -1;
320 static int hf_isakmp_cfg_attr_internal_ip6_subnet_prefix = -1;
321 static int hf_isakmp_cfg_attr_internal_ip6_link_interface = -1;
322 static int hf_isakmp_cfg_attr_internal_ip6_link_id = -1;
323 static int hf_isakmp_cfg_attr_internal_ip6_prefix_ip = -1;
324 static int hf_isakmp_cfg_attr_internal_ip6_prefix_length = -1;
325 static int hf_isakmp_cfg_attr_xauth_type = -1;
326 static int hf_isakmp_cfg_attr_xauth_user_name = -1;
327 static int hf_isakmp_cfg_attr_xauth_user_password = -1;
328 static int hf_isakmp_cfg_attr_xauth_passcode = -1;
329 static int hf_isakmp_cfg_attr_xauth_message = -1;
330 static int hf_isakmp_cfg_attr_xauth_challenge = -1;
331 static int hf_isakmp_cfg_attr_xauth_domain = -1;
332 static int hf_isakmp_cfg_attr_xauth_status = -1;
333 static int hf_isakmp_cfg_attr_xauth_next_pin = -1;
334 static int hf_isakmp_cfg_attr_xauth_answer = -1;
335 static int hf_isakmp_cfg_attr_unity_banner = -1;
336 static int hf_isakmp_cfg_attr_unity_def_domain = -1;
338 static int hf_isakmp_enc_decrypted_data = -1;
339 static int hf_isakmp_enc_contained_data = -1;
340 static int hf_isakmp_enc_pad_length= -1;
341 static int hf_isakmp_enc_padding = -1;
342 static int hf_isakmp_enc_data = -1;
343 static int hf_isakmp_enc_iv = -1;
344 static int hf_isakmp_enc_icd = -1;
346 static gint ett_isakmp = -1;
347 static gint ett_isakmp_flags = -1;
348 static gint ett_isakmp_payload = -1;
349 static gint ett_isakmp_fragment = -1;
350 static gint ett_isakmp_fragments = -1;
351 static gint ett_isakmp_sa = -1;
352 static gint ett_isakmp_tf_attr = -1;
353 static gint ett_isakmp_tf_ike_attr = -1;
354 static gint ett_isakmp_tf_ike2_attr = -1;
355 static gint ett_isakmp_id = -1;
356 static gint ett_isakmp_cfg_attr = -1;
357 static gint ett_isakmp_rohc_attr = -1;
358 #ifdef HAVE_LIBGCRYPT
359 /* For decrypted IKEv2 Encrypted payload*/
360 static gint ett_isakmp_decrypted_data = -1;
361 static gint ett_isakmp_decrypted_payloads = -1;
362 #endif /* HAVE_LIBGCRYPT */
364 static dissector_handle_t eap_handle = NULL;
366 static GHashTable *isakmp_fragment_table = NULL;
367 static GHashTable *isakmp_reassembled_table = NULL;
369 static const fragment_items isakmp_frag_items = {
370 /* Fragment subtrees */
371 &ett_isakmp_fragment,
372 &ett_isakmp_fragments,
373 /* Fragment fields */
374 &hf_isakmp_fragments,
376 &hf_isakmp_fragment_overlap,
377 &hf_isakmp_fragment_overlap_conflicts,
378 &hf_isakmp_fragment_multiple_tails,
379 &hf_isakmp_fragment_too_long_fragment,
380 &hf_isakmp_fragment_error,
381 &hf_isakmp_fragment_count,
382 /* Reassembled in field */
383 &hf_isakmp_reassembled_in,
384 /* Reassembled length field */
385 &hf_isakmp_reassembled_length,
389 /* IKE port number assigned by IANA */
390 #define UDP_PORT_ISAKMP 500
391 #define TCP_PORT_ISAKMP 500
396 * RFC3554 for ID_LIST
398 * RFC4595 for ID_FC_NAME
400 #define IKE_ID_IPV4_ADDR 1
401 #define IKE_ID_FQDN 2
402 #define IKE_ID_USER_FQDN 3
403 #define IKE_ID_IPV4_ADDR_SUBNET 4
404 #define IKE_ID_IPV6_ADDR 5
405 #define IKE_ID_IPV6_ADDR_SUBNET 6
406 #define IKE_ID_IPV4_ADDR_RANGE 7
407 #define IKE_ID_IPV6_ADDR_RANGE 8
408 #define IKE_ID_DER_ASN1_DN 9
409 #define IKE_ID_DER_ASN1_GN 10
410 #define IKE_ID_KEY_ID 11
411 #define IKE_ID_LIST 12
412 #define IKE_ID_FC_NAME 12
413 #define IKE_ID_RFC822_ADDR 3
415 * Traffic Selector Type
416 * Not in use for IKEv1
418 #define IKEV2_TS_IPV4_ADDR_RANGE 7
419 #define IKEV2_TS_IPV6_ADDR_RANGE 8
420 #define IKEV2_TS_FC_ADDR_RANGE 9
422 * Configuration Payload Attribute Types
423 * draft-ietf-ipsec-isakmp-mode-cfg-05.txt for IKEv1
424 * draft-ietf-ipsec-isakmp-xauth-06.txt and draft-beaulieu-ike-xauth-02.txt for XAUTH
426 * RFC5739 for INTERNAL_IP6_LINK and INTERNAL_IP6_PREFIX
428 #define INTERNAL_IP4_ADDRESS 1
429 #define INTERNAL_IP4_NETMASK 2
430 #define INTERNAL_IP4_DNS 3
431 #define INTERNAL_IP4_NBNS 4
432 #define INTERNAL_ADDRESS_EXPIRY 5
433 #define INTERNAL_IP4_DHCP 6
434 #define APPLICATION_VERSION 7
435 #define INTERNAL_IP6_ADDRESS 8
436 #define INTERNAL_IP6_NETMASK 9
437 #define INTERNAL_IP6_DNS 10
438 #define INTERNAL_IP6_NBNS 11
439 #define INTERNAL_IP6_DHCP 12
440 #define INTERNAL_IP4_SUBNET 13
441 #define SUPPORTED_ATTRIBUTES 14
442 #define INTERNAL_IP6_SUBNET 15
443 #define MIP6_HOME_PREFIX 16
444 #define INTERNAL_IP6_LINK 17
445 #define INTERNAL_IP6_PREFIX 18
446 /* checkpoint configuration attributes */
447 #define CHKPT_DEF_DOMAIN 16387
448 #define CHKPT_MAC_ADDRESS 16388
449 #define CHKPT_MARCIPAN_REASON_CODE 16389
450 #define CHKPT_UNKNOWN1 16400
451 #define CHKPT_UNKNOWN2 16401
452 #define CHKPT_UNKNOWN3 16402
453 /* XAUTH configuration attributes */
454 #define XAUTH_TYPE 16520
455 #define XAUTH_USER_NAME 16521
456 #define XAUTH_USER_PASSWORD 16522
457 #define XAUTH_PASSCODE 16523
458 #define XAUTH_MESSAGE 16524
459 #define XAUTH_CHALLENGE 16525
460 #define XAUTH_DOMAIN 16526
461 #define XAUTH_STATUS 16527
462 #define XAUTH_NEXT_PIN 16528
463 #define XAUTH_ANSWER 16529
464 /* unity (CISCO) configuration attributes */
465 #define UNITY_BANNER 28672
466 #define UNITY_SAVE_PASSWD 28673
467 #define UNITY_DEF_DOMAIN 28674
468 #define UNITY_SPLIT_DOMAIN 28675
469 #define UNITY_SPLIT_INCLUDE 28676
470 #define UNITY_NATT_PORT 28677
471 #define UNITY_SPLIT_EXCLUDE 28678
472 #define UNITY_PFS 28679
473 #define UNITY_FW_TYPE 28680
474 #define UNITY_BACKUP_SERVERS 28681
475 #define UNITY_DDNS_HOSTNAME 28682
478 * RFC2408 / RFC3547 for IKEv1
481 #define PLOAD_IKE_NONE 0
482 #define PLOAD_IKE_SA 1
483 #define PLOAD_IKE_P 2
484 #define PLOAD_IKE_T 3
485 #define PLOAD_IKE_KE 4
486 #define PLOAD_IKE_ID 5
487 #define PLOAD_IKE_CERT 6
488 #define PLOAD_IKE_CR 7
489 #define PLOAD_IKE_HASH 8
490 #define PLOAD_IKE_SIG 9
491 #define PLOAD_IKE_NONCE 10
492 #define PLOAD_IKE_N 11
493 #define PLOAD_IKE_D 12
494 #define PLOAD_IKE_VID 13
495 #define PLOAD_IKE_A 14
496 #define PLOAD_IKE_NAT_D48 15
497 #define PLOAD_IKE_NAT_OA58 16
498 #define PLOAD_IKE_NAT_D 20
499 #define PLOAD_IKE_NAT_OA 21
500 #define PLOAD_IKE2_SA 33
501 #define PLOAD_IKE2_KE 34
502 #define PLOAD_IKE2_IDI 35
503 #define PLOAD_IKE2_IDR 36
504 #define PLOAD_IKE2_CERT 37
505 #define PLOAD_IKE2_CERTREQ 38
506 #define PLOAD_IKE2_AUTH 39
507 #define PLOAD_IKE2_NONCE 40
508 #define PLOAD_IKE2_N 41
509 #define PLOAD_IKE2_D 42
510 #define PLOAD_IKE2_V 43
511 #define PLOAD_IKE2_TSI 44
512 #define PLOAD_IKE2_TSR 45
513 #define PLOAD_IKE2_SK 46
514 #define PLOAD_IKE2_CP 47
515 #define PLOAD_IKE2_EAP 48
516 #define PLOAD_IKE_NAT_D13 130
517 #define PLOAD_IKE_NAT_OA14 131
518 #define PLOAD_IKE_CISCO_FRAG 132
520 * IPSEC Situation Definition (RFC2407)
522 #define SIT_IDENTITY_ONLY 0x01
523 #define SIT_SECRECY 0x02
524 #define SIT_INTEGRITY 0x04
527 static const value_string exchange_v1_type[] = {
530 { 2, "Identity Protection (Main Mode)" },
531 { 3, "Authentication Only" },
533 { 5, "Informational" },
534 { 6, "Transaction (Config Mode)" },
535 { 32, "Quick Mode" },
536 { 33, "New Group Mode" },
540 static const value_string exchange_v2_type[] = {
541 { 34, "IKE_SA_INIT" },
543 { 36, "CREATE_CHILD_SA" },
544 { 37, "INFORMATIONAL" },
545 { 38, "IKE_SESSION_RESUME" }, /* RFC5723 */
549 static const value_string frag_last_vals[] = {
550 { 0, "More fragments" },
551 { 1, "Last fragment" },
555 static const value_string protoid_v1_type[] = {
561 { 5, "GIGABEAM_RADIO" }, /* RFC4705 */
565 static const value_string protoid_v2_type[] = {
570 { 4, "FC_ESP_HEADER" },
571 { 5, "FC_CT_AUTHENTICATION" },
575 static const range_string payload_type[] = {
576 { PLOAD_IKE_NONE,PLOAD_IKE_NONE, "NONE / No Next Payload " },
577 { PLOAD_IKE_SA,PLOAD_IKE_SA, "Security Association" },
578 { PLOAD_IKE_P,PLOAD_IKE_P, "Proposal" },
579 { PLOAD_IKE_T,PLOAD_IKE_T, "Transform" },
580 { PLOAD_IKE_KE,PLOAD_IKE_KE, "Key Exchange" },
581 { PLOAD_IKE_ID,PLOAD_IKE_ID, "Identification" },
582 { PLOAD_IKE_CERT,PLOAD_IKE_CERT, "Certificate" },
583 { PLOAD_IKE_CR,PLOAD_IKE_CR, "Certificate Request" },
584 { PLOAD_IKE_HASH,PLOAD_IKE_HASH, "Hash" },
585 { PLOAD_IKE_SIG,PLOAD_IKE_SIG, "Signature" },
586 { PLOAD_IKE_NONCE,PLOAD_IKE_NONCE, "Nonce" },
587 { PLOAD_IKE_N,PLOAD_IKE_N, "Notification" },
588 { PLOAD_IKE_D,PLOAD_IKE_D, "Delete" },
589 { PLOAD_IKE_VID,PLOAD_IKE_VID, "Vendor ID" },
590 { PLOAD_IKE_A,PLOAD_IKE_A, "Attributes" }, /* draft-ietf-ipsec-isakmp-mode-cfg-05.txt */
591 { PLOAD_IKE_NAT_D48,PLOAD_IKE_NAT_D48, "NAT-Discovery" }, /* draft-ietf-ipsec-nat-t-ike-04 to 08 */
592 { PLOAD_IKE_NAT_OA58,PLOAD_IKE_NAT_OA58, "NAT-Original Address"}, /* draft-ietf-ipsec-nat-t-ike-05 to 08*/
593 { PLOAD_IKE_NAT_D,PLOAD_IKE_NAT_D, "NAT-D (RFC 3947)" },
594 { PLOAD_IKE_NAT_OA,PLOAD_IKE_NAT_OA, "NAT-OA (RFC 3947)"},
595 { PLOAD_IKE2_SA,PLOAD_IKE2_SA, "Security Association"},
596 { PLOAD_IKE2_KE,PLOAD_IKE2_KE, "Key Exchange"},
597 { PLOAD_IKE2_IDI,PLOAD_IKE2_IDI, "Identification - Initiator"},
598 { PLOAD_IKE2_IDR,PLOAD_IKE2_IDR, "Identification - Responder"},
599 { PLOAD_IKE2_CERT,PLOAD_IKE2_CERT, "Certificate"},
600 { PLOAD_IKE2_CERTREQ,PLOAD_IKE2_CERTREQ, "Certificate Request"},
601 { PLOAD_IKE2_AUTH,PLOAD_IKE2_AUTH, "Authentication"},
602 { PLOAD_IKE2_NONCE,PLOAD_IKE2_NONCE, "Nonce"},
603 { PLOAD_IKE2_N,PLOAD_IKE2_N, "Notify"},
604 { PLOAD_IKE2_D,PLOAD_IKE2_D, "Delete"},
605 { PLOAD_IKE2_V,PLOAD_IKE2_V, "Vendor ID"},
606 { PLOAD_IKE2_TSI,PLOAD_IKE2_TSI, "Traffic Selector - Initiator"},
607 { PLOAD_IKE2_TSR,PLOAD_IKE2_TSR, "Traffic Selector - Responder"},
608 { PLOAD_IKE2_SK,PLOAD_IKE2_SK, "Encrypted and Authenticated"},
609 { PLOAD_IKE2_CP,PLOAD_IKE2_CP, "Configuration"},
610 { PLOAD_IKE2_EAP,PLOAD_IKE2_EAP, "Extensible Authentication"},
611 { 49,127, "Unassigned" },
612 { 128,129, "Private Use" },
613 { PLOAD_IKE_NAT_D13,PLOAD_IKE_NAT_D13, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
614 { PLOAD_IKE_NAT_OA14,PLOAD_IKE_NAT_OA14, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
615 { PLOAD_IKE_CISCO_FRAG,PLOAD_IKE_CISCO_FRAG, "Cisco-Fragmentation"},
616 { 133,256, "Private Use" },
621 * ISAKMP Domain of Interpretation (DOI)
626 static const value_string doi_type[] = {
635 #define ISAKMP_ATTR_LIFE_TYPE 1
636 #define ISAKMP_ATTR_LIFE_DURATION 2
637 #define ISAKMP_ATTR_GROUP_DESC 3
638 #define ISAKMP_ATTR_ENCAP_MODE 4
639 #define ISAKMP_ATTR_AUTH_ALGORITHM 5
640 #define ISAKMP_ATTR_KEY_LENGTH 6
641 #define ISAKMP_ATTR_KEY_ROUNDS 7
642 #define ISAKMP_ATTR_CMPR_DICT_SIZE 8
643 #define ISAKMP_ATTR_CMPR_ALGORITHM 9
644 #define ISAKMP_ATTR_ECN_TUNNEL 10 /* [RFC3168] */
645 #define ISAKMP_ATTR_EXT_SEQ_NBR 11 /* [RFC4304] */
646 #define ISAKMP_ATTR_AUTH_KEY_LENGTH 12 /* [RFC4359] */
647 #define ISAKMP_ATTR_SIG_ENCO_ALGORITHM 13 /* [RFC4359] */
649 static const value_string transform_isakmp_attr_type[] = {
650 { ISAKMP_ATTR_LIFE_TYPE, "SA-Life-Type" },
651 { ISAKMP_ATTR_LIFE_DURATION, "SA-Life-Duration" },
652 { ISAKMP_ATTR_GROUP_DESC, "Group-Description" },
653 { ISAKMP_ATTR_ENCAP_MODE, "Encapsulation-Mode" },
654 { ISAKMP_ATTR_AUTH_ALGORITHM, "Authentication-Algorithm" },
655 { ISAKMP_ATTR_KEY_LENGTH, "Key-Length" },
656 { ISAKMP_ATTR_KEY_ROUNDS, "Key-Rounds" },
657 { ISAKMP_ATTR_CMPR_DICT_SIZE, "Compress-Dictionary-Size" },
658 { ISAKMP_ATTR_CMPR_ALGORITHM, "Compress-Private-Algorithm" },
659 { ISAKMP_ATTR_ECN_TUNNEL, "ECN Tunnel" },
660 { ISAKMP_ATTR_EXT_SEQ_NBR, "Extended (64-bit) Sequence Number" },
661 { ISAKMP_ATTR_AUTH_KEY_LENGTH, "Authentication Key Length" },
662 { ISAKMP_ATTR_SIG_ENCO_ALGORITHM, "Signature Encoding Algorithm" },
666 /* Transform IKE Type */
667 #define IKE_ATTR_ENCRYPTION_ALGORITHM 1
668 #define IKE_ATTR_HASH_ALGORITHM 2
669 #define IKE_ATTR_AUTHENTICATION_METHOD 3
670 #define IKE_ATTR_GROUP_DESCRIPTION 4
671 #define IKE_ATTR_GROUP_TYPE 5
672 #define IKE_ATTR_GROUP_PRIME 6
673 #define IKE_ATTR_GROUP_GENERATOR_ONE 7
674 #define IKE_ATTR_GROUP_GENERATOR_TWO 8
675 #define IKE_ATTR_GROUP_CURVE_A 9
676 #define IKE_ATTR_GROUP_CURVE_B 10
677 #define IKE_ATTR_LIFE_TYPE 11
678 #define IKE_ATTR_LIFE_DURATION 12
679 #define IKE_ATTR_PRF 13
680 #define IKE_ATTR_KEY_LENGTH 14
681 #define IKE_ATTR_FIELD_SIZE 15
682 #define IKE_ATTR_GROUP_ORDER 16
686 static const value_string transform_ike_attr_type[] = {
687 { IKE_ATTR_ENCRYPTION_ALGORITHM,"Encryption-Algorithm" },
688 { IKE_ATTR_HASH_ALGORITHM, "Hash-Algorithm" },
689 { IKE_ATTR_AUTHENTICATION_METHOD,"Authentication-Method" },
690 { IKE_ATTR_GROUP_DESCRIPTION, "Group-Description" },
691 { IKE_ATTR_GROUP_TYPE, "Group-Type" },
692 { IKE_ATTR_GROUP_PRIME, "Group-Prime" },
693 { IKE_ATTR_GROUP_GENERATOR_ONE,"Group-Generator-One" },
694 { IKE_ATTR_GROUP_GENERATOR_TWO,"Group-Generator-Two" },
695 { IKE_ATTR_GROUP_CURVE_A, "Group-Curve-A" },
696 { IKE_ATTR_GROUP_CURVE_B, "Group-Curve-B" },
697 { IKE_ATTR_LIFE_TYPE, "Life-Type" },
698 { IKE_ATTR_LIFE_DURATION, "Life-Duration" },
699 { IKE_ATTR_PRF, "PRF" },
700 { IKE_ATTR_KEY_LENGTH, "Key-Length" },
701 { IKE_ATTR_FIELD_SIZE, "Field-Size" },
702 { IKE_ATTR_GROUP_ORDER, "Group-Order" },
706 static const value_string vs_v2_sttr[] = {
707 { 1, "SA-Life-Type" },
708 { 2, "SA-Life-Duration" },
709 { 3, "Group-Description" },
710 { 4, "Encapsulation-Mode" },
711 { 5, "Authentication-Algorithm" },
714 { 8, "Compress-Dictionary-Size" },
715 { 9, "Compress-Private-Algorithm" },
716 { 10, "ECN Tunnel" },
720 static const value_string vs_v1_trans_isakmp[] = {
726 static const value_string vs_v1_trans_ah[] = {
738 static const value_string vs_v1_trans_esp[] = {
755 static const value_string transform_id_ipcomp[] = {
763 static const value_string redirect_gateway_identity_type[] = {
764 { 1, "IPv4 address" },
765 { 2, "IPv6 address" },
769 static const value_string transform_attr_sa_life_type[] = {
776 static const value_string transform_attr_encap_type[] = {
780 { 3, "UDP-Encapsulated-Tunnel" }, /* RFC3947 */
781 { 4, "UDP-Encapsulated-Transport" }, /* RFC3947 */
782 { 61440, "Check Point IPSec UDP Encapsulation" },
783 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
784 { 61444, "UDP-Encapsulated-Transport (draft)" },
788 static const value_string transform_attr_auth_type[] = {
794 { 5, "HMAC-SHA2-256" },
795 { 6, "HMAC-SHA2-384" },
796 { 7, "HMAC-SHA2-512" },
797 { 8, "HMAC-RIPEMD" }, /* [RFC2857] */
798 { 9, "AES-XCBC-MAC" }, /* [RFC3566] */
799 { 10, "SIG-RSA" }, /* [RFC4359] */
800 { 11, "AES-128-GMAC" }, /* [RFC4543][Errata1821] */
801 { 12, "AES-192-GMAC" }, /* [RFC4543][Errata1821] */
802 { 13, "AES-256-GMAC" }, /* [RFC4543][Errata1821] */
805 Values 11-61439 are reserved to IANA. Values 61440-65535 are
811 #define ENC_DES_CBC 1
812 #define ENC_IDEA_CBC 2
813 #define ENC_BLOWFISH_CBC 3
814 #define ENC_RC5_R16_B64_CBC 4
815 #define ENC_3DES_CBC 5
816 #define ENC_CAST_CBC 6
817 #define ENC_AES_CBC 7
818 #define ENC_CAMELLIA_CBC 8
820 static const value_string transform_attr_enc_type[] = {
822 { ENC_DES_CBC, "DES-CBC" },
823 { ENC_IDEA_CBC, "IDEA-CBC" },
824 { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
825 { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
826 { ENC_3DES_CBC, "3DES-CBC" },
827 { ENC_CAST_CBC, "CAST-CBC" },
828 { ENC_AES_CBC, "AES-CBC" },
829 { ENC_CAMELLIA_CBC, "CAMELLIA-CBC" },
836 #define HMAC_SHA2_256 4
837 #define HMAC_SHA2_384 5
838 #define HMAC_SHA2_512 6
840 static const value_string transform_attr_hash_type[] = {
844 { HMAC_TIGER, "TIGER" },
845 { HMAC_SHA2_256, "SHA2-256" },
846 { HMAC_SHA2_384, "SHA2-384" },
847 { HMAC_SHA2_512, "SHA2-512" },
851 static const value_string transform_attr_ecn_type[] = {
858 static const value_string transform_attr_ext_seq_nbr_type[] = {
860 { 1, "64-bit Sequence Number" },
864 static const value_string transform_attr_sig_enco_algo_type[] = {
866 { 1, "RSASSA-PKCS1-v1_5" },
871 static const value_string transform_attr_authmeth_type[] = {
877 { 5, "RSA-Revised-ENC" },
878 { 6, "Encryption with El-Gamal" },
879 { 7, "Revised encryption with El-Gamal" },
880 { 8, "ECDSA signatures" },
881 { 9, "AES-XCBC-MAC" },
882 { 64221, "HybridInitRSA" },
883 { 64222, "HybridRespRSA" },
884 { 64223, "HybridInitDSS" },
885 { 64224, "HybridRespDSS" },
886 { 65001, "XAUTHInitPreShared" },
887 { 65002, "XAUTHRespPreShared" },
888 { 65003, "XAUTHInitDSS" },
889 { 65004, "XAUTHRespDSS" },
890 { 65005, "XAUTHInitRSA" },
891 { 65006, "XAUTHRespRSA" },
892 { 65007, "XAUTHInitRSAEncryption" },
893 { 65008, "XAUTHRespRSAEncryption" },
894 { 65009, "XAUTHInitRSARevisedEncryption" },
895 { 65010, "XAUTHRespRSARevisedEncryption" },
899 static const value_string transform_dh_group_type[] = {
900 { 0, "UNDEFINED - 0" },
901 { 1, "Default 768-bit MODP group" },
902 { 2, "Alternate 1024-bit MODP group" },
903 { 3, "EC2N group on GP[2^155] group" },
904 { 4, "EC2N group on GP[2^185] group" },
905 { 5, "1536 bit MODP group" },
906 { 6, "EC2N group over GF[2^163]" },
907 { 7, "EC2N group over GF[2^163]" },
908 { 8, "EC2N group over GF[2^283]" },
909 { 9, "EC2N group over GF[2^283]" },
910 { 10, "EC2N group over GF[2^409]" },
911 { 11, "EC2N group over GF[2^409]" },
912 { 12, "EC2N group over GF[2^571]" },
913 { 13, "EC2N group over GF[2^571]" },
914 { 14, "2048 bit MODP group" },
915 { 15, "3072 bit MODP group" },
916 { 16, "4096 bit MODP group" },
917 { 17, "6144 bit MODP group" },
918 { 18, "8192 bit MODP group" },
919 { 19, "256-bit random ECP group" },
920 { 20, "384-bit random ECP group" },
921 { 21, "521-bit random ECP group" },
922 { 22, "1024-bit MODP Group with 160-bit Prime Order Subgroup" },
923 { 23, "2048-bit MODP Group with 224-bit Prime Order Subgroup" },
924 { 24, "2048-bit MODP Group with 256-bit Prime Order Subgroup" },
925 { 25, "192-bit Random ECP Group" },
926 { 26, "224-bit Random ECP Group" },
930 static const value_string transform_attr_grp_type[] = {
931 { 0, "UNDEFINED - 0" },
938 #define TF_IKE2_ENCR 1
939 #define TF_IKE2_PRF 2
940 #define TF_IKE2_INTEG 3
942 #define TF_IKE2_ESN 5
943 static const range_string transform_ike2_type[] = {
945 { TF_IKE2_ENCR,TF_IKE2_ENCR, "Encryption Algorithm (ENCR)" },
946 { TF_IKE2_PRF,TF_IKE2_PRF, "Pseudo-random Function (PRF)"},
947 { TF_IKE2_INTEG,TF_IKE2_INTEG,"Integrity Algorithm (INTEG)"},
948 { TF_IKE2_DH,TF_IKE2_DH, "Diffie-Hellman Group (D-H)"},
949 { TF_IKE2_ESN,TF_IKE2_ESN, "Extended Sequence Numbers (ESN)"},
950 { 6,240, "Reserved to IANA"},
951 { 241,255, "Private Use"},
954 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
955 static const value_string transform_ike2_encr_type[] = {
957 { 1, "ENCR_DES_IV64" },
963 { 7, "ENCR_BLOWFISH" },
965 { 9, "ENCR_DES_IV32" },
968 { 12, "ENCR_AES_CBC" },
969 { 13, "ENCR_AES_CTR" }, /* [RFC3686] */
970 { 14, "ENCR_AES-CCM_8" }, /* [RFC4309] */
971 { 15, "ENCR-AES-CCM_12" }, /* [RFC4309] */
972 { 16, "ENCR-AES-CCM_16" }, /* [RFC4309] */
973 { 17, "UNASSIGNED" },
974 { 18, "AES-GCM with a 8 octet ICV" }, /* [RFC4106] */
975 { 19, "AES-GCM with a 12 octet ICV" }, /* [RFC4106] */
976 { 20, "AES-GCM with a 16 octet ICV" }, /* [RFC4106] */
977 { 21, "ENCR_NULL_AUTH_AES_GMAC" }, /* [RFC4543] */
978 { 22, "Reserved for IEEE P1619 XTS-AES" }, /* [Ball] */
979 { 23, "ENCR_CAMELLIA_CBC" }, /* [RFC5529] */
980 { 24, "ENCR_CAMELLIA_CTR" }, /* [RFC5529] */
981 { 25, "ENCR_CAMELLIA_CCM with an 8-octet ICV" }, /* [RFC5529] */
982 { 26, "ENCR_CAMELLIA_CCM with a 12-octet ICV" }, /* [RFC5529] */
983 { 27, "ENCR_CAMELLIA_CCM with a 16-octet ICV" }, /* [RFC5529] */
985 * 28-1023 RESERVED TO IANA [RFC4306]
986 * 1024-65535 PRIVATE USE [RFC4306]
991 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
992 static const value_string transform_ike2_prf_type[] = {
994 { 1, "PRF_HMAC_MD5" },
995 { 2, "PRF_HMAC_SHA1" },
996 { 3, "PRF_HMAC_TIGER" },
997 { 4, "PRF_AES128_CBC" },
998 { 5, "PRF_HMAC_SHA2_256" }, /* [RFC4868] */
999 { 6, "PRF_HMAC_SHA2_384" }, /* [RFC4868] */
1000 { 7, "PRF_HMAC_SHA2_512" }, /* [RFC4868] */
1001 { 8, "PRF_AES128_CMAC6" }, /* [RFC4615] */
1003 9-1023 RESERVED TO IANA [RFC4306]
1004 1024-65535 PRIVATE USE [RFC4306]
1009 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
1010 static const value_string transform_ike2_integ_type[] = {
1012 { 1, "AUTH_HMAC_MD5_96" },
1013 { 2, "AUTH_HMAC_SHA1_96" },
1014 { 3, "AUTH_DES_MAC" },
1015 { 4, "AUTH_KPDK_MD5" },
1016 { 5, "AUTH_AES_XCBC_96" },
1017 { 6, "AUTH_HMAC_MD5_128" }, /* [RFC4595] */
1018 { 7, "AUTH_HMAC_SHA1_160" }, /* [RFC4595] */
1019 { 8, "AUTH_AES_CMAC_96" }, /* [RFC4494] */
1020 { 9, "AUTH_AES_128_GMAC" }, /* [RFC4543] */
1021 { 10, "AUTH_AES_192_GMAC" }, /* [RFC4543] */
1022 { 11, "AUTH_AES_256_GMAC" }, /* [RFC4543] */
1023 { 12, "AUTH_HMAC_SHA2_256_128" }, /* [RFC4868] */
1024 { 13, "AUTH_HMAC_SHA2_384_192" }, /* [RFC4868] */
1025 { 14, "AUTH_HMAC_SHA2_512_256" }, /* [RFC4868] */
1027 15-1023 RESERVED TO IANA [RFC4306]
1028 1024-65535 PRIVATE USE [RFC4306]
1032 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
1033 static const value_string transform_ike2_esn_type[] = {
1034 { 0, "No Extended Sequence Numbers" },
1035 { 1, "Extended Sequence Numbers" },
1038 /* Transform IKE2 Type */
1039 #define IKE2_ATTR_KEY_LENGTH 14
1041 static const value_string transform_ike2_attr_type[] = {
1042 { IKE2_ATTR_KEY_LENGTH, "Key-Length" },
1046 static const range_string cert_v1_type[] = {
1048 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1049 { 2,2, "PGP Certificate" },
1050 { 3,3, "DNS Signed Key" },
1051 { 4,4, "X.509 Certificate - Signature" },
1052 { 5,5, "X.509 Certificate - Key Exchange" },
1053 { 6,6, "Kerberos Tokens" },
1054 { 7,7, "Certificate Revocation List (CRL)" },
1055 { 8,8, "Authority Revocation List (ARL)" },
1056 { 9,9, "SPKI Certificate" },
1057 { 10,10, "X.509 Certificate - Attribute" },
1058 { 11,255, "RESERVED" },
1062 static const range_string cert_v2_type[] = {
1063 { 0,0, "RESERVED" },
1064 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1065 { 2,2, "PGP Certificate" },
1066 { 3,3, "DNS Signed Key" },
1067 { 4,4, "X.509 Certificate - Signature" },
1068 { 5,5, "*undefined by any document*" },
1069 { 6,6, "Kerberos Tokens" },
1070 { 7,7, "Certificate Revocation List (CRL)" },
1071 { 8,8, "Authority Revocation List (ARL)" },
1072 { 9,9, "SPKI Certificate" },
1073 { 10,10, "X.509 Certificate - Attribute" },
1074 { 11,11, "Raw RSA Key" },
1075 { 12,12, "Hash and URL of X.509 certificate" },
1076 { 13,13, "Hash and URL of X.509 bundle" },
1077 { 14,14, "OCSP Content" }, /* [RFC4806] */
1078 { 15,200, "RESERVED to IANA" },
1079 { 201,255, "PRIVATE USE" },
1083 static const range_string authmeth_v2_type[] = {
1084 { 0,0, "RESERVED TO IANA" },
1085 { 1,1, "RSA Digital Signature" },
1086 { 2,2, "Shared Key Message Integrity Code" },
1087 { 3,3, "DSS Digital Signature" },
1088 { 4,8, "RESERVED TO IANA" },
1089 { 9,9, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1090 { 10,10, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1091 { 11,11, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1092 { 12,200, "RESERVED TO IANA" },
1093 { 201,255, "PRIVATE USE" },
1097 static const range_string notifmsg_v1_type[] = {
1098 { 0,0, "<UNKNOWN>" },
1099 { 1,1, "INVALID-PAYLOAD-TYPE" },
1100 { 2,2, "DOI-NOT-SUPPORTED" },
1101 { 3,3, "SITUATION-NOT-SUPPORTED" },
1102 { 4,4, "INVALID-COOKIE" },
1103 { 5,5, "INVALID-MAJOR-VERSION" },
1104 { 6,6, "INVALID-MINOR-VERSION" },
1105 { 7,7, "INVALID-EXCHANGE-TYPE" },
1106 { 8,8, "INVALID-FLAGS" },
1107 { 9,9, "INVALID-MESSAGE-ID" },
1108 { 10,10, "INVALID-PROTOCOL-ID" },
1109 { 11,11, "INVALID-SPI" },
1110 { 12,12, "INVALID-TRANSFORM-ID" },
1111 { 13,13, "ATTRIBUTES-NOT-SUPPORTED" },
1112 { 14,14, "NO-PROPOSAL-CHOSEN" },
1113 { 15,15, "BAD-PROPOSAL-SYNTAX" },
1114 { 16,16, "PAYLOAD-MALFORMED" },
1115 { 17,17, "INVALID-KEY-INFORMATION" },
1116 { 18,18, "INVALID-ID-INFORMATION" },
1117 { 19,19, "INVALID-CERT-ENCODING" },
1118 { 20,20, "INVALID-CERTIFICATE" },
1119 { 21,21, "CERT-TYPE-UNSUPPORTED" },
1120 { 22,22, "INVALID-CERT-AUTHORITY" },
1121 { 23,23, "INVALID-HASH-INFORMATION" },
1122 { 24,24, "AUTHENTICATION-FAILED" },
1123 { 25,25, "INVALID-SIGNATURE" },
1124 { 26,26, "ADDRESS-NOTIFICATION" },
1125 { 27,27, "NOTIFY-SA-LIFETIME" },
1126 { 28,28, "CERTIFICATE-UNAVAILABLE" },
1127 { 29,29, "UNSUPPORTED-EXCHANGE-TYPE" },
1128 { 30,30, "UNEQUAL-PAYLOAD-LENGTHS" },
1129 { 31,8191, "RESERVED (Future Use)" },
1130 { 8192,16383, "Private Use" },
1131 { 16384,16384,"CONNECTED" },
1132 { 16385,24575,"RESERVED (Future Use)" },
1133 { 24576,24576,"RESPONDER-LIFETIME" },
1134 { 24577,24577,"REPLAY-STATUS" },
1135 { 24578,24578,"INITIAL-CONTACT" },
1136 { 24579,32767,"DOI-specific codes" },
1137 { 32768,36135,"Private Use" },
1138 { 36136,36136,"R-U-THERE" },
1139 { 36137,36137,"R-U-THERE-ACK" },
1140 { 36138,40500,"Private Use" },
1141 { 40501,40501,"UNITY-LOAD-BALANCE" },
1142 { 40502,40502,"UNITY-UNKNOWN" },
1143 { 40503,40503,"UNITY-GROUP-HASH" },
1144 { 40503,40959,"Private Use" },
1145 { 40960,65535,"RESERVED (Future Use)" },
1149 static const range_string notifmsg_v2_type[] = {
1150 { 0,0, "RESERVED" },
1151 { 1,1, "UNSUPPORTED_CRITICAL_PAYLOAD" },
1152 { 2,3, "RESERVED" },
1153 { 4,4, "INVALID_IKE_SPI" },
1154 { 5,5, "INVALID_MAJOR_VERSION" },
1155 { 6,6, "RESERVED" },
1156 { 7,7, "INVALID_SYNTAX" },
1157 { 8,8, "RESERVED" },
1158 { 9,9, "INVALID_MESSAGE_ID" },
1159 { 10,10, "RESERVED" },
1160 { 11,11, "INVALID_SPI" },
1161 { 12,13, "RESERVED" },
1162 { 14,14, "NO_PROPOSAL_CHOSEN" },
1163 { 15,16, "RESERVED" },
1164 { 17,17, "INVALID_KE_PAYLOAD" },
1165 { 15,16, "RESERVED" },
1166 { 24,24, "AUTHENTICATION_FAILED" },
1167 { 25,33, "RESERVED" },
1168 { 34,34, "SINGLE_PAIR_REQUIRED" },
1169 { 35,35, "NO_ADDITIONAL_SAS" },
1170 { 36,36, "INTERNAL_ADDRESS_FAILURE" },
1171 { 37,37, "FAILED_CP_REQUIRED" },
1172 { 38,38, "TS_UNACCEPTABLE" },
1173 { 39,39, "INVALID_SELECTORS" },
1174 { 40,40, "UNACCEPTABLE_ADDRESSES" }, /* RFC4555 */
1175 { 41,41, "UNEXPECTED_NAT_DETECTED" }, /* RFC4555 */
1176 { 42,42, "USE_ASSIGNED_HoA" }, /* RFC5026 */
1177 { 43,43, "TEMPORARY_FAILURE" }, /* RFC5996 */
1178 { 44,44, "CHILD_SA_NOT_FOUND" }, /* RFC5996 */
1179 { 45,8191, "RESERVED TO IANA - Error types" },
1180 { 8192,16383, "Private Use - Errors" },
1181 { 16384,16384, "INITIAL_CONTACT" },
1182 { 16385,16385, "SET_WINDOW_SIZE" },
1183 { 16386,16386, "ADDITIONAL_TS_POSSIBLE" },
1184 { 16387,16387, "IPCOMP_SUPPORTED" },
1185 { 16388,16388, "NAT_DETECTION_SOURCE_IP" },
1186 { 16389,16389, "NAT_DETECTION_DESTINATION_IP" },
1187 { 16390,16390, "COOKIE" },
1188 { 16391,16391, "USE_TRANSPORT_MODE" },
1189 { 16392,16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
1190 { 16393,16393, "REKEY_SA" },
1191 { 16394,16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
1192 { 16395,16395, "NON_FIRST_FRAGMENTS_ALSO" },
1193 { 16396,16396, "MOBIKE_SUPPORTED" }, /* RFC4555 */
1194 { 16397,16397, "ADDITIONAL_IP4_ADDRESS" }, /* RFC4555 */
1195 { 16398,16398, "ADDITIONAL_IP6_ADDRESS" }, /* RFC4555 */
1196 { 16399,16399, "NO_ADDITIONAL_ADDRESSES" }, /* RFC4555 */
1197 { 16400,16400, "UPDATE_SA_ADDRESSES" }, /* RFC4555 */
1198 { 16401,16401, "COOKIE2" }, /* RFC4555 */
1199 { 16402,16402, "NO_NATS_ALLOWED" }, /* RFC4555 */
1200 { 16403,16403, "AUTH_LIFETIME" }, /* RFC4478 */
1201 { 16404,16404, "MULTIPLE_AUTH_SUPPORTED" }, /* RFC4739 */
1202 { 16405,16405, "ANOTHER_AUTH_FOLLOWS" }, /* RFC4739 */
1203 { 16406,16406, "REDIRECT_SUPPORTED" }, /* RFC5685 */
1204 { 16407,16407, "REDIRECT" }, /* RFC5685 */
1205 { 16408,16408, "REDIRECTED_FROM" }, /* RFC5685 */
1206 { 16409,16409, "TICKET_LT_OPAQUE" }, /* RFC5723 */
1207 { 16410,16410, "TICKET_REQUEST" }, /* RFC5723 */
1208 { 16411,16411, "TICKET_ACK" }, /* RFC5723 */
1209 { 16412,16412, "TICKET_NACK" }, /* RFC5723 */
1210 { 16413,16413, "TICKET_OPAQUE" }, /* RFC5723 */
1211 { 16414,16414, "LINK_ID" }, /* RFC5739 */
1212 { 16415,16415, "USE_WESP_MODE" }, /* RFC5840 */
1213 { 16416,16416, "ROHC_SUPPORTED" }, /* RFC5857 */
1214 { 16417,16417, "EAP_ONLY_AUTHENTICATION" }, /* RFC5998 */
1215 { 16418,16418, "CHILDLESS_IKEV2_SUPPORTED" }, /* RFC6023 */
1216 { 16419,40959, "RESERVED TO IANA - STATUS TYPES" },
1217 { 40960,65535, "Private Use - STATUS TYPES" },
1221 static const range_string vs_v1_cfgtype[] = {
1222 { 0,0, "Reserved" },
1223 { 1,1, "ISAKMP_CFG_REQUEST" },
1224 { 2,2, "ISAKMP_CFG_REPLY" },
1225 { 3,3, "ISAKMP_CFG_SET" },
1226 { 4,4, "ISAKMP_CFG_ACK" },
1227 { 5,127, "Future use" },
1228 { 128,256, "Private Use" },
1233 static const range_string vs_v2_cfgtype[] = {
1234 { 0,0, "RESERVED" },
1235 { 1,1, "CFG_REQUEST" },
1236 { 2,2, "CFG_REPLY" },
1239 { 5,127, "Future use" },
1240 { 128,256, "Private Use" },
1244 static const range_string vs_v1_cfgattr[] = {
1245 { 0,0, "RESERVED" },
1246 { 1,1, "INTERNAL_IP4_ADDRESS" },
1247 { 2,2, "INTERNAL_IP4_NETMASK" },
1248 { 3,3, "INTERNAL_IP4_DNS" },
1249 { 4,4, "INTERNAL_IP4_NBNS" },
1250 { 5,5, "INTERNAL_ADDRESS_EXPIREY" },
1251 { 6,6, "INTERNAL_IP4_DHCP" },
1252 { 7,7, "APPLICATION_VERSION" },
1253 { 8,8, "INTERNAL_IP6_ADDRESS" },
1254 { 9,9, "INTERNAL_IP6_NETMASK" },
1255 { 10,10, "INTERNAL_IP6_DNS" },
1256 { 11,11, "INTERNAL_IP6_NBNS" },
1257 { 12,12, "INTERNAL_IP6_DHCP" },
1258 { 13,13, "INTERNAL_IP4_SUBNET" },
1259 { 14,14, "SUPPORTED_ATTRIBUTES" },
1260 { 15,16383, "FUTURE USE"},
1261 { 16384,16386, "PRIVATE USE"},
1262 { 16387,16387, "CHKPT_DEF_DOMAIN" },
1263 { 16388,16388, "CHKPT_MAC_ADDRESS" },
1264 { 16389,16389, "CHKPT_MARCIPAN_REASON_CODE" },
1265 { 16400,16400, "CHKPT_UNKNOWN1" },
1266 { 16401,16401, "CHKPT_UNKNOWN2" },
1267 { 16402,16402, "CHKPT_UNKNOWN3" },
1268 { 16403,16519, "PRIVATE USE"},
1269 { 16520,16520, "XAUTH_TYPE" },
1270 { 16521,16521, "XAUTH_USER_NAME" },
1271 { 16522,16522, "XAUTH_USER_PASSWORD" },
1272 { 16523,16523, "XAUTH_PASSCODE" },
1273 { 16524,16524, "XAUTH_MESSAGE" },
1274 { 16525,16525, "XAUTH_CHALLANGE" },
1275 { 16526,16526, "XAUTH_DOMAIN" },
1276 { 16527,16527, "XAUTH_STATUS" },
1277 { 16528,16528, "XAUTH_NEXT_PIN" },
1278 { 16529,16529, "XAUTH_ANSWER" },
1279 { 16530,28671, "PRIVATE USE"},
1280 { 28672,28672, "UNITY_BANNER" },
1281 { 28673,28673, "UNITY_SAVE_PASSWD" },
1282 { 28674,28674, "UNITY_DEF_DOMAIN" },
1283 { 28675,28675, "UNITY_SPLIT_DOMAIN" },
1284 { 28676,28676, "UNITY_SPLIT_INCLUDE" },
1285 { 28677,28677, "UNITY_NATT_PORT" },
1286 { 28678,28678, "UNITY_SPLIT_EXCLUDE" },
1287 { 28679,28679, "UNITY_PFS" },
1288 { 28680,28680, "UNITY_FW_TYPE" },
1289 { 28681,28681, "UNITY_BACKUP_SERVERS" },
1290 { 28682,28682, "UNITY_DDNS_HOSTNAME" },
1291 { 28683,32767, "PRIVATE USE"},
1295 static const range_string vs_v2_cfgattr[] = {
1296 { 0,0, "RESERVED" },
1297 { 1,1, "INTERNAL_IP4_ADDRESS" },
1298 { 2,2, "INTERNAL_IP4_NETMASK" },
1299 { 3,3, "INTERNAL_IP4_DNS" },
1300 { 4,4, "INTERNAL_IP4_NBNS" },
1301 { 5,5, "INTERNAL_ADDRESS_EXPIREY" }, /* OBSO */
1302 { 6,6, "INTERNAL_IP4_DHCP" },
1303 { 7,7, "APPLICATION_VERSION" },
1304 { 8,8, "INTERNAL_IP6_ADDRESS" },
1305 { 9,9, "RESERVED" },
1306 { 10,10, "INTERNAL_IP6_DNS" },
1307 { 11,11, "INTERNAL_IP6_NBNS" }, /* OBSO */
1308 { 12,12, "INTERNAL_IP6_DHCP" },
1309 { 13,13, "INTERNAL_IP4_SUBNET" },
1310 { 14,14, "SUPPORTED_ATTRIBUTES" },
1311 { 15,15, "INTERNAL_IP6_SUBNET" },
1312 { 16,16, "MIP6_HOME_PREFIX" },
1313 { 17,17, "INTERNAL_IP6_LINK" },
1314 { 18,18, "INTERNAL_IP6_PREFIX" },
1315 { 19,19, "HOME_AGENT_ADDRESS" }, /* 3GPP TS 24.302 http://www.3gpp.org/ftp/Specs/html-info/24302.htm */
1316 { 20,16383, "RESERVED TO IANA"},
1317 { 16384,32767, "PRIVATE USE"},
1321 static const range_string cfgattr_xauth_type[] = {
1323 { 1,1, "RADIUS-CHAP" },
1326 { 4,32767, "Future use" },
1327 { 32768,65535, "Private use" },
1332 static const value_string cfgattr_xauth_status[] = {
1338 static const value_string cp_product[] = {
1339 { 1, "Firewall-1" },
1340 { 2, "SecuRemote/SecureClient" },
1344 static const value_string cp_version[] = {
1347 { 3, "4.1 (SP-2 or above)" },
1348 { 4002,"4.1 (SP-2 or above)" },
1350 { 5001,"NG Feature Pack 1" },
1351 { 5002,"NG Feature Pack 2" },
1352 { 5003,"NG Feature Pack 3" },
1353 { 5004,"NG with Application Intelligence" },
1354 { 5005,"NG with Application Intelligence R55" },
1355 { 5006,"NG with Application Intelligence R56" },
1358 static const range_string traffic_selector_type[] = {
1359 { 0,6, "Reserved" },
1360 { 7,7, "TS_IPV4_ADDR_RANGE" },
1361 { 8,8, "TS_IPV6_ADDR_RANGE" },
1362 { 9,9, "TS_FC_ADDR_RANGE" },
1363 { 10,240, "Future use" },
1364 { 241,255, "Private use" },
1367 static const value_string ms_nt5_isakmpoakley_type[] = {
1368 { 2, "Windows 2000" },
1369 { 3, "Windows XP SP1" },
1370 { 4, "Windows 2003 and Windows XP SP2" },
1371 { 5, "Windows Vista" },
1374 static const range_string vs_v1_id_type[] = {
1375 { 0,0, "RESERVED" },
1376 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1377 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1378 { IKE_ID_USER_FQDN,IKE_ID_USER_FQDN, "USER_FQDN" },
1379 { IKE_ID_IPV4_ADDR_SUBNET,IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
1380 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1381 { IKE_ID_IPV6_ADDR_SUBNET,IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
1382 { IKE_ID_IPV4_ADDR_RANGE,IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
1383 { IKE_ID_IPV6_ADDR_RANGE,IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
1384 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1385 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1386 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1387 { IKE_ID_LIST,IKE_ID_LIST, "KEY_LIST" },
1388 { 13,248, "Future use" },
1389 { 249,255, "Private Use" },
1392 static const range_string vs_v2_id_type[] = {
1393 { 0,0, "RESERVED" },
1394 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1395 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1396 { IKE_ID_RFC822_ADDR,IKE_ID_RFC822_ADDR, "ID_RFC822_ADDR" },
1397 { 4,4, "Unassigned" },
1398 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1399 { 6,8, "Unassigned" },
1400 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1401 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1402 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1403 { IKE_ID_FC_NAME,IKE_ID_FC_NAME, "KEY_LIST" },
1404 { 13,200, "Future use" },
1405 { 201,255, "Private Use" },
1408 #define COOKIE_SIZE 8
1410 typedef struct isakmp_hdr {
1411 guint8 next_payload;
1425 static const true_false_string criticalpayload = {
1429 static const true_false_string attribute_format = {
1431 "Type/Length/Value (TLV)"
1433 static const true_false_string flag_e = {
1437 static const true_false_string flag_c = {
1441 static const true_false_string flag_a = {
1445 static const true_false_string flag_i = {
1449 static const true_false_string flag_v = {
1450 "A higher version enabled",
1453 static const true_false_string flag_r = {
1458 /* ROHC Attribute Type RFC5857 */
1460 #define ROHC_MAX_CID 1
1461 #define ROHC_PROFILE 2
1462 #define ROHC_INTEG 3
1463 #define ROHC_ICV_LEN 4
1466 static const value_string rohc_attr_type[] = {
1467 { ROHC_MAX_CID, "Maximum Context Identifier (MAX_CID)" },
1468 { ROHC_PROFILE, "ROHC Profile (ROHC_PROFILE)" },
1469 { ROHC_INTEG, "ROHC Integrity Algorithm (ROHC_INTEG)" },
1470 { ROHC_ICV_LEN, "ROHC ICV Length in bytes (ROHC_ICV_LEN)" },
1471 { ROHC_MRRU, "Maximum Reconstructed Reception Unit (MRRU)" },
1475 #define ISAKMP_HDR_SIZE (sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
1478 #ifdef HAVE_LIBGCRYPT
1480 #define MAX_KEY_SIZE 256
1481 #define MAX_DIGEST_SIZE 64
1482 #define MAX_OAKLEY_KEY_LEN 32
1484 typedef struct decrypt_key {
1485 guchar secret[MAX_KEY_SIZE];
1489 typedef struct iv_data {
1490 guchar iv[MAX_DIGEST_SIZE];
1495 typedef struct decrypt_data {
1505 guchar secret[MAX_KEY_SIZE];
1508 gchar last_cbc[MAX_DIGEST_SIZE];
1510 gchar last_p1_cbc[MAX_DIGEST_SIZE];
1511 guint last_p1_cbc_len;
1512 guint32 last_message_id;
1515 static GHashTable *isakmp_hash = NULL;
1516 #if GLIB_CHECK_VERSION(2,10,0)
1518 static GMemChunk *isakmp_key_data = NULL;
1519 static GMemChunk *isakmp_decrypt_data = NULL;
1521 static FILE *log_f = NULL;
1522 static const char *pluto_log_path = "insert pluto log path here";
1524 /* Specifications of encryption algorithms for IKEv2 decryption */
1525 typedef struct _ikev2_encr_alg_spec {
1527 /* Length of encryption key */
1529 /* Block size of the cipher */
1531 /* Length of initialization vector */
1533 /* Encryption algorithm ID to be passed to gcry_cipher_open() */
1535 /* Cipher mode to be passed to gcry_cipher_open() */
1537 } ikev2_encr_alg_spec_t;
1539 #define IKEV2_ENCR_NULL 1
1540 #define IKEV2_ENCR_3DES 2
1541 #define IKEV2_ENCR_AES_CBC_128 3
1542 #define IKEV2_ENCR_AES_CBC_192 4
1543 #define IKEV2_ENCR_AES_CBC_256 5
1545 static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
1546 {IKEV2_ENCR_NULL, 0, 1, 0, GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE},
1547 {IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC},
1548 {IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC},
1549 {IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC},
1550 {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC},
1555 * Specifications of authentication algorithms for
1556 * decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
1558 typedef struct _ikev2_auth_alg_spec {
1560 /* Output length of the hash algorithm */
1562 /* Length of the hash key */
1564 /* Actual ICD length after truncation */
1566 /* Hash algorithm ID to be passed to gcry_md_open() */
1568 /* Flags to be passed to gcry_md_open() */
1570 } ikev2_auth_alg_spec_t;
1572 #define IKEV2_AUTH_NONE 1
1573 #define IKEV2_AUTH_HMAC_MD5_96 2
1574 #define IKEV2_AUTH_HMAC_SHA1_96 3
1575 #define IKEV2_AUTH_ANY_96BITS 4
1576 #define IKEV2_AUTH_ANY_128BITS 5
1577 #define IKEV2_AUTH_ANY_160BITS 6
1578 #define IKEV2_AUTH_ANY_192BITS 7
1579 #define IKEV2_AUTH_ANY_256BITS 8
1581 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
1582 {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
1583 {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
1584 {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
1585 {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
1586 {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
1587 {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
1588 {IKEV2_AUTH_ANY_192BITS, 0, 0, 24, 0, 0},
1589 {IKEV2_AUTH_ANY_256BITS, 0, 0, 32, 0, 0},
1593 typedef struct _ikev2_decrypt_data {
1596 ikev2_encr_alg_spec_t *encr_spec;
1597 ikev2_auth_alg_spec_t *auth_spec;
1598 } ikev2_decrypt_data_t;
1600 typedef struct _ikev2_uat_data_key {
1605 } ikev2_uat_data_key_t;
1607 typedef struct _ikev2_uat_data {
1608 ikev2_uat_data_key_t key;
1619 ikev2_encr_alg_spec_t *encr_spec;
1620 ikev2_auth_alg_spec_t *auth_spec;
1623 static ikev2_uat_data_t* ikev2_uat_data = NULL;
1624 static guint num_ikev2_uat_data = 0;
1625 static uat_t* ikev2_uat;
1627 static GHashTable *ikev2_key_hash = NULL;
1629 #define IKEV2_ENCR_3DES_STR "3DES [RFC2451]"
1630 static const value_string vs_ikev2_encr_algs[] = {
1631 {IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR},
1632 {IKEV2_ENCR_AES_CBC_128, "AES-CBC-128 [RFC3602]"},
1633 {IKEV2_ENCR_AES_CBC_192, "AES-CBC-192 [RFC3602]"},
1634 {IKEV2_ENCR_AES_CBC_256, "AES-CBC-256 [RFC3602]"},
1635 {IKEV2_ENCR_NULL, "NULL [RFC2410]"},
1639 #define IKEV2_AUTH_HMAC_SHA1_96_STR "HMAC_SHA1_96 [RFC2404]"
1640 static const value_string vs_ikev2_auth_algs[] = {
1641 {IKEV2_AUTH_HMAC_MD5_96, "HMAC_MD5_96 [RFC2403]"},
1642 {IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR},
1643 {IKEV2_AUTH_NONE, "NONE [RFC4306]"},
1644 {IKEV2_AUTH_ANY_96BITS, "ANY 96-bits of Authentication [No Checking]"},
1645 {IKEV2_AUTH_ANY_128BITS, "ANY 128-bits of Authentication [No Checking]"},
1646 {IKEV2_AUTH_ANY_160BITS, "ANY 160-bits of Authentication [No Checking]"},
1647 {IKEV2_AUTH_ANY_192BITS, "ANY 192-bits of Authentication [No Checking]"},
1648 {IKEV2_AUTH_ANY_256BITS, "ANY 256-bits of Authentication [No Checking]"},
1652 static ikev2_encr_alg_spec_t* ikev2_decrypt_find_encr_spec(guint num) {
1653 ikev2_encr_alg_spec_t *e;
1655 for (e = ikev2_encr_algs; e->number != 0; e++) {
1656 if (e->number == num) {
1663 static ikev2_auth_alg_spec_t* ikev2_decrypt_find_auth_spec(guint num) {
1664 ikev2_auth_alg_spec_t *a;
1666 for (a = ikev2_auth_algs; a->number != 0; a++) {
1667 if (a->number == num) {
1675 scan_pluto_log(void) {
1676 #define MAX_PLUTO_LINE 500
1677 decrypt_data_t *decr;
1678 gchar line[MAX_PLUTO_LINE];
1679 guint8 i_cookie[COOKIE_SIZE], *ic_key;
1680 gboolean got_cookie = FALSE;
1681 guchar secret[MAX_KEY_SIZE];
1682 guint secret_len = 0;
1683 static const gchar icookie_pfx[] = "| ICOOKIE: ";
1684 static const gchar enc_key_pfx[] = "| enc key: ";
1685 gchar *pos, *endpos;
1688 unsigned long hexval;
1690 SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
1693 while (fgets(line, MAX_PLUTO_LINE, log_f)) {
1694 if (strncmp(line, icookie_pfx, sizeof icookie_pfx - 1) == 0) {
1696 pos = line + sizeof icookie_pfx - 1;
1697 for (i = 0; i < COOKIE_SIZE; i++) {
1698 hexval = strtoul(pos, &endpos, 16);
1701 i_cookie[i] = (guint8) hexval;
1704 if (i == COOKIE_SIZE)
1706 } else if (strncmp(line, enc_key_pfx, sizeof enc_key_pfx - 1) == 0) {
1707 pos = line + sizeof enc_key_pfx - 1;
1708 for (; secret_len < MAX_KEY_SIZE; secret_len++) {
1709 hexval = strtoul(pos, &endpos, 16);
1712 secret[secret_len] = (guint8) hexval;
1715 } else if (got_cookie && secret_len > 1) {
1716 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
1719 #if GLIB_CHECK_VERSION(2,10,0)
1720 ic_key = g_slice_alloc(COOKIE_SIZE);
1721 decr = g_slice_alloc(sizeof(decrypt_data_t));
1723 ic_key = g_mem_chunk_alloc(isakmp_key_data);
1724 decr = g_mem_chunk_alloc(isakmp_decrypt_data);
1726 memcpy(ic_key, i_cookie, COOKIE_SIZE);
1727 memset(decr, 0, sizeof(decrypt_data_t));
1729 g_hash_table_insert(isakmp_hash, ic_key, decr);
1732 memcpy(decr->secret, secret, secret_len);
1733 decr->secret_len = secret_len;
1741 decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_len, isakmp_hdr_t *hdr) {
1742 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
1743 guint8 *decrypted_data = NULL;
1744 gint gcry_md_algo, gcry_cipher_algo;
1745 gcry_md_hd_t md_ctx;
1746 gcry_cipher_hd_t decr_ctx;
1748 iv_data_t *ivd = NULL;
1750 guchar iv[MAX_DIGEST_SIZE];
1752 guint32 message_id, cbc_block_size, digest_size;
1755 decr->is_psk == FALSE ||
1756 decr->gi_len == 0 ||
1760 switch(decr->encr_alg) {
1762 gcry_cipher_algo = GCRY_CIPHER_3DES;
1765 gcry_cipher_algo = GCRY_CIPHER_DES;
1771 if (decr->secret_len < gcry_cipher_get_algo_keylen(gcry_cipher_algo))
1773 cbc_block_size = (guint32) gcry_cipher_get_algo_blklen(gcry_cipher_algo);
1774 if (cbc_block_size > MAX_DIGEST_SIZE) {
1775 /* This shouldn't happen but we pass cbc_block_size to memcpy size below. */
1779 switch(decr->hash_alg) {
1781 gcry_md_algo = GCRY_MD_MD5;
1784 gcry_md_algo = GCRY_MD_SHA1;
1790 digest_size = gcry_md_get_algo_dlen(gcry_md_algo);
1792 for (ivl = g_list_first(decr->iv_list); ivl != NULL; ivl = g_list_next(ivl)) {
1793 ivd = (iv_data_t *) ivl->data;
1794 if (ivd->frame_num == pinfo->fd->num) {
1795 iv_len = ivd->iv_len;
1796 memcpy(iv, ivd->iv, iv_len);
1801 * Set our initialization vector as follows:
1802 * - If the IV list is empty, assume we have the first packet in a phase 1
1803 * exchange. The IV is built from DH values.
1804 * - If our message ID changes, assume we're entering a new mode. The IV
1805 * is built from the message ID and the last phase 1 CBC.
1806 * - Otherwise, use the last CBC.
1809 if (gcry_md_open(&md_ctx, gcry_md_algo, 0) != GPG_ERR_NO_ERROR)
1811 if (decr->iv_list == NULL) {
1813 ivd = g_malloc(sizeof(iv_data_t));
1814 ivd->frame_num = pinfo->fd->num;
1815 ivd->iv_len = digest_size;
1816 decr->last_message_id = hdr->message_id;
1817 gcry_md_reset(md_ctx);
1818 gcry_md_write(md_ctx, decr->gi, decr->gi_len);
1819 gcry_md_write(md_ctx, decr->gr, decr->gr_len);
1820 gcry_md_final(md_ctx);
1821 memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size);
1822 decr->iv_list = g_list_append(decr->iv_list, ivd);
1823 iv_len = ivd->iv_len;
1824 memcpy(iv, ivd->iv, iv_len);
1825 } else if (decr->last_cbc_len >= cbc_block_size) {
1826 ivd = g_malloc(sizeof(iv_data_t));
1827 ivd->frame_num = pinfo->fd->num;
1828 if (hdr->message_id != decr->last_message_id) {
1829 if (decr->last_p1_cbc_len == 0) {
1830 memcpy(decr->last_p1_cbc, decr->last_cbc, cbc_block_size);
1831 decr->last_p1_cbc_len = cbc_block_size;
1833 ivd->iv_len = digest_size;
1834 decr->last_message_id = hdr->message_id;
1835 message_id = g_htonl(decr->last_message_id);
1836 gcry_md_reset(md_ctx);
1837 gcry_md_write(md_ctx, decr->last_p1_cbc, cbc_block_size);
1838 gcry_md_write(md_ctx, &message_id, sizeof(message_id));
1839 memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size);
1841 ivd->iv_len = cbc_block_size;
1842 memcpy(ivd->iv, decr->last_cbc, ivd->iv_len);
1844 decr->iv_list = g_list_append(decr->iv_list, ivd);
1845 iv_len = ivd->iv_len;
1846 memcpy(iv, ivd->iv, iv_len);
1848 gcry_md_close(md_ctx);
1851 if (ivd == NULL) return NULL;
1853 if (gcry_cipher_open(&decr_ctx, gcry_cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR)
1855 if (iv_len > cbc_block_size)
1856 iv_len = cbc_block_size; /* gcry warns otherwise */
1857 if (gcry_cipher_setiv(decr_ctx, iv, iv_len))
1859 if (gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len))
1862 decrypted_data = g_malloc(buf_len);
1864 if (gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len) != GPG_ERR_NO_ERROR) {
1865 g_free(decrypted_data);
1868 gcry_cipher_close(decr_ctx);
1870 encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len);
1872 /* Add the decrypted data to the data source list. */
1873 add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
1875 /* Fill in the next IV */
1876 if (tvb_length(tvb) > cbc_block_size) {
1877 decr->last_cbc_len = cbc_block_size;
1878 memcpy(decr->last_cbc, buf + buf_len - cbc_block_size, cbc_block_size);
1880 decr->last_cbc_len = 0;
1886 #endif /* HAVE_LIBGCRYPT */
1888 static proto_tree *dissect_payload_header(tvbuff_t *, int, int, int, guint8,
1889 guint8 *, guint16 *, proto_tree *);
1891 static void dissect_sa(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1892 static void dissect_proposal(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1893 static void dissect_transform(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int);
1894 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1895 static void dissect_id(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1896 static void dissect_cert(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1897 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
1898 static void dissect_auth(tvbuff_t *, int, int, proto_tree *);
1899 static void dissect_hash(tvbuff_t *, int, int, proto_tree *);
1900 static void dissect_sig(tvbuff_t *, int, int, proto_tree *);
1901 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *);
1902 static void dissect_notif(tvbuff_t *, int, int, proto_tree *, int);
1903 static void dissect_delete(tvbuff_t *, int, int, proto_tree *, int);
1904 static void dissect_vid(tvbuff_t *, int, int, proto_tree *);
1905 static void dissect_config(tvbuff_t *, int, int, proto_tree *, int);
1906 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree * );
1907 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *, int );
1908 static void dissect_ts(tvbuff_t *, int, int, proto_tree *);
1909 static void dissect_enc(tvbuff_t *, int, int, proto_tree *, packet_info *, guint8);
1910 static void dissect_eap(tvbuff_t *, int, int, proto_tree *, packet_info *);
1911 static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *, packet_info *);
1915 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[] = { /* Ssh Communications Security IPSEC Express version 1.1.0 */
1916 0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA,
1917 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23
1920 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[] = { /* Ssh Communications Security IPSEC Express version 1.1.1 */
1921 0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46,
1922 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30
1925 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[] = { /* Ssh Communications Security IPSEC Express version 1.1.2 */
1926 0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C,
1927 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5
1930 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[] = { /* Ssh Communications Security IPSEC Express version 1.2.1 */
1931 0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D,
1932 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB
1935 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[] = { /* Ssh Communications Security IPSEC Express version 1.2.2 */
1936 0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58,
1937 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E
1940 static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[] = { /* SSH Communications Security IPSEC Express version 2.0.0 */
1941 0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0,
1942 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84
1945 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[] = { /* SSH Communications Security IPSEC Express version 2.1.0 */
1946 0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E,
1947 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC
1950 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[] = { /* SSH Communications Security IPSEC Express version 2.1.1 */
1951 0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B,
1952 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5
1955 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[] = { /* SSH Communications Security IPSEC Express version 2.1.2 */
1956 0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C,
1957 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20
1960 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_0[] = { /* SSH Communications Security IPSEC Express version 3.0.0 */
1961 0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00,
1962 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB
1965 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_1[] = { /* SSH Communications Security IPSEC Express version 3.0.1 */
1966 0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43,
1967 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F
1970 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_0[] = { /* SSH Communications Security IPSEC Express version 4.0.0 */
1971 0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA,
1972 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0
1975 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_1[] = { /* SSH Communications Security IPSEC Express version 4.0.1 */
1976 0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9,
1977 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C
1980 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_0[] = { /* SSH Communications Security IPSEC Express version 4.1.0 */
1981 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
1982 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14
1985 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_1[] = { /* SSH Communications Security IPSEC Express version 4.1.1 */
1986 0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A,
1987 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F
1990 static const guint8 VID_SSH_IPSEC_EXPRESS_4_2_0[] = { /* SSH Communications Security IPSEC Express version 4.2.0 */
1991 0x68, 0x80, 0xC7, 0xD0, 0x26, 0x09, 0x91, 0x14,
1992 0xE4, 0x86, 0xC5, 0x54, 0x30, 0xE7, 0xAB, 0xEE
1995 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0[] = { /* SSH Communications Security IPSEC Express version 5.0 */
1996 0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57,
1997 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C
2000 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0_0[] = { /* SSH Communications Security IPSEC Express version 5.0.0 */
2001 0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93,
2002 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0
2005 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_0[] = { /* SSH Communications Security IPSEC Express version 5.1.0 */
2006 0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C,
2007 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B
2010 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_1[] = { /* SSH Communications Security IPSEC Express version 5.1.1 */
2011 0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78,
2012 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51
2015 static const guint8 VID_SSH_SENTINEL[] = { /* SSH Sentinel */
2016 0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06,
2017 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82
2020 static const guint8 VID_SSH_SENTINEL_1_1[] = { /* SSH Sentinel 1.1 */
2021 0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5,
2022 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8
2025 static const guint8 VID_SSH_SENTINEL_1_2[] = { /* SSH Sentinel 1.2 */
2026 0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6,
2027 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58
2030 static const guint8 VID_SSH_SENTINEL_1_3[] = { /* SSH Sentinel 1.3 */
2031 0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59,
2032 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52
2035 static const guint8 VID_SSH_SENTINEL_1_4[] = { /* SSH Sentinel 1.4 */
2036 0x63, 0xD9, 0xA1, 0xA7, 0x00, 0x94, 0x91, 0xB5,
2037 0xA0, 0xA6, 0xFD, 0xEB, 0x2A, 0x82, 0x84, 0xF0
2040 static const guint8 VID_SSH_SENTINEL_1_4_1[] = { /* SSH Sentinel 1.4.1 */
2041 0xEB, 0x4B, 0x0D, 0x96, 0x27, 0x6B, 0x4E, 0x22,
2042 0x0A, 0xD1, 0x62, 0x21, 0xA7, 0xB2, 0xA5, 0xE6
2045 static const guint8 VID_SSH_QUICKSEC_0_9_0[] = { /* SSH Communications Security QuickSec 0.9.0 */
2046 0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7,
2047 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A
2050 static const guint8 VID_SSH_QUICKSEC_1_1_0[] = { /* SSH Communications Security QuickSec 1.1.0 */
2051 0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96,
2052 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9
2055 static const guint8 VID_SSH_QUICKSEC_1_1_1[] = { /* SSH Communications Security QuickSec 1.1.1 */
2056 0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD,
2057 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94
2060 static const guint8 VID_SSH_QUICKSEC_1_1_2[] = { /* SSH Communications Security QuickSec 1.1.2 */
2061 0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5,
2062 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91
2065 static const guint8 VID_SSH_QUICKSEC_1_1_3[] = { /* SSH Communications Security QuickSec 1.1.3 */
2066 0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3,
2067 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87
2070 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_00[] = { /* draft-huttunen-ipsec-esp-in-udp-00.txt */
2071 0x6A, 0x74, 0x34, 0xC1, 0x9D, 0x7E, 0x36, 0x34,
2072 0x80, 0x90, 0xA0, 0x23, 0x34, 0xC9, 0xC8, 0x05
2075 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_01[] = { /* draft-huttunen-ipsec-esp-in-udp-01.txt */
2076 0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5,
2077 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83
2080 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_01[] = { /* draft-stenberg-ipsec-nat-traversal-01 */
2081 0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60,
2082 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0
2085 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_02[]= { /* draft-stenberg-ipsec-nat-traversal-02 */
2086 0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4,
2087 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD
2090 static const guint8 VID_draft_ietf_ipsec_nat_t_ike[]= { /* draft-ietf-ipsec-nat-t-ike */
2091 0x4D, 0xF3, 0x79, 0x28, 0xE9, 0xFC, 0x4F, 0xD1,
2092 0xB3, 0x26, 0x21, 0x70, 0xD5, 0x15, 0xC6, 0x62
2095 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_00[]= { /* draft-ietf-ipsec-nat-t-ike-00 */
2096 0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD,
2097 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC
2100 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_01[]= { /* "draft-ietf-ipsec-nat-t-ike-01" */
2101 0x16, 0xF6, 0xCA, 0x16, 0xE4, 0xA4, 0x06, 0x6D,
2102 0x83, 0x82, 0x1A, 0x0F, 0x0A, 0xEA, 0xA8, 0x62
2105 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02[]= { /* draft-ietf-ipsec-nat-t-ike-02 */
2106 0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8,
2107 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48
2110 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02n[]= { /* draft-ietf-ipsec-nat-t-ike-02\n */
2111 0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
2112 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
2115 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[] = { /* draft-ietf-ipsec-nat-t-ike-03 */
2116 0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F,
2117 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56
2120 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_04[] = { /* draft-ietf-ipsec-nat-t-ike-04 */
2121 0x99, 0x09, 0xb6, 0x4e, 0xed, 0x93, 0x7c, 0x65,
2122 0x73, 0xde, 0x52, 0xac, 0xe9, 0x52, 0xfa, 0x6b
2124 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_05[] = { /* draft-ietf-ipsec-nat-t-ike-05 */
2125 0x80, 0xd0, 0xbb, 0x3d, 0xef, 0x54, 0x56, 0x5e,
2126 0xe8, 0x46, 0x45, 0xd4, 0xc8, 0x5c, 0xe3, 0xee
2128 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_06[] = { /* draft-ietf-ipsec-nat-t-ike-06 */
2129 0x4d, 0x1e, 0x0e, 0x13, 0x6d, 0xea, 0xfa, 0x34,
2130 0xc4, 0xf3, 0xea, 0x9f, 0x02, 0xec, 0x72, 0x85
2132 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_07[] = { /* draft-ietf-ipsec-nat-t-ike-07 */
2133 0x43, 0x9b, 0x59, 0xf8, 0xba, 0x67, 0x6c, 0x4c,
2134 0x77, 0x37, 0xae, 0x22, 0xea, 0xb8, 0xf5, 0x82
2136 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_08[] = { /* draft-ietf-ipsec-nat-t-ike-08 */
2137 0x8f, 0x8d, 0x83, 0x82, 0x6d, 0x24, 0x6b, 0x6f,
2138 0xc7, 0xa8, 0xa6, 0xa4, 0x28, 0xc1, 0x1d, 0xe8
2140 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_09[] = { /* draft-ietf-ipsec-nat-t-ike-09 */
2141 0x42, 0xea, 0x5b, 0x6f, 0x89, 0x8d, 0x97, 0x73,
2142 0xa5, 0x75, 0xdf, 0x26, 0xe7, 0xdd, 0x19, 0xe1
2144 static const guint8 VID_testing_nat_t_rfc[] = { /* Testing NAT-T RFC */
2145 0xc4, 0x0f, 0xee, 0x00, 0xd5, 0xd3, 0x9d, 0xdb,
2146 0x1f, 0xc7, 0x62, 0xe0, 0x9b, 0x7c, 0xfe, 0xa7
2149 static const guint8 VID_rfc3947_nat_t[] = { /* RFC 3947 Negotiation of NAT-Traversal in the IKE */
2150 0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45,
2151 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f
2153 static const guint8 VID_draft_beaulieu_ike_xauth_02[]= { /* draft-beaulieu-ike-xauth-02.txt 02 or 06 ??*/
2154 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12,
2155 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5
2158 static const guint8 VID_xauth[]= { /* XAUTH (truncated MD5 hash of "draft-ietf-ipsra-isakmp-xauth-06.txt") */
2159 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12
2162 static const guint8 VID_rfc3706_dpd[]= { /* RFC 3706 */
2163 0xAF, 0xCA, 0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9,
2164 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00
2166 static const guint8 VID_draft_ietf_ipsec_antireplay_00[]= { /* draft-ietf-ipsec-antireplay-00.txt */
2167 0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD
2170 static const guint8 VID_draft_ietf_ipsec_heartbeats_00[]= { /* draft-ietf-ipsec-heartbeats-00.txt */
2171 0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60
2173 static const guint8 VID_IKE_CHALLENGE_RESPONSE_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2174 0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5,
2175 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9
2178 static const guint8 VID_IKE_CHALLENGE_RESPONSE_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2179 0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E,
2180 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12
2183 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2185 0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52,
2186 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D
2189 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2190 0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9,
2191 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B
2194 static const guint8 VID_MS_L2TP_IPSEC_VPN_CLIENT[]= { /* Microsoft L2TP/IPSec VPN Client */
2195 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2196 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3
2199 static const guint8 VID_MS_VID_INITIAL_CONTACT[]= { /* Microsoft Vid-Initial-Contact */
2200 0x26, 0x24, 0x4d, 0x38, 0xed, 0xdb, 0x61, 0xb3,
2201 0x17, 0x2a, 0x36, 0xe3, 0xd0, 0xcf, 0xb8, 0x19
2204 static const guint8 VID_GSS_API_1[]= { /* A GSS-API Authentication Method for IKE */
2205 0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2,
2206 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA
2209 static const guint8 VID_GSS_API_2[]= { /* A GSS-API Authentication Method for IKE */
2210 0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83,
2211 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55
2214 static const guint8 VID_GSSAPI[]= { /* GSSAPI */
2215 0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1,
2216 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE
2219 static const guint8 VID_MS_NT5_ISAKMPOAKLEY[]= { /* MS NT5 ISAKMPOAKLEY */
2220 0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D,
2221 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61
2224 static const guint8 VID_CISCO_UNITY[]= { /* CISCO-UNITY */
2225 0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9,
2226 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC
2230 static const guint8 VID_CISCO_CONCENTRATOR[]= { /* CISCO-CONCENTRATOR */
2231 0x1F, 0x07, 0xF7, 0x0E, 0xAA, 0x65, 0x14, 0xD3,
2232 0xB0, 0xFA, 0x96, 0x54, 0x2A, 0x50, 0x01, 0x00
2234 static const guint8 VID_CISCO_FRAG[] = { /* Cisco Fragmentation */
2235 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2236 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3,
2237 0x80, 0x00, 0x00, 0x00
2240 static const guint8 VID_CP[] = { /* Check Point */
2241 0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51,
2242 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28,
2243 0x7, 0xB4, 0x38, 0x1F
2246 static const guint8 VID_CYBERGUARD[] = { /* CyberGuard */
2247 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2248 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC0, 0xF2, 0x14
2251 static const guint8 VID_SHREWSOFT[] = { /* Shrew Soft */
2252 0xf1, 0x4b, 0x94, 0xb7, 0xbf, 0xf1, 0xfe, 0xf0,
2253 0x27, 0x73, 0xb8, 0xc4, 0x9f, 0xed, 0xed, 0x26
2255 static const guint8 VID_STRONGSWAN[] = { /* strongSwan */
2256 0x88, 0x2f, 0xe5, 0x6d, 0x6f, 0xd2, 0x0d, 0xbc,
2257 0x22, 0x51, 0x61, 0x3b, 0x2e, 0xbe, 0x5b, 0xeb
2259 static const guint8 VID_KAME_RACOON[] = { /* KAME/racoon */
2260 0x70, 0x03, 0xcb, 0xc1, 0x09, 0x7d, 0xbe, 0x9c,
2261 0x26, 0x00, 0xba, 0x69, 0x83, 0xbc, 0x8b, 0x35
2264 static const guint8 VID_IPSEC_TOOLS[] = { /* IPsec-Tools */
2265 0x20, 0xa3, 0x62, 0x2c, 0x1c, 0xea, 0x7c, 0xe3,
2266 0x7b, 0xee, 0x3c, 0xa4, 0x84, 0x42, 0x52, 0x76
2269 static const guint8 VID_NETSCREEN_1[] = { /* Netscreen-1 */
2270 0x29, 0x9e, 0xe8, 0x28, 0x9f, 0x40, 0xa8, 0x97,
2271 0x3b, 0xc7, 0x86, 0x87, 0xe2, 0xe7, 0x22, 0x6b,
2272 0x53, 0x2c, 0x3b, 0x76
2275 static const guint8 VID_NETSCREEN_2[] = { /* Netscreen-2 */
2276 0x3a, 0x15, 0xe1, 0xf3, 0xcf, 0x2a, 0x63, 0x58,
2277 0x2e, 0x3a, 0xc8, 0x2d, 0x1c, 0x64, 0xcb, 0xe3,
2278 0xb6, 0xd7, 0x79, 0xe7
2281 static const guint8 VID_NETSCREEN_3[] = { /* Netscreen-3 */
2282 0x47, 0xd2, 0xb1, 0x26, 0xbf, 0xcd, 0x83, 0x48,
2283 0x97, 0x60, 0xe2, 0xcf, 0x8c, 0x5d, 0x4d, 0x5a,
2284 0x03, 0x49, 0x7c, 0x15
2287 static const guint8 VID_NETSCREEN_4[] = { /* Netscreen-4 */
2288 0x4a, 0x43, 0x40, 0xb5, 0x43, 0xe0, 0x2b, 0x84,
2289 0xc8, 0x8a, 0x8b, 0x96, 0xa8, 0xaf, 0x9e, 0xbe,
2290 0x77, 0xd9, 0xac, 0xcc
2293 static const guint8 VID_NETSCREEN_5[] = { /* Netscreen-5 */
2294 0x64, 0x40, 0x5f, 0x46, 0xf0, 0x3b, 0x76, 0x60,
2295 0xa2, 0x3b, 0xe1, 0x16, 0xa1, 0x97, 0x50, 0x58,
2296 0xe6, 0x9e, 0x83, 0x87
2299 static const guint8 VID_NETSCREEN_6[] = { /* Netscreen-6 */
2300 0x69, 0x93, 0x69, 0x22, 0x87, 0x41, 0xc6, 0xd4,
2301 0xca, 0x09, 0x4c, 0x93, 0xe2, 0x42, 0xc9, 0xde,
2302 0x19, 0xe7, 0xb7, 0xc6
2305 static const guint8 VID_NETSCREEN_7[] = { /* Netscreen-7 */
2306 0x8c, 0x0d, 0xc6, 0xcf, 0x62, 0xa0, 0xef, 0x1b,
2307 0x5c, 0x6e, 0xab, 0xd1, 0xb6, 0x7b, 0xa6, 0x98,
2308 0x66, 0xad, 0xf1, 0x6a
2311 static const guint8 VID_NETSCREEN_8[] = { /* Netscreen-8 */
2312 0x92, 0xd2, 0x7a, 0x9e, 0xcb, 0x31, 0xd9, 0x92,
2313 0x46, 0x98, 0x6d, 0x34, 0x53, 0xd0, 0xc3, 0xd5,
2314 0x7a, 0x22, 0x2a, 0x61
2317 static const guint8 VID_NETSCREEN_9[] = { /* Netscreen-9 */
2318 0x9b, 0x09, 0x6d, 0x9a, 0xc3, 0x27, 0x5a, 0x7d,
2319 0x6f, 0xe8, 0xb9, 0x1c, 0x58, 0x31, 0x11, 0xb0,
2320 0x9e, 0xfe, 0xd1, 0xa0
2323 static const guint8 VID_NETSCREEN_10[] = { /* Netscreen-10 */
2324 0xbf, 0x03, 0x74, 0x61, 0x08, 0xd7, 0x46, 0xc9,
2325 0x04, 0xf1, 0xf3, 0x54, 0x7d, 0xe2, 0x4f, 0x78,
2326 0x47, 0x9f, 0xed, 0x12
2329 static const guint8 VID_NETSCREEN_11[] = { /* Netscreen-11 */
2330 0xc2, 0xe8, 0x05, 0x00, 0xf4, 0xcc, 0x5f, 0xbf,
2331 0x5d, 0xaa, 0xee, 0xd3, 0xbb, 0x59, 0xab, 0xae,
2332 0xee, 0x56, 0xc6, 0x52
2335 static const guint8 VID_NETSCREEN_12[] = { /* Netscreen-12 */
2336 0xc8, 0x66, 0x0a, 0x62, 0xb0, 0x3b, 0x1b, 0x61,
2337 0x30, 0xbf, 0x78, 0x16, 0x08, 0xd3, 0x2a, 0x6a,
2338 0x8d, 0x0f, 0xb8, 0x9f
2341 static const guint8 VID_NETSCREEN_13[] = { /* Netscreen-13 */
2342 0xf8, 0x85, 0xda, 0x40, 0xb1, 0xe7, 0xa9, 0xab,
2343 0xd1, 0x76, 0x55, 0xec, 0x5b, 0xbe, 0xc0, 0xf2,
2344 0x1f, 0x0e, 0xd5, 0x2e
2347 static const guint8 VID_NETSCREEN_14[] = { /* Netscreen-14 */
2348 0x2a, 0x2b, 0xca, 0xc1, 0x9b, 0x8e, 0x91, 0xb4,
2349 0x26, 0x10, 0x78, 0x07, 0xe0, 0x2e, 0x72, 0x49,
2350 0x56, 0x9d, 0x6f, 0xd3
2352 static const guint8 VID_NETSCREEN_15[] = { /* Netscreen-15 */
2353 0x16, 0x6f, 0x93, 0x2d, 0x55, 0xeb, 0x64, 0xd8,
2354 0xe4, 0xdf, 0x4f, 0xd3, 0x7e, 0x23, 0x13, 0xf0,
2355 0xd0, 0xfd, 0x84, 0x51
2358 static const guint8 VID_NETSCREEN_16[] = { /* Netscreen-16 */
2359 0xa3, 0x5b, 0xfd, 0x05, 0xca, 0x1a, 0xc0, 0xb3,
2360 0xd2, 0xf2, 0x4e, 0x9e, 0x82, 0xbf, 0xcb, 0xff,
2361 0x9c, 0x9e, 0x52, 0xb5
2364 static const guint8 VID_ZYWALL[] = { /* ZYWALL */
2365 0x62, 0x50, 0x27, 0x74, 0x9d, 0x5a, 0xb9, 0x7f,
2366 0x56, 0x16, 0xc1, 0x60, 0x27, 0x65, 0xcf, 0x48,
2367 0x0a, 0x3b, 0x7d, 0x0b
2370 static const guint8 VID_SIDEWINDER[] = { /* SIDEWINDER */
2371 0x84, 0x04, 0xad, 0xf9, 0xcd, 0xa0, 0x57, 0x60,
2372 0xb2, 0xca, 0x29, 0x2e, 0x4b, 0xff, 0x53, 0x7b
2375 static const guint8 VID_SONICWALL[] = { /* SonicWALL */
2376 0x40, 0x4B, 0xF4, 0x39, 0x52, 0x2C, 0xA3, 0xF6
2379 static const guint8 VID_HEARTBEAT_NOTIFY[] = { /* Heartbeat Notify */
2380 0x48 ,0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61,
2381 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79
2384 static const guint8 VID_DWR[] = { /* DWR: Delete with reason */
2385 0x2D, 0x79, 0x22, 0xC6, 0xB3, 0x01, 0xD9, 0xB0,
2386 0xE1, 0x34, 0x27, 0x39, 0xE9, 0xCF, 0xBB, 0xD5
2389 static const guint8 VID_ARUBA_RAP[] = { /* Remote AP (Aruba Networks) */
2390 0xca, 0x3e, 0x2b, 0x85, 0x4b, 0xa8, 0x03, 0x00,
2391 0x17, 0xdc, 0x10, 0x23, 0xa4, 0xfd, 0xe2, 0x04,
2392 0x1f, 0x9f, 0x74, 0x63
2395 static const guint8 VID_ARUBA_CONTROLLER[] = { /* Controller (Aruba Networks) */
2396 0x3c, 0x8e, 0x70, 0xbd, 0xf9, 0xc7, 0xd7, 0x4a,
2397 0xdd, 0x53, 0xe4, 0x10, 0x09, 0x15, 0xdc, 0x2e,
2398 0x4b, 0xb5, 0x12, 0x74
2401 static const guint8 VID_ARUBA_VIA_CLIENT[] = { /* VIA Client (Aruba Networks) */
2402 0x88, 0xf0, 0xe3, 0x14, 0x9b, 0x3f, 0xa4, 0x8b,
2403 0x05, 0xaa, 0x7f, 0x68, 0x5f, 0x0b, 0x76, 0x6b,
2404 0xe1, 0x86, 0xcc, 0xb8
2407 static const guint8 VID_ARUBA_VIA_AUTH_PROFILE[] = { /* VIA Auth Profile (Aruba Networks) */
2408 0x56, 0x49, 0x41, 0x20, 0x41, 0x75, 0x74, 0x68,
2409 0x20, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
2413 /* Based from value_string.c/h */
2414 static const byte_string vendor_id[] = {
2415 { VID_SSH_IPSEC_EXPRESS_1_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_0), "Ssh Communications Security IPSEC Express version 1.1.0" },
2416 { VID_SSH_IPSEC_EXPRESS_1_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_1), "Ssh Communications Security IPSEC Express version 1.1.1" },
2417 { VID_SSH_IPSEC_EXPRESS_1_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_2), "Ssh Communications Security IPSEC Express version 1.1.2" },
2418 { VID_SSH_IPSEC_EXPRESS_1_2_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_1), "Ssh Communications Security IPSEC Express version 1.2.1" },
2419 { VID_SSH_IPSEC_EXPRESS_1_2_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_2), "Ssh Communications Security IPSEC Express version 1.2.2" },
2420 { VID_SSH_IPSEC_EXPRESS_2_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_0_0), "SSH Communications Security IPSEC Express version 2.0.0" },
2421 { VID_SSH_IPSEC_EXPRESS_2_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_0), "SSH Communications Security IPSEC Express version 2.1.0" },
2422 { VID_SSH_IPSEC_EXPRESS_2_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_1), "SSH Communications Security IPSEC Express version 2.1.1" },
2423 { VID_SSH_IPSEC_EXPRESS_2_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_2), "SSH Communications Security IPSEC Express version 2.1.2" },
2424 { VID_SSH_IPSEC_EXPRESS_3_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_0), "SSH Communications Security IPSEC Express version 3.0.0" },
2425 { VID_SSH_IPSEC_EXPRESS_3_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_1), "SSH Communications Security IPSEC Express version 3.0.1" },
2426 { VID_SSH_IPSEC_EXPRESS_4_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_0), "SSH Communications Security IPSEC Express version 4.0.0" },
2427 { VID_SSH_IPSEC_EXPRESS_4_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_1), "SSH Communications Security IPSEC Express version 4.0.1" },
2428 { VID_SSH_IPSEC_EXPRESS_4_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_0), "SSH Communications Security IPSEC Express version 4.1.0" },
2429 { VID_SSH_IPSEC_EXPRESS_4_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_1), "SSH Communications Security IPSEC Express version 4.1.1" },
2430 { VID_SSH_IPSEC_EXPRESS_4_2_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_2_0), "SSH Communications Security IPSEC Express version 4.2.0" },
2431 { VID_SSH_IPSEC_EXPRESS_5_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0), "SSH Communications Security IPSEC Express version 5.0" },
2432 { VID_SSH_IPSEC_EXPRESS_5_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0_0), "SSH Communications Security IPSEC Express version 5.0.0" },
2433 { VID_SSH_IPSEC_EXPRESS_5_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_0), "SSH Communications Security IPSEC Express version 5.1.0" },
2434 { VID_SSH_IPSEC_EXPRESS_5_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_1), "SSH Communications Security IPSEC Express version 5.1.1" },
2435 { VID_SSH_SENTINEL, sizeof(VID_SSH_SENTINEL), "SSH Sentinel" },
2436 { VID_SSH_SENTINEL_1_1, sizeof(VID_SSH_SENTINEL_1_1), "SSH Sentinel 1.1" },
2437 { VID_SSH_SENTINEL_1_2, sizeof(VID_SSH_SENTINEL_1_2), "SSH Sentinel 1.2" },
2438 { VID_SSH_SENTINEL_1_3, sizeof(VID_SSH_SENTINEL_1_3), "SSH Sentinel 1.3" },
2439 { VID_SSH_SENTINEL_1_4, sizeof(VID_SSH_SENTINEL_1_4), "SSH Sentinel 1.4" },
2440 { VID_SSH_SENTINEL_1_4_1, sizeof(VID_SSH_SENTINEL_1_4_1), "SSH Sentinel 1.4.1" },
2441 { VID_SSH_QUICKSEC_0_9_0, sizeof(VID_SSH_QUICKSEC_0_9_0), "SSH Communications Security QuickSec 0.9.0" },
2442 { VID_SSH_QUICKSEC_1_1_0, sizeof(VID_SSH_QUICKSEC_1_1_0), "SSH Communications Security QuickSec 1.1.0" },
2443 { VID_SSH_QUICKSEC_1_1_1, sizeof(VID_SSH_QUICKSEC_1_1_1), "SSH Communications Security QuickSec 1.1.1" },
2444 { VID_SSH_QUICKSEC_1_1_2, sizeof(VID_SSH_QUICKSEC_1_1_2), "SSH Communications Security QuickSec 1.1.2" },
2445 { VID_SSH_QUICKSEC_1_1_3, sizeof(VID_SSH_QUICKSEC_1_1_3), "SSH Communications Security QuickSec 1.1.3" },
2446 { VID_draft_huttunen_ipsec_esp_in_udp_00, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_00), "draft-huttunen-ipsec-esp-in-udp-00.txt" },
2447 { VID_draft_huttunen_ipsec_esp_in_udp_01, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_01), "draft-huttunen-ipsec-esp-in-udp-01.txt (ESPThruNAT)" },
2448 { VID_draft_stenberg_ipsec_nat_traversal_01, sizeof(VID_draft_stenberg_ipsec_nat_traversal_01), "draft-stenberg-ipsec-nat-traversal-01" },
2449 { VID_draft_stenberg_ipsec_nat_traversal_02, sizeof(VID_draft_stenberg_ipsec_nat_traversal_02), "draft-stenberg-ipsec-nat-traversal-02" },
2450 { VID_draft_ietf_ipsec_nat_t_ike, sizeof(VID_draft_ietf_ipsec_nat_t_ike), "draft-ietf-ipsec-nat-t-ike" },
2451 { VID_draft_ietf_ipsec_nat_t_ike_00, sizeof(VID_draft_ietf_ipsec_nat_t_ike_00), "draft-ietf-ipsec-nat-t-ike-00" },
2452 { VID_draft_ietf_ipsec_nat_t_ike_01, sizeof(VID_draft_ietf_ipsec_nat_t_ike_01), "draft-ietf-ipsec-nat-t-ike-01" },
2453 { VID_draft_ietf_ipsec_nat_t_ike_02, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02), "draft-ietf-ipsec-nat-t-ike-02" },
2454 { VID_draft_ietf_ipsec_nat_t_ike_02n, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02n), "draft-ietf-ipsec-nat-t-ike-02\\n" },
2455 { VID_draft_ietf_ipsec_nat_t_ike_03, sizeof(VID_draft_ietf_ipsec_nat_t_ike_03), "draft-ietf-ipsec-nat-t-ike-03" },
2456 { VID_draft_ietf_ipsec_nat_t_ike_04, sizeof(VID_draft_ietf_ipsec_nat_t_ike_04), "draft-ietf-ipsec-nat-t-ike-04" },
2457 { VID_draft_ietf_ipsec_nat_t_ike_05, sizeof(VID_draft_ietf_ipsec_nat_t_ike_05), "draft-ietf-ipsec-nat-t-ike-05" },
2458 { VID_draft_ietf_ipsec_nat_t_ike_06, sizeof(VID_draft_ietf_ipsec_nat_t_ike_06), "draft-ietf-ipsec-nat-t-ike-06" },
2459 { VID_draft_ietf_ipsec_nat_t_ike_07, sizeof(VID_draft_ietf_ipsec_nat_t_ike_07), "draft-ietf-ipsec-nat-t-ike-07" },
2460 { VID_draft_ietf_ipsec_nat_t_ike_08, sizeof(VID_draft_ietf_ipsec_nat_t_ike_08), "draft-ietf-ipsec-nat-t-ike-08" },
2461 { VID_draft_ietf_ipsec_nat_t_ike_09, sizeof(VID_draft_ietf_ipsec_nat_t_ike_09), "draft-ietf-ipsec-nat-t-ike-09" },
2462 { VID_testing_nat_t_rfc, sizeof(VID_testing_nat_t_rfc), "Testing NAT-T RFC" },
2463 { VID_rfc3947_nat_t, sizeof(VID_rfc3947_nat_t), "RFC 3947 Negotiation of NAT-Traversal in the IKE" },
2464 { VID_draft_beaulieu_ike_xauth_02, sizeof(VID_draft_beaulieu_ike_xauth_02), "draft-beaulieu-ike-xauth-02.txt" },
2465 { VID_xauth, sizeof(VID_xauth), "XAUTH" },
2466 { VID_rfc3706_dpd, sizeof(VID_rfc3706_dpd), "RFC 3706 DPD (Dead Peer Detection)" },
2467 { VID_draft_ietf_ipsec_antireplay_00, sizeof(VID_draft_ietf_ipsec_antireplay_00), "draft-ietf-ipsec-antireplay-00.txt" },
2468 { VID_draft_ietf_ipsec_heartbeats_00, sizeof(VID_draft_ietf_ipsec_heartbeats_00), "draft-ietf-ipsec-heartbeats-00.txt" },
2469 { VID_IKE_CHALLENGE_RESPONSE_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_1), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
2470 { VID_IKE_CHALLENGE_RESPONSE_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_2), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
2471 { VID_IKE_CHALLENGE_RESPONSE_REV_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_1), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
2472 { VID_IKE_CHALLENGE_RESPONSE_REV_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_2), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
2473 { VID_MS_L2TP_IPSEC_VPN_CLIENT, sizeof(VID_MS_L2TP_IPSEC_VPN_CLIENT), "Microsoft L2TP/IPSec VPN Client" },
2474 { VID_MS_VID_INITIAL_CONTACT, sizeof(VID_MS_VID_INITIAL_CONTACT), "Microsoft Vid-Initial-Contact" },
2475 { VID_GSS_API_1, sizeof(VID_GSS_API_1), "A GSS-API Authentication Method for IKE" },
2476 { VID_GSS_API_2, sizeof(VID_GSS_API_2), "A GSS-API Authentication Method for IKE" },
2477 { VID_GSSAPI, sizeof(VID_GSSAPI), "GSSAPI" },
2478 { VID_MS_NT5_ISAKMPOAKLEY, sizeof(VID_MS_NT5_ISAKMPOAKLEY), "MS NT5 ISAKMPOAKLEY" },
2479 { VID_CISCO_UNITY, sizeof(VID_CISCO_UNITY), "CISCO-UNITY" },
2480 { VID_CISCO_CONCENTRATOR, sizeof(VID_CISCO_CONCENTRATOR), "CISCO-CONCENTRATOR" },
2481 { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
2482 { VID_CP, sizeof(VID_CP), "Check Point" },
2483 { VID_CYBERGUARD, sizeof(VID_CYBERGUARD), "CyberGuard" },
2484 { VID_SHREWSOFT, sizeof(VID_SHREWSOFT), "Shrew Soft" },
2485 { VID_STRONGSWAN, sizeof(VID_STRONGSWAN), "strongSwan" },
2486 { VID_KAME_RACOON, sizeof(VID_KAME_RACOON), "KAME/racoon" },
2487 { VID_IPSEC_TOOLS, sizeof(VID_IPSEC_TOOLS), "IPSec-Tools" },
2488 { VID_NETSCREEN_1, sizeof(VID_NETSCREEN_1), "Netscreen-1" },
2489 { VID_NETSCREEN_2, sizeof(VID_NETSCREEN_2), "Netscreen-2" },
2490 { VID_NETSCREEN_3, sizeof(VID_NETSCREEN_3), "Netscreen-3" },
2491 { VID_NETSCREEN_4, sizeof(VID_NETSCREEN_4), "Netscreen-4" },
2492 { VID_NETSCREEN_5, sizeof(VID_NETSCREEN_5), "Netscreen-5" },
2493 { VID_NETSCREEN_6, sizeof(VID_NETSCREEN_6), "Netscreen-6" },
2494 { VID_NETSCREEN_7, sizeof(VID_NETSCREEN_7), "Netscreen-7" },
2495 { VID_NETSCREEN_8, sizeof(VID_NETSCREEN_8), "Netscreen-8" },
2496 { VID_NETSCREEN_9, sizeof(VID_NETSCREEN_9), "Netscreen-9" },
2497 { VID_NETSCREEN_10, sizeof(VID_NETSCREEN_10), "Netscreen-10" },
2498 { VID_NETSCREEN_11, sizeof(VID_NETSCREEN_11), "Netscreen-11" },
2499 { VID_NETSCREEN_12, sizeof(VID_NETSCREEN_12), "Netscreen-12" },
2500 { VID_NETSCREEN_13, sizeof(VID_NETSCREEN_13), "Netscreen-13" },
2501 { VID_NETSCREEN_14, sizeof(VID_NETSCREEN_14), "Netscreen-14" },
2502 { VID_NETSCREEN_15, sizeof(VID_NETSCREEN_15), "Netscreen-15" },
2503 { VID_NETSCREEN_16, sizeof(VID_NETSCREEN_16), "Netscreen-16" },
2504 { VID_ZYWALL, sizeof(VID_ZYWALL), "ZYWALL" },
2505 { VID_SIDEWINDER, sizeof(VID_SIDEWINDER), "SIDEWINDER" },
2506 { VID_SONICWALL, sizeof(VID_SONICWALL), "SonicWALL" },
2507 { VID_HEARTBEAT_NOTIFY, sizeof(VID_HEARTBEAT_NOTIFY), "Heartbeat Notify" },
2508 { VID_DWR, sizeof(VID_DWR), "DWR: Delete with reason" },
2509 { VID_ARUBA_RAP, sizeof(VID_ARUBA_RAP), "Remote AP (Aruba Networks)" },
2510 { VID_ARUBA_CONTROLLER, sizeof(VID_ARUBA_CONTROLLER), "Controller (Aruba Networks)" },
2511 { VID_ARUBA_VIA_CLIENT, sizeof(VID_ARUBA_VIA_CLIENT), "VIA Client (Aruba Networks)" },
2512 { VID_ARUBA_VIA_AUTH_PROFILE, sizeof(VID_ARUBA_VIA_AUTH_PROFILE), "VIA Auth Profile (Aruba Networks)" },
2517 /* Tries to match val against each element in the value_string array vs.
2518 Returns the associated string ptr, and sets "*idx" to the index in
2519 that table, on a match, and returns NULL, and sets "*idx" to -1,
2522 match_strbyte_idx(const guint8 *val, const gint val_len, const byte_string *vs, gint *idx) {
2526 while (vs[i].strptr) {
2527 if (val_len >= vs[i].len && !memcmp(vs[i].value, val, vs[i].len)) {
2529 return(vs[i].strptr);
2538 /* Like match_strbyte_idx(), but doesn't return the index. */
2540 match_strbyte(const guint8 *val,const gint val_len, const byte_string *vs) {
2542 return match_strbyte_idx(val, val_len, vs, &ignore_me);
2545 /* Tries to match val against each element in the value_string array vs.
2546 Returns the associated string ptr on a match.
2547 Formats val with fmt, and returns the resulting string, on failure. */
2549 byte_to_str(const guint8 *val,const gint val_len, const byte_string *vs, const char *fmt) {
2552 DISSECTOR_ASSERT(fmt != NULL);
2553 ret = match_strbyte(val, val_len, vs);
2557 return ep_strdup_printf(fmt, val);
2564 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, proto_tree *parent_tree _U_,
2565 int isakmp_version, guint8 initial_payload, int offset, int length,
2568 guint8 payload, next_payload;
2569 guint16 payload_length;
2572 for (payload = initial_payload; length > 0; payload = next_payload) {
2573 if (payload == PLOAD_IKE_NONE) {
2575 * What? There's more stuff in this chunk of data, but the
2576 * previous payload had a "next payload" type of None?
2578 proto_tree_add_item(tree, hf_isakmp_extradata, tvb, offset, length, FALSE);
2582 ntree = dissect_payload_header(tvb, offset, length, isakmp_version, payload, &next_payload, &payload_length, tree);
2585 if (payload_length >= 4) { /* XXX = > 4? */
2586 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
2590 dissect_sa(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2593 dissect_proposal(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2597 dissect_key_exch(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2600 case PLOAD_IKE2_IDI:
2601 case PLOAD_IKE2_IDR:
2602 dissect_id(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2604 case PLOAD_IKE_CERT:
2605 case PLOAD_IKE2_CERT:
2606 dissect_cert(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2609 case PLOAD_IKE2_CERTREQ:
2610 dissect_certreq(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
2612 case PLOAD_IKE_HASH:
2613 dissect_hash(tvb, offset + 4, payload_length - 4, ntree);
2616 dissect_sig(tvb, offset + 4, payload_length - 4, ntree);
2618 case PLOAD_IKE_NONCE:
2619 case PLOAD_IKE2_NONCE:
2620 dissect_nonce(tvb, offset + 4, payload_length - 4, ntree);
2624 dissect_notif(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
2628 dissect_delete(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
2632 dissect_vid(tvb, offset + 4, payload_length - 4, ntree);
2636 dissect_config(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
2638 case PLOAD_IKE2_AUTH:
2639 dissect_auth(tvb, offset + 4, payload_length - 4, ntree);
2641 case PLOAD_IKE2_TSI:
2642 case PLOAD_IKE2_TSR:
2643 dissect_ts(tvb, offset + 4, payload_length - 4, ntree);
2646 if(isakmp_version == 2)
2647 dissect_enc(tvb, offset + 4, payload_length - 4, ntree, pinfo, next_payload);
2649 case PLOAD_IKE2_EAP:
2650 dissect_eap(tvb, offset + 4, payload_length - 4, ntree, pinfo );
2652 case PLOAD_IKE_NAT_D:
2653 case PLOAD_IKE_NAT_D13:
2654 case PLOAD_IKE_NAT_D48:
2655 dissect_nat_discovery(tvb, offset + 4, payload_length - 4, ntree );
2657 case PLOAD_IKE_NAT_OA:
2658 case PLOAD_IKE_NAT_OA14:
2659 case PLOAD_IKE_NAT_OA58:
2660 dissect_nat_original_address(tvb, offset + 4, payload_length - 4, ntree, isakmp_version );
2662 case PLOAD_IKE_CISCO_FRAG:
2663 dissect_cisco_fragmentation(tvb, offset + 4, payload_length - 4, ntree, pinfo );
2666 proto_tree_add_item(ntree, hf_isakmp_datapayload, tvb, offset + 4, payload_length-4, FALSE);
2671 else if (payload_length > length) {
2672 proto_tree_add_text(ntree, tvb, 0, 0,
2673 "Payload (bogus, length is %u, greater than remaining length %d",
2674 payload_length, length);
2678 proto_tree_add_text(ntree, tvb, 0, 0,
2679 "Payload (bogus, length is %u, must be at least 4)",
2684 offset += payload_length;
2685 length -= payload_length;
2690 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
2691 guint8 initial_payload, int offset, int length,
2694 dissect_payloads(tvb, tree, tree, isakmp_version, initial_payload, offset, length,
2699 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2701 int offset = 0, len;
2704 proto_tree * isakmp_tree = NULL;
2706 #ifdef HAVE_LIBGCRYPT
2707 guint8 i_cookie[COOKIE_SIZE], *ic_key;
2708 decrypt_data_t *decr = NULL;
2710 proto_tree *decr_tree;
2712 void *pd_save = NULL;
2713 gboolean pd_changed = FALSE;
2714 #endif /* HAVE_LIBGCRYPT */
2716 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
2717 col_clear(pinfo->cinfo, COL_INFO);
2720 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, FALSE);
2721 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
2724 /* RFC3948 2.3 NAT Keepalive packet:
2725 * 1 byte payload with the value 0xff.
2727 if ( (tvb_length(tvb)==1) && (tvb_get_guint8(tvb, offset)==0xff) ){
2728 col_set_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
2729 proto_tree_add_item(isakmp_tree, hf_isakmp_nat_keepalive, tvb, offset, 1, FALSE);
2733 hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - 4);
2734 hdr.exch_type = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1);
2735 hdr.version = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1);
2736 isakmp_version = hi_nibble(hdr.version); /* save the version */
2737 hdr.flags = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1);
2739 #ifdef HAVE_LIBGCRYPT
2740 if (isakmp_version == 1) {
2741 SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
2743 tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
2744 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
2747 #if GLIB_CHECK_VERSION(2,10,0)
2748 ic_key = g_slice_alloc(COOKIE_SIZE);
2749 decr = g_slice_alloc(sizeof(decrypt_data_t));
2751 ic_key = g_mem_chunk_alloc(isakmp_key_data);
2752 decr = g_mem_chunk_alloc(isakmp_decrypt_data);
2754 memcpy(ic_key, i_cookie, COOKIE_SIZE);
2755 memset(decr, 0, sizeof(decrypt_data_t));
2756 SET_ADDRESS(&decr->initiator, AT_NONE, 0, NULL);
2758 g_hash_table_insert(isakmp_hash, ic_key, decr);
2761 if (ADDRESSES_EQUAL(&decr->initiator, &null_addr)) {
2762 /* XXX - We assume that we're seeing the second packet in an exchange here.
2763 * Is there a way to verify this? */
2764 SE_COPY_ADDRESS(&decr->initiator, &pinfo->src);
2767 pd_save = pinfo->private_data;
2768 pinfo->private_data = decr;
2770 } else if (isakmp_version == 2) {
2771 ikev2_uat_data_key_t hash_key;
2772 ikev2_uat_data_t *ike_sa_data = NULL;
2773 ikev2_decrypt_data_t *ikev2_dec_data;
2774 guchar spii[COOKIE_SIZE], spir[COOKIE_SIZE];
2776 tvb_memcpy(tvb, spii, offset, COOKIE_SIZE);
2777 tvb_memcpy(tvb, spir, offset + COOKIE_SIZE, COOKIE_SIZE);
2778 hash_key.spii = spii;
2779 hash_key.spir = spir;
2780 hash_key.spii_len = COOKIE_SIZE;
2781 hash_key.spir_len = COOKIE_SIZE;
2783 ike_sa_data = g_hash_table_lookup(ikev2_key_hash, &hash_key);
2785 guint8 initiator_flag;
2786 initiator_flag = hdr.flags & I_FLAG;
2787 ikev2_dec_data = ep_alloc(sizeof(ikev2_decrypt_data_t));
2788 ikev2_dec_data->encr_key = initiator_flag ? ike_sa_data->sk_ei : ike_sa_data->sk_er;
2789 ikev2_dec_data->auth_key = initiator_flag ? ike_sa_data->sk_ai : ike_sa_data->sk_ar;
2790 ikev2_dec_data->encr_spec = ike_sa_data->encr_spec;
2791 ikev2_dec_data->auth_spec = ike_sa_data->auth_spec;
2793 pd_save = pinfo->private_data;
2794 pinfo->private_data = ikev2_dec_data;
2798 #endif /* HAVE_LIBGCRYPT */
2801 proto_tree_add_item(isakmp_tree, hf_isakmp_icookie, tvb, offset, COOKIE_SIZE, FALSE);
2802 offset += COOKIE_SIZE;
2804 proto_tree_add_item(isakmp_tree, hf_isakmp_rcookie, tvb, offset, COOKIE_SIZE, FALSE);
2805 offset += COOKIE_SIZE;
2807 hdr.next_payload = tvb_get_guint8(tvb, offset);
2808 proto_tree_add_item(isakmp_tree, hf_isakmp_nextpayload, tvb, offset, 1, FALSE);
2812 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_version, tvb, offset,
2813 1, hdr.version, "Version: %u.%u",
2814 hi_nibble(hdr.version), lo_nibble(hdr.version));
2817 if(isakmp_version == 1) {
2818 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v1, tvb, offset, 1, FALSE);
2819 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v1_type, "Unknown %d"));
2820 } else if (isakmp_version == 2){
2821 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v2, tvb, offset, 1, FALSE);
2822 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v2_type, "Unknown %d"));
2830 fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, 1, FALSE);
2831 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
2833 if (isakmp_version == 1) {
2834 proto_tree_add_item(ftree, hf_isakmp_flag_e, tvb, offset, 1, FALSE);
2836 proto_tree_add_item(ftree, hf_isakmp_flag_c, tvb, offset, 1, FALSE);
2838 proto_tree_add_item(ftree, hf_isakmp_flag_a, tvb, offset, 1, FALSE);
2840 } else if (isakmp_version == 2) {
2841 proto_tree_add_item(ftree, hf_isakmp_flag_i, tvb, offset, 1, FALSE);
2843 proto_tree_add_item(ftree, hf_isakmp_flag_v, tvb, offset, 1, FALSE);
2845 proto_tree_add_item(ftree, hf_isakmp_flag_r, tvb, offset, 1, FALSE);
2851 hdr.message_id = tvb_get_ntohl(tvb, offset);
2852 proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, 4, FALSE);
2855 if (hdr.length < ISAKMP_HDR_SIZE) {
2856 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
2857 hdr.length, "Length: (bogus, length is %u, should be at least %lu)",
2858 hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
2859 #ifdef HAVE_LIBGCRYPT
2860 if (pd_changed) pinfo->private_data = pd_save;
2861 #endif /* HAVE_LIBGCRYPT */
2865 len = hdr.length - ISAKMP_HDR_SIZE;
2868 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
2869 hdr.length, "Length: (bogus, length is %u, which is too large)",
2871 #ifdef HAVE_LIBGCRYPT
2872 if (pd_changed) pinfo->private_data = pd_save;
2873 #endif /* HAVE_LIBGCRYPT */
2876 tvb_ensure_bytes_exist(tvb, offset, len);
2877 proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, 4, FALSE);
2880 if (hdr.flags & E_FLAG) {
2881 if (len && isakmp_tree) {
2882 ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, FALSE);
2883 proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s"));
2885 #ifdef HAVE_LIBGCRYPT
2888 decr_tvb = decrypt_payload(tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, &hdr);
2890 decr_tree = proto_item_add_subtree(ti, ett_isakmp);
2891 dissect_payloads(decr_tvb, decr_tree, tree, isakmp_version,
2892 hdr.next_payload, 0, tvb_length(decr_tvb), pinfo);
2896 #endif /* HAVE_LIBGCRYPT */
2899 dissect_payloads(tvb, isakmp_tree, tree, isakmp_version, hdr.next_payload,
2900 offset, len, pinfo);
2903 #ifdef HAVE_LIBGCRYPT
2904 if (pd_changed) pinfo->private_data = pd_save;
2905 #endif /* HAVE_LIBGCRYPT */
2910 dissect_payload_header(tvbuff_t *tvb, int offset, int length,
2911 int isakmp_version, guint8 payload _U_, guint8 *next_payload_p,
2912 guint16 *payload_length_p, proto_tree *tree)
2914 guint8 next_payload;
2915 guint16 payload_length;
2920 proto_tree_add_text(tree, tvb, offset, length,
2921 "Not enough room in payload for all transforms");
2924 next_payload = tvb_get_guint8(tvb, offset);
2925 payload_length = tvb_get_ntohs(tvb, offset + 2);
2927 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, payload);
2929 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
2931 proto_tree_add_item(ntree, hf_isakmp_nextpayload, tvb, offset, 1, FALSE);
2933 if (isakmp_version == 2) {
2934 proto_tree_add_item(ntree, hf_isakmp_criticalpayload, tvb, offset+1, 1, FALSE);
2936 proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, FALSE);
2938 *next_payload_p = next_payload;
2939 *payload_length_p = payload_length;
2944 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
2950 if (isakmp_version == 1) {
2951 doi = tvb_get_ntohl(tvb, offset);
2953 proto_tree_add_item(tree, hf_isakmp_sa_doi, tvb, offset, 4, FALSE);
2961 proto_tree_add_bytes_format(tree, hf_isakmp_sa_situation, tvb, offset, length,
2963 "Situation: %s (length is %u, should be >= 4)",
2964 tvb_bytes_to_str(tvb, offset, length), length);
2967 sti = proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, FALSE);
2968 stree = proto_item_add_subtree(sti, ett_isakmp_sa);
2970 proto_tree_add_item(stree, hf_isakmp_sa_situation_identity_only, tvb, offset, 4, FALSE);
2971 proto_tree_add_item(stree, hf_isakmp_sa_situation_secrecy, tvb, offset, 4, FALSE);
2972 proto_tree_add_item(stree, hf_isakmp_sa_situation_integrity, tvb, offset, 4, FALSE);
2977 dissect_payloads(tvb, tree, tree, isakmp_version, PLOAD_IKE_P, offset,
2981 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, FALSE);
2983 } else if (isakmp_version == 2) {
2984 dissect_payloads(tvb, tree, tree, isakmp_version, PLOAD_IKE_P, offset,
2990 dissect_proposal(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
2994 guint8 num_transforms;
2995 guint8 next_payload;
2996 guint16 payload_length;
2998 guint8 proposal_num;
3000 proposal_num = tvb_get_guint8(tvb, offset);
3002 proto_item_append_text(tree, " # %d", proposal_num);
3004 proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, FALSE);
3008 protocol_id = tvb_get_guint8(tvb, offset);
3010 if (isakmp_version == 1)
3012 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v1, tvb, offset, 1, FALSE);
3013 }else if (isakmp_version == 2)
3015 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v2, tvb, offset, 1, FALSE);
3020 spi_size = tvb_get_guint8(tvb, offset);
3021 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
3025 num_transforms = tvb_get_guint8(tvb, offset);
3026 proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, FALSE);
3031 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, FALSE);
3037 while (num_transforms > 0) {
3038 ntree = dissect_payload_header(tvb, offset, length, isakmp_version,
3039 PLOAD_IKE_T, &next_payload, &payload_length, tree);
3042 if (length < payload_length) {
3043 proto_tree_add_text(tree, tvb, offset + 4, length,
3044 "Not enough room in payload for all transforms");
3047 dissect_transform(tvb, offset + 4, payload_length - 4, ntree, pinfo, isakmp_version, protocol_id);
3049 offset += payload_length;
3050 length -= payload_length;
3056 /* Returns the number of bytes consumed by this option. */
3058 dissect_rohc_supported(tvbuff_t *tvb, proto_tree *rohc_tree, int offset )
3060 guint optlen, rohc, len = 0;
3061 proto_item *rohc_item = NULL;
3062 proto_tree *sub_rohc_tree = NULL;
3064 rohc = tvb_get_ntohs(tvb, offset);
3065 optlen = tvb_get_ntohs(tvb, offset+2);
3068 /* is TV ? (Type/Value) ? */
3069 if (rohc & 0x8000) {
3070 rohc = rohc & 0x7fff;
3076 rohc_item = proto_tree_add_item(rohc_tree, hf_isakmp_notify_data_rohc_attr, tvb, offset, 2+len+optlen, FALSE);
3077 proto_item_append_text(rohc_item," (t=%d,l=%d) %s",rohc, optlen, val_to_str(rohc, rohc_attr_type, "Unknown Attribute Type (%02d)") );
3078 sub_rohc_tree = proto_item_add_subtree(rohc_item, ett_isakmp_rohc_attr);
3079 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_format, tvb, offset, 2, FALSE);
3080 proto_tree_add_uint(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_type, tvb, offset, 2, rohc);
3085 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_length, tvb, offset, 2, FALSE);
3090 proto_tree_add_text(sub_rohc_tree, tvb, offset, 0,"Attribut value is empty");
3093 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_value, tvb, offset, optlen, FALSE);
3096 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_max_cid, tvb, offset, optlen, FALSE);
3099 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_profile, tvb, offset, optlen, FALSE);
3102 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_integ, tvb, offset, optlen, FALSE);
3105 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_icv_len, tvb, offset, optlen, FALSE);
3108 proto_tree_add_item(sub_rohc_tree, hf_isakmp_notify_data_rohc_attr_mrru, tvb, offset, optlen, FALSE);
3112 /* No Default Action */
3116 return 2+len+optlen;
3119 /* Returns the number of bytes consumed by this option. */
3121 dissect_transform_attribute(tvbuff_t *tvb, proto_tree *transform_attr_type_tree, int offset )
3123 guint optlen, transform_attr_type, len = 0;
3124 proto_item *transform_attr_type_item = NULL;
3125 proto_tree *sub_transform_attr_type_tree = NULL;
3127 transform_attr_type = tvb_get_ntohs(tvb, offset);
3128 optlen = tvb_get_ntohs(tvb, offset+2);
3131 /* is TV ? (Type/Value) ? */
3132 if (transform_attr_type & 0x8000) {
3133 transform_attr_type = transform_attr_type & 0x7fff;
3139 transform_attr_type_item = proto_tree_add_item(transform_attr_type_tree, hf_isakmp_tf_attr, tvb, offset, 2+len+optlen, FALSE);
3140 proto_item_append_text(transform_attr_type_item, " (t=%d,l=%d) %s",transform_attr_type, optlen, val_to_str(transform_attr_type, transform_isakmp_attr_type, "Unknown Attribute Type (%02d)") );
3141 sub_transform_attr_type_tree = proto_item_add_subtree(transform_attr_type_item, ett_isakmp_tf_attr);
3142 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_format, tvb, offset, 2, FALSE);
3143 proto_tree_add_uint(sub_transform_attr_type_tree, hf_isakmp_tf_attr_type_v1, tvb, offset, 2, transform_attr_type);
3148 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_length, tvb, offset, 2, FALSE);
3153 proto_tree_add_text(sub_transform_attr_type_tree, tvb, offset, 0,"Attribut value is empty");
3156 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_value, tvb, offset, optlen, FALSE);
3157 switch(transform_attr_type) {
3158 case ISAKMP_ATTR_LIFE_TYPE:
3159 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_life_type, tvb, offset, optlen, FALSE);
3160 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_sa_life_type, "Unknown %d"));
3162 case ISAKMP_ATTR_LIFE_DURATION:
3163 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_life_duration, tvb, offset, optlen, FALSE);
3164 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohl(tvb, offset));
3166 case ISAKMP_ATTR_GROUP_DESC:
3167 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_group_description, tvb, offset, optlen, FALSE);
3168 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_dh_group_type, "Unknown %d"));
3170 case ISAKMP_ATTR_ENCAP_MODE:
3171 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_encap_mode, tvb, offset, optlen, FALSE);
3172 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_encap_type, "Unknown %d"));
3174 case ISAKMP_ATTR_AUTH_ALGORITHM:
3175 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_auth_algorithm, tvb, offset, optlen, FALSE);
3176 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_auth_type, "Unknown %d"));
3178 case ISAKMP_ATTR_KEY_LENGTH:
3179 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_key_length, tvb, offset, optlen, FALSE);
3180 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3182 case ISAKMP_ATTR_KEY_ROUNDS:
3183 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_key_rounds, tvb, offset, optlen, FALSE);
3184 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3186 case ISAKMP_ATTR_CMPR_DICT_SIZE:
3187 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_cmpr_dict_size, tvb, offset, optlen, FALSE);
3189 case ISAKMP_ATTR_CMPR_ALGORITHM:
3190 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_cmpr_algorithm, tvb, offset, optlen, FALSE);
3192 case ISAKMP_ATTR_ECN_TUNNEL:
3193 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_ecn_tunnel, tvb, offset, optlen, FALSE);
3194 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_ecn_type, "Unknown %d"));
3196 case ISAKMP_ATTR_EXT_SEQ_NBR:
3197 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_ext_seq_nbr, tvb, offset, optlen, FALSE);
3198 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_ext_seq_nbr_type, "Unknown %d"));
3199 case ISAKMP_ATTR_AUTH_KEY_LENGTH:
3200 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_auth_key_length, tvb, offset, optlen, FALSE);
3201 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3203 case ISAKMP_ATTR_SIG_ENCO_ALGORITHM:
3204 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_tf_attr_sig_enco_algorithm, tvb, offset, optlen, FALSE);
3207 /* No Default Action */
3211 return 2+len+optlen;
3215 /* Returns the number of bytes consumed by this option. */
3217 dissect_transform_ike_attribute(tvbuff_t *tvb, proto_tree *transform_attr_type_tree, int offset
3218 #ifdef HAVE_LIBGCRYPT
3219 , decrypt_data_t *decr
3223 guint optlen, transform_attr_type, len = 0;
3224 proto_item *transform_attr_type_item = NULL;
3225 proto_tree *sub_transform_attr_type_tree = NULL;
3227 transform_attr_type = tvb_get_ntohs(tvb, offset);
3228 optlen = tvb_get_ntohs(tvb, offset+2);
3231 /* is TV ? (Type/Value) ? */
3232 if (transform_attr_type & 0x8000) {
3233 transform_attr_type = transform_attr_type & 0x7fff;
3239 transform_attr_type_item = proto_tree_add_item(transform_attr_type_tree, hf_isakmp_ike_attr, tvb, offset, 2+len+optlen, FALSE);
3240 proto_item_append_text(transform_attr_type_item," (t=%d,l=%d) %s",transform_attr_type, optlen, val_to_str(transform_attr_type,transform_ike_attr_type,"Unknown Attribute Type (%02d)") );
3241 sub_transform_attr_type_tree = proto_item_add_subtree(transform_attr_type_item, ett_isakmp_tf_ike_attr);
3242 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_format, tvb, offset, 2, FALSE);
3243 proto_tree_add_uint(sub_transform_attr_type_tree, hf_isakmp_ike_attr_type, tvb, offset, 2, transform_attr_type);
3248 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_length, tvb, offset, 2, FALSE);
3253 proto_tree_add_text(sub_transform_attr_type_tree, tvb, offset, 0,"Attribut value is empty");
3256 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_value, tvb, offset, optlen, FALSE);
3257 switch(transform_attr_type) {
3259 case IKE_ATTR_ENCRYPTION_ALGORITHM:
3260 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, optlen, FALSE);
3261 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_enc_type, "Unknown %d"));
3262 #ifdef HAVE_LIBGCRYPT
3263 decr->encr_alg = tvb_get_ntohs(tvb, offset);
3266 case IKE_ATTR_HASH_ALGORITHM:
3267 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, optlen, FALSE);
3268 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_hash_type, "Unknown %d"));
3269 #ifdef HAVE_LIBGCRYPT
3270 decr->hash_alg = tvb_get_ntohs(tvb, offset);
3273 case IKE_ATTR_AUTHENTICATION_METHOD:
3274 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, optlen, FALSE);
3275 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_authmeth_type, "Unknown %d"));
3276 #ifdef HAVE_LIBGCRYPT
3277 decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
3280 case IKE_ATTR_GROUP_DESCRIPTION:
3281 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_description, tvb, offset, optlen, FALSE);
3282 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_dh_group_type, "Unknown %d"));
3283 #ifdef HAVE_LIBGCRYPT
3284 decr->group = tvb_get_ntohs(tvb, offset);
3287 case IKE_ATTR_GROUP_TYPE:
3288 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_type, tvb, offset, optlen, FALSE);
3289 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_grp_type, "Unknown %d"));
3291 case IKE_ATTR_GROUP_PRIME:
3292 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_prime, tvb, offset, optlen, FALSE);
3294 case IKE_ATTR_GROUP_GENERATOR_ONE:
3295 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_generator_one, tvb, offset, optlen, FALSE);
3297 case IKE_ATTR_GROUP_GENERATOR_TWO:
3298 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_generator_two, tvb, offset, optlen, FALSE);
3300 case IKE_ATTR_GROUP_CURVE_A:
3301 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_curve_a, tvb, offset, optlen, FALSE);
3303 case IKE_ATTR_GROUP_CURVE_B:
3304 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_curve_b, tvb, offset, optlen, FALSE);
3306 case IKE_ATTR_LIFE_TYPE:
3307 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_life_type, tvb, offset, optlen, FALSE);
3308 proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_sa_life_type, "Unknown %d"));
3310 case IKE_ATTR_LIFE_DURATION:
3311 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_life_duration, tvb, offset, optlen, FALSE);
3312 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3315 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_prf, tvb, offset, optlen, FALSE);
3317 case IKE_ATTR_KEY_LENGTH:
3318 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_key_length, tvb, offset, optlen, FALSE);
3319 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3321 case IKE_ATTR_FIELD_SIZE:
3322 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_field_size, tvb, offset, optlen, FALSE);
3324 case IKE_ATTR_GROUP_ORDER:
3325 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_group_order, tvb, offset, optlen, FALSE);
3328 /* No Default Action */
3332 return 2+len+optlen;
3334 /* Returns the number of bytes consumed by this option. */
3336 dissect_transform_ike2_attribute(tvbuff_t *tvb, proto_tree *transform_attr_type_tree, int offset )
3338 guint optlen, transform_attr_type, len = 0;
3339 proto_item *transform_attr_type_item = NULL;
3340 proto_tree *sub_transform_attr_type_tree = NULL;
3342 transform_attr_type = tvb_get_ntohs(tvb, offset);
3343 optlen = tvb_get_ntohs(tvb, offset+2);
3346 /* is TV ? (Type/Value) ? */
3347 if (transform_attr_type & 0x8000) {
3348 transform_attr_type = transform_attr_type & 0x7fff;
3354 transform_attr_type_item = proto_tree_add_item(transform_attr_type_tree, hf_isakmp_ike2_attr, tvb, offset, 2+len+optlen, FALSE);
3355 proto_item_append_text(transform_attr_type_item," (t=%d,l=%d) %s",transform_attr_type, optlen, val_to_str(transform_attr_type,transform_ike2_attr_type,"Unknown Attribute Type (%02d)") );
3356 sub_transform_attr_type_tree = proto_item_add_subtree(transform_attr_type_item, ett_isakmp_tf_ike2_attr);
3357 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_format, tvb, offset, 2, FALSE);
3358 proto_tree_add_uint(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_type, tvb, offset, 2, transform_attr_type);
3363 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_length, tvb, offset, 2, FALSE);
3368 proto_tree_add_text(sub_transform_attr_type_tree, tvb, offset, 0,"Attribut value is empty");
3371 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_value, tvb, offset, optlen, FALSE);
3372 switch(transform_attr_type) {
3373 case IKE2_ATTR_KEY_LENGTH:
3374 proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike2_attr_key_length, tvb, offset, optlen, FALSE);
3375 proto_item_append_text(transform_attr_type_item," : %d", tvb_get_ntohs(tvb, offset));
3379 /* No Default Action */
3383 return 2+len+optlen;
3386 dissect_transform(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo
3387 #ifndef HAVE_LIBGCRYPT
3390 , int isakmp_version, int protocol_id )
3392 if (isakmp_version == 1)
3394 guint8 transform_id;
3395 guint8 transform_num;
3396 #ifdef HAVE_LIBGCRYPT
3397 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
3398 #endif /* HAVE_LIBGCRYPT */
3400 offset_end = offset + length;
3402 transform_num = tvb_get_guint8(tvb, offset);
3403 proto_item_append_text(tree," # %d",transform_num);
3405 proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, FALSE);
3408 transform_id = tvb_get_guint8(tvb, offset);
3409 switch (protocol_id) {
3410 case 1: /* ISAKMP */
3411 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
3412 transform_id, "Transform ID: %s (%u)",
3413 val_to_str(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
3416 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
3417 transform_id, "Transform ID: %s (%u)",
3418 val_to_str(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
3421 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
3422 transform_id, "Transform ID: %s (%u)",
3423 val_to_str(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
3425 case 4: /* IPCOMP */
3426 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
3427 transform_id, "Transform ID: %s (%u)",
3428 val_to_str(transform_id, transform_id_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
3431 proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, FALSE);
3436 if (protocol_id == 1 && transform_id == 1) {
3437 while (offset < offset_end) {
3438 offset += dissect_transform_ike_attribute(tvb, tree, offset
3439 #ifdef HAVE_LIBGCRYPT
3446 while (offset < offset_end) {
3447 offset += dissect_transform_attribute(tvb, tree, offset);
3451 else if(isakmp_version == 2)
3453 guint8 transform_type;
3455 offset_end = offset + length;
3457 transform_type = tvb_get_guint8(tvb, offset);
3458 proto_tree_add_item(tree, hf_isakmp_trans_type, tvb, offset, 1, FALSE);
3461 offset += 1; /* Reserved */
3463 switch(transform_type){
3465 proto_tree_add_item(tree, hf_isakmp_trans_encr, tvb, offset, 2, FALSE);
3468 proto_tree_add_item(tree, hf_isakmp_trans_prf, tvb, offset, 2, FALSE);
3471 proto_tree_add_item(tree, hf_isakmp_trans_integ, tvb, offset, 2, FALSE);
3474 proto_tree_add_item(tree, hf_isakmp_trans_dh, tvb, offset, 2, FALSE);
3477 proto_tree_add_item(tree, hf_isakmp_trans_esn, tvb, offset, 2, FALSE);
3480 proto_tree_add_item(tree, hf_isakmp_trans_id_v2, tvb, offset, 2, FALSE);
3485 while (offset < offset_end) {
3486 offset += dissect_transform_ike2_attribute(tvb, tree, offset);
3492 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo
3493 #ifndef HAVE_LIBGCRYPT
3498 #ifdef HAVE_LIBGCRYPT
3499 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
3500 #endif /* HAVE_LIBGCRYPT */
3502 if (isakmp_version == 2) {
3503 proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, FALSE);
3508 proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, FALSE);
3510 #ifdef HAVE_LIBGCRYPT
3511 if (decr && decr->gi_len == 0 && ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
3512 decr->gi = g_malloc(length);
3513 tvb_memcpy(tvb, decr->gi, offset, length);
3514 decr->gi_len = length;
3515 } else if (decr && decr->gr_len == 0 && !ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
3516 decr->gr = g_malloc(length);
3517 tvb_memcpy(tvb, decr->gr, offset, length);
3518 decr->gr_len = length;
3520 #endif /* HAVE_LIBGCRYPT */
3524 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
3531 asn1_ctx_t asn1_ctx;
3532 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3534 id_type = tvb_get_guint8(tvb, offset);
3535 if (isakmp_version == 1)
3537 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, FALSE);
3538 }else if (isakmp_version == 2)
3540 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, FALSE);
3545 protocol_id= tvb_get_guint8(tvb, offset);
3546 if (protocol_id == 0)
3547 proto_tree_add_uint_format(tree, hf_isakmp_id_protoid, tvb, offset,1,
3548 protocol_id, "Protocol ID: Unused");
3550 proto_tree_add_item(tree, hf_isakmp_id_protoid, tvb, offset, 1, FALSE);
3555 port = tvb_get_ntohs(tvb, offset);
3557 proto_tree_add_uint_format(tree, hf_isakmp_id_port, tvb, offset, 2,
3558 port, "Port: Unused");
3560 proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, FALSE);
3567 * It shows strings of all types though some of types are not
3568 * supported in IKEv2 specification actually.
3570 idit = proto_tree_add_item(tree, hf_isakmp_id_data, tvb, offset, length, FALSE);
3571 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
3573 case IKE_ID_IPV4_ADDR:
3574 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, FALSE);
3575 proto_item_append_text(idit, "%s", tvb_ip_to_str(tvb, offset));
3578 proto_tree_add_item(idtree, hf_isakmp_id_data_fqdn, tvb, offset, length, FALSE);
3579 proto_item_append_text(idit, "%s", tvb_get_ephemeral_string(tvb, offset,length));
3581 case IKE_ID_USER_FQDN:
3582 proto_tree_add_item(idtree, hf_isakmp_id_data_user_fqdn, tvb, offset, length, FALSE);
3583 proto_item_append_text(idit, "%s", tvb_get_ephemeral_string(tvb, offset,length));
3585 case IKE_ID_IPV4_ADDR_SUBNET:
3586 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, FALSE);
3587 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_subnet, tvb, offset+4, 4, FALSE);
3588 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(tvb, offset), tvb_ip_to_str(tvb, offset+4));
3590 case IKE_ID_IPV4_ADDR_RANGE:
3591 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_start, tvb, offset, 4, FALSE);
3592 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_end, tvb, offset+4, 4, FALSE);
3593 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(tvb, offset), tvb_ip_to_str(tvb, offset+4));
3595 case IKE_ID_IPV6_ADDR:
3596 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, FALSE);
3597 proto_item_append_text(idit, "%s", tvb_ip6_to_str(tvb, offset));
3599 case IKE_ID_IPV6_ADDR_SUBNET:
3600 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, FALSE);
3601 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_subnet, tvb, offset+16, 16, FALSE);
3602 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(tvb, offset), tvb_ip6_to_str(tvb, offset+16));
3604 case IKE_ID_IPV6_ADDR_RANGE:
3605 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_start, tvb, offset, 16, FALSE);
3606 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_end, tvb, offset+16, 16, FALSE);
3607 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(tvb, offset), tvb_ip6_to_str(tvb, offset+16));
3610 proto_tree_add_item(idtree, hf_isakmp_id_data_key_id, tvb, offset, length, FALSE);
3612 case IKE_ID_DER_ASN1_DN:
3613 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_id_data_cert);
3616 proto_item_append_text(idit, "%s", tvb_bytes_to_str(tvb,offset,length));
3622 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
3624 asn1_ctx_t asn1_ctx;
3625 asn1_ctx_init(&asn1_ctx, ASN1_ENC_PER, TRUE, pinfo);
3627 if (isakmp_version == 1)
3629 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v1, tvb, offset, 1, FALSE);
3630 }else if (isakmp_version == 2)
3632 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v2, tvb, offset, 1, FALSE);
3638 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
3642 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
3645 asn1_ctx_t asn1_ctx;
3646 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3647 cert_type = tvb_get_guint8(tvb, offset);
3649 if (isakmp_version == 1)
3651 proto_tree_add_item(tree, hf_isakmp_certreq_type_v1, tvb, offset, 1, FALSE);
3652 }else if (isakmp_version == 2)
3654 proto_tree_add_item(tree, hf_isakmp_certreq_type_v2, tvb, offset, 1, FALSE);
3660 if (isakmp_version == 1)
3664 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_certreq_authority_sig);
3667 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v1, tvb, offset, length, FALSE);
3670 }else if (isakmp_version == 2)
3672 /* this is a list of 20 byte SHA-1 hashes */
3673 while (length > 0) {
3674 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v2, tvb, offset, 20, FALSE);
3685 dissect_auth(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
3688 proto_tree_add_item(tree, hf_isakmp_auth_meth, tvb, offset, 1, FALSE);
3693 proto_tree_add_item(tree, hf_isakmp_auth_data, tvb, offset, length, FALSE);
3698 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
3700 proto_tree_add_item(ntree, hf_isakmp_hash, tvb, offset, length, FALSE);
3703 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
3705 proto_tree_add_item(ntree, hf_isakmp_sig, tvb, offset, length, FALSE);
3708 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
3710 proto_tree_add_item(ntree, hf_isakmp_nonce, tvb, offset, length, FALSE);
3713 dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
3716 guint8 seq; /* Packet sequence number, starting from 1 */
3718 proto_tree *ptree = NULL;
3719 ptree = proto_tree_get_parent(tree);
3723 proto_tree_add_item(tree, hf_isakmp_cisco_frag_packetid, tvb, offset, 2, FALSE);
3725 seq = tvb_get_guint8(tvb, offset);
3726 proto_tree_add_item(tree, hf_isakmp_cisco_frag_seq, tvb, offset, 1, FALSE);
3728 last = tvb_get_guint8(tvb, offset);
3729 proto_tree_add_item(tree, hf_isakmp_cisco_frag_last, tvb, offset, 1, FALSE);
3733 /* Start Reassembly stuff for Cisco IKE fragmentation */
3735 gboolean save_fragmented;
3736 tvbuff_t *defrag_isakmp_tvb = NULL;
3737 fragment_data *frag_msg = NULL;
3739 save_fragmented = pinfo->fragmented;
3740 pinfo->fragmented = TRUE;
3741 frag_msg = fragment_add_seq_check(tvb, offset, pinfo,
3742 12345, /*FIXME: Fragmented packet id, guint16, somehow get CKY here */
3743 isakmp_fragment_table, /* list of message fragments */
3744 isakmp_reassembled_table, /* list of reassembled messages */
3745 seq-1, /* fragment sequence number, starting from 0 */
3746 tvb_length_remaining(tvb, offset), /* fragment length - to the end */
3747 last); /* More fragments? */
3748 defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
3749 "Reassembled ISAKMP", frag_msg, &isakmp_frag_items,
3752 if (defrag_isakmp_tvb) { /* take it all */
3753 dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree);
3755 if (check_col(pinfo->cinfo, COL_INFO))
3756 col_append_fstr(pinfo->cinfo, COL_INFO,
3757 " (%sMessage fragment %u%s)",
3758 (frag_msg ? "Reassembled + " : ""),
3759 seq, (last ? " - last" : ""));
3760 pinfo->fragmented = save_fragmented;
3762 /* End Reassembly stuff for Cisco IKE fragmentation */
3766 dissect_notif(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
3772 offset_end = offset + length;
3774 if (isakmp_version == 1) {
3776 proto_tree_add_item(tree, hf_isakmp_notify_doi, tvb, offset, 1, FALSE);
3781 if (isakmp_version == 1)
3783 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v1, tvb, offset, 1, FALSE);
3784 }else if (isakmp_version == 2)
3786 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v2, tvb, offset, 1, FALSE);
3791 spi_size = tvb_get_guint8(tvb, offset);
3792 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
3796 msgtype = tvb_get_ntohs(tvb, offset);
3798 if (isakmp_version == 1)
3800 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v1, tvb, offset, 2, FALSE);
3801 }else if (isakmp_version == 2)
3803 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, FALSE);
3809 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, FALSE);
3814 /* Notification Data */
3816 proto_tree_add_item(tree, hf_isakmp_notify_data, tvb, offset, length, FALSE);
3818 if (isakmp_version == 1)
3821 case 36136: /* DPD ARE YOU THERE */
3822 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there, tvb, offset, length, FALSE);
3824 case 36137: /* DPD ARE YOU THERE ACK */
3825 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there_ack, tvb, offset, length, FALSE);
3827 case 40501: /* UNITY Load Balance */
3828 proto_tree_add_item(tree, hf_isakmp_notify_data_unity_load_balance, tvb, offset, length, FALSE);
3831 /* No Default Action */
3835 } else if (isakmp_version == 2)
3838 case 16387: /* IPCOMP_SUPPORTED */
3839 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_cpi, tvb, offset, 2, FALSE);
3840 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_transform_id, tvb, offset+2, 1, FALSE);
3842 case 16407: /* REDIRECT */
3843 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, FALSE);
3844 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, FALSE);
3845 switch(tvb_get_guint8(tvb,offset)){ /* Ident Type ? */
3847 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4, tvb, offset+2, 4, FALSE);
3850 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6, tvb, offset+2, 16, FALSE);
3853 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn, tvb, offset+2, tvb_get_guint8(tvb,offset+1), FALSE);
3856 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident, tvb, offset+2, tvb_get_guint8(tvb,offset+1), FALSE);
3859 length -= tvb_get_guint8(tvb,offset+1)-2;
3860 offset += tvb_get_guint8(tvb,offset+1)+2;
3863 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_nonce_data, tvb, offset, length, FALSE);
3866 case 16408: /* REDIRECT_FROM */
3867 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, FALSE);
3868 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, FALSE);
3869 switch(tvb_get_guint8(tvb,offset)){ /* Ident Type ? */
3871 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4, tvb, offset+2, 4, FALSE);
3874 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6, tvb, offset+2, 16, FALSE);
3877 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident, tvb, offset+2, tvb_get_guint8(tvb,offset+1), FALSE);
3880 length -= tvb_get_guint8(tvb,offset+1)-2;
3881 offset += tvb_get_guint8(tvb,offset+1)+2;
3883 case 16409: /* TICKET_LT_OPAQUE */
3884 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_lifetime, tvb, offset, 4, FALSE);
3887 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, FALSE);
3889 case 16413: /* TICKET_OPAQUE */
3890 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, FALSE);
3892 case 16416: /* ROHC_SUPPORTED */
3893 while (offset < offset_end) {
3894 offset += dissect_rohc_supported(tvb, tree, offset);
3898 /* No Default Action */
3906 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
3910 if (isakmp_version == 1) {
3912 proto_tree_add_item(tree, hf_isakmp_delete_doi, tvb, offset, 1, FALSE);
3918 if (isakmp_version == 1)
3920 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v1, tvb, offset, 1, FALSE);
3921 }else if (isakmp_version == 2)
3923 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v2, tvb, offset, 1, FALSE);
3929 spi_size = tvb_get_guint8(tvb, offset);
3930 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
3934 proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, FALSE);
3939 while (length > 0) {
3940 proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, FALSE);
3948 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
3950 const guint8 * pVID;
3951 const char * vendorstring;
3953 pVID = tvb_get_ptr(tvb, offset, length);
3955 vendorstring = byte_to_str(pVID, (gint)length, vendor_id, "Unknown Vendor ID");
3956 proto_tree_add_item(tree, hf_isakmp_vid_bytes, tvb, offset, length, FALSE);
3957 proto_tree_add_string(tree, hf_isakmp_vid_string, tvb, offset, length, vendorstring);
3958 proto_item_append_text(tree," : %s", vendorstring);
3960 /* Check Point VID */
3961 if (length >= 20 && memcmp(pVID, VID_CP, 20) == 0)
3964 proto_tree_add_item(tree, hf_isakmp_vid_cp_product, tvb, offset, 4, FALSE);
3966 proto_tree_add_item(tree, hf_isakmp_vid_cp_version, tvb, offset, 4, FALSE);
3968 proto_tree_add_item(tree, hf_isakmp_vid_cp_timestamp, tvb, offset, 4, FALSE);
3970 proto_tree_add_item(tree, hf_isakmp_vid_cp_reserved, tvb, offset, 4, FALSE);
3972 proto_tree_add_item(tree, hf_isakmp_vid_cp_features, tvb, offset, 4, FALSE);
3976 /* Cisco Unity VID */
3977 if (length >= 14 && memcmp(pVID, VID_CISCO_UNITY, 14) == 0)
3980 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_major, tvb, offset, 1, FALSE);
3981 proto_item_append_text(tree, " %u", tvb_get_guint8(tvb,offset));
3983 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_minor, tvb, offset, 1, FALSE);
3984 proto_item_append_text(tree, ".%u", tvb_get_guint8(tvb,offset));
3988 /* VID_MS_NT5_ISAKMPOAKLEY */
3989 if (length >= 16 && memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, 16) == 0)
3992 proto_tree_add_item(tree, hf_isakmp_vid_ms_nt5_isakmpoakley, tvb, offset, 4, FALSE);
3996 /* VID_ARUBA_VIA_AUTH_PROFILE */
3997 if (length >= 19 && memcmp(pVID, VID_ARUBA_VIA_AUTH_PROFILE, 19) == 0)
4000 proto_tree_add_item(tree, hf_isakmp_vid_aruba_via_auth_profile, tvb, offset, length-19, FALSE);
4004 /* Returns the number of bytes consumed by this option. */
4006 dissect_config_attribute(tvbuff_t *tvb, proto_tree *cfg_attr_type_tree, int offset, int isakmp_version)
4008 guint optlen, cfg_attr_type, len = 0;
4010 proto_item *cfg_attr_type_item = NULL;
4011 proto_tree *sub_cfg_attr_type_tree = NULL;
4013 cfg_attr_type = tvb_get_ntohs(tvb, offset);
4014 optlen = tvb_get_ntohs(tvb, offset+2);
4018 if (cfg_attr_type & 0x8000) {
4019 cfg_attr_type = cfg_attr_type & 0x7fff;
4024 if (isakmp_version == 1) {
4026 cfg_attr_type_item = proto_tree_add_none_format(cfg_attr_type_tree, hf_isakmp_cfg_attr, tvb, offset, 2+len+optlen, "Attribute Type: (t=%d,l=%d) %s", cfg_attr_type, optlen, rval_to_str(cfg_attr_type,vs_v1_cfgattr,"Unknown Attribute Type (%02d)") );
4027 sub_cfg_attr_type_tree = proto_item_add_subtree(cfg_attr_type_item, ett_isakmp_cfg_attr);
4028 proto_tree_add_uint(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_type_v1, tvb, offset, 2, cfg_attr_type);
4029 } else if (isakmp_version == 2) {
4030 cfg_attr_type_item = proto_tree_add_none_format(cfg_attr_type_tree, hf_isakmp_cfg_attr, tvb, offset, 2+len+optlen, "Attribute Type: (t=%d,l=%d) %s", cfg_attr_type, optlen, rval_to_str(cfg_attr_type,vs_v2_cfgattr,"Unknown Attribute Type (%02d)") );
4031 sub_cfg_attr_type_tree = proto_item_add_subtree(cfg_attr_type_item, ett_isakmp_cfg_attr);
4032 proto_tree_add_uint(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_type_v2, tvb, offset, 2, cfg_attr_type);
4034 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_format, tvb, offset, 2, FALSE);
4038 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_length, tvb, offset, 2, FALSE);
4043 proto_tree_add_text(sub_cfg_attr_type_tree, tvb, offset, 0,"Attribut value is empty");
4046 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_value, tvb, offset, optlen, FALSE);
4047 switch (cfg_attr_type) {
4048 case INTERNAL_IP4_ADDRESS: /* 1 */
4049 offset_end = offset + optlen;
4053 while (offset_end-offset > 0)
4055 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_address, tvb, offset, 4, FALSE);
4061 case INTERNAL_IP4_NETMASK: /* 2 */
4062 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_netmask, tvb, offset, 4, FALSE);
4064 case INTERNAL_IP4_DNS: /* 3 */
4065 offset_end = offset + optlen;
4069 while (offset_end-offset > 0)
4071 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_dns, tvb, offset, 4, FALSE);
4077 case INTERNAL_IP4_NBNS: /* 4 */
4078 offset_end = offset + optlen;
4082 while (offset_end-offset > 0)
4084 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_nbns, tvb, offset, 4, FALSE);
4090 case INTERNAL_ADDRESS_EXPIRY: /* 5 */
4091 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_address_expiry, tvb, offset, 4, FALSE);
4093 case INTERNAL_IP4_DHCP: /* 6 */
4094 offset_end = offset + optlen;
4098 while (offset_end-offset > 0)
4100 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_dhcp, tvb, offset, 4, FALSE);
4106 case APPLICATION_VERSION: /* 7 */
4107 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_application_version, tvb, offset, optlen, FALSE);
4108 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4110 case INTERNAL_IP6_ADDRESS: /* 8 */
4111 offset_end = offset + optlen;
4115 while (offset_end-offset > 0)
4117 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_address, tvb, offset, 16, FALSE);
4123 case INTERNAL_IP6_NETMASK: /* 9 Only in IKEv1 */
4124 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_netmask, tvb, offset, 18, FALSE);
4126 case INTERNAL_IP6_DNS: /* 10 */
4127 offset_end = offset + optlen;
4131 while (offset_end-offset > 0)
4133 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_dns, tvb, offset, 16, FALSE);
4139 case INTERNAL_IP6_NBNS: /* 11 */
4140 offset_end = offset + optlen;
4144 while (offset_end-offset > 0)
4146 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_nbns, tvb, offset, 16, FALSE);
4152 case INTERNAL_IP6_DHCP: /* 12 */
4153 offset_end = offset + optlen;
4157 while (offset_end-offset > 0)
4159 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_dhcp, tvb, offset, 16, FALSE);
4165 case INTERNAL_IP4_SUBNET: /* 13 */
4166 offset_end = offset + optlen;
4170 while (offset_end-offset > 0)
4172 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_ip, tvb, offset, 4, FALSE);
4173 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_netmask, tvb, offset, 4, FALSE);
4179 case SUPPORTED_ATTRIBUTES: /* 14 */
4180 offset_end = offset + optlen;
4184 while (offset_end-offset > 0)
4186 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_supported_attributes, tvb, offset, 2, FALSE);
4192 case INTERNAL_IP6_SUBNET: /* 15 */
4193 offset_end = offset + optlen;
4197 while (offset_end-offset > 0)
4199 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_ip, tvb, offset, 16, FALSE);
4201 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_prefix, tvb, offset, 1, FALSE);
4207 case INTERNAL_IP6_LINK: /* 17 */
4208 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_link_interface, tvb, offset, 8, FALSE);
4210 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_link_id, tvb, offset, optlen-8, FALSE);
4213 case INTERNAL_IP6_PREFIX: /* 18 */
4214 offset_end = offset + optlen;
4218 while (offset_end-offset > 0)
4220 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_ip, tvb, offset, 16, FALSE);
4222 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_length, tvb, offset, 1, FALSE);
4228 case XAUTH_TYPE: /* 16520 */
4229 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_type, tvb, offset, optlen, FALSE);
4230 proto_item_append_text(cfg_attr_type_item," : %s", rval_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_type, "Unknown %d"));
4232 case XAUTH_USER_NAME: /* 16521 */
4233 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_user_name, tvb, offset, optlen, FALSE);
4234 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4236 case XAUTH_USER_PASSWORD: /* 16522 */
4237 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_user_password, tvb, offset, optlen, FALSE);
4238 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4240 case XAUTH_PASSCODE: /* 16523 */
4241 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_passcode, tvb, offset, optlen, FALSE);
4242 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4244 case XAUTH_MESSAGE: /* 16524 */
4245 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_message, tvb, offset, optlen, FALSE);
4246 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4248 case XAUTH_CHALLENGE: /* 16525 */
4249 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_challenge, tvb, offset, optlen, FALSE);
4250 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4252 case XAUTH_DOMAIN: /* 16526 */
4253 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_domain, tvb, offset, optlen, FALSE);
4254 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4256 case XAUTH_STATUS: /* 16527 */
4257 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_status, tvb, offset, optlen, FALSE);
4258 proto_item_append_text(cfg_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_status, "Unknown %d"));
4260 case XAUTH_NEXT_PIN: /* 16528 */
4261 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_next_pin, tvb, offset, optlen, FALSE);
4262 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4264 case XAUTH_ANSWER: /* 16527 */
4265 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_xauth_answer, tvb, offset, optlen, FALSE);
4266 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4269 case UNITY_BANNER: /* 28672 */
4270 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_unity_banner, tvb, offset, optlen, FALSE);
4271 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4273 case UNITY_DEF_DOMAIN: /* 28674 */
4274 proto_tree_add_item(sub_cfg_attr_type_tree, hf_isakmp_cfg_attr_unity_def_domain, tvb, offset, optlen, FALSE);
4275 proto_item_append_text(cfg_attr_type_item," : %s", tvb_get_ephemeral_string(tvb, offset,optlen));
4277 /* TODO: Support other UNITY Attributs ! */
4279 /* No Default Action */
4283 return 2+len+optlen;
4286 dissect_config(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
4289 offset_end = offset + length;
4290 if (isakmp_version == 1) {
4292 proto_tree_add_item(tree, hf_isakmp_cfg_type_v1,tvb, offset, 1, FALSE);
4295 proto_tree_add_item(tree, hf_isakmp_cfg_identifier,tvb, offset, 1, FALSE);
4298 } else if (isakmp_version == 2) {
4300 proto_tree_add_item(tree, hf_isakmp_cfg_type_v2,tvb, offset, 1, FALSE);
4305 while (offset < offset_end) {
4306 offset += dissect_config_attribute(tvb, tree, offset, isakmp_version);
4311 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree )
4313 proto_tree_add_item(tree, hf_isakmp_nat_hash, tvb, offset, length, FALSE);
4317 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
4321 id_type = tvb_get_guint8(tvb, offset);
4322 if (isakmp_version == 1)
4324 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, FALSE);
4325 }else if (isakmp_version == 2)
4327 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, FALSE);
4332 offset += 3; /* reserved */
4336 case IKE_ID_IPV4_ADDR:
4337 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv4, tvb, offset, 4, FALSE);
4340 case IKE_ID_IPV6_ADDR:
4341 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv6, tvb, offset, 16, FALSE);
4350 dissect_ts(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
4352 guint8 num, tstype, protocol_id;
4354 num = tvb_get_guint8(tvb, offset);
4355 proto_item_append_text(tree," # %d", num);
4356 proto_tree_add_item(tree, hf_isakmp_ts_number_of_ts, tvb, offset, 1, FALSE);
4361 offset += 3; /* Reserved */
4364 while (length > 0) {
4365 tstype = tvb_get_guint8(tvb, offset);
4366 proto_tree_add_item(tree, hf_isakmp_ts_type, tvb, offset, 1, FALSE);
4371 case IKEV2_TS_IPV4_ADDR_RANGE:
4372 protocol_id = tvb_get_guint8(tvb, offset);
4373 if (protocol_id == 0)
4374 proto_tree_add_uint_format(tree, hf_isakmp_ts_protoid, tvb, offset,1,
4375 protocol_id, "Protocol ID: Unused");
4377 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, FALSE);
4381 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, FALSE);
4385 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, FALSE);
4389 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, FALSE);
4393 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv4, tvb, offset, 4, FALSE);
4396 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv4, tvb, offset, 4, FALSE);
4400 case IKEV2_TS_IPV6_ADDR_RANGE:
4401 protocol_id = tvb_get_guint8(tvb, offset);
4402 if (protocol_id == 0)
4403 proto_tree_add_uint_format(tree, hf_isakmp_ts_protoid, tvb, offset,1,
4404 protocol_id, "Protocol ID: Unused");
4406 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, FALSE);
4410 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, FALSE);
4414 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, FALSE);
4418 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, FALSE);
4422 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv6, tvb, offset, 16, FALSE);
4426 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv6, tvb, offset, 16, FALSE);
4430 case IKEV2_TS_FC_ADDR_RANGE:
4432 offset += 1; /* Reserved */
4435 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, FALSE);
4439 offset += 1; /* Reserved */
4442 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_fc, tvb, offset, 3, FALSE);
4446 offset += 1; /* Reserved */
4449 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_fc, tvb, offset, 3, FALSE);
4453 proto_tree_add_item(tree, hf_isakmp_ts_start_r_ctl, tvb, offset, 1, FALSE);
4457 proto_tree_add_item(tree, hf_isakmp_ts_end_r_ctl, tvb, offset, 1, FALSE);
4461 proto_tree_add_item(tree, hf_isakmp_ts_start_type, tvb, offset, 1, FALSE);
4465 proto_tree_add_item(tree, hf_isakmp_ts_end_type, tvb, offset, 1, FALSE);
4470 proto_tree_add_item(tree, hf_isakmp_ts_data, tvb, offset, length, FALSE);
4480 dissect_enc(tvbuff_t *tvb,
4484 #ifdef HAVE_LIBGCRYPT
4486 guint8 inner_payload)
4488 packet_info *pinfo _U_,
4489 guint8 inner_payload _U_)
4492 #ifdef HAVE_LIBGCRYPT
4493 ikev2_decrypt_data_t *key_info = NULL;
4494 gint iv_len, encr_data_len, icd_len, encr_key_len, decr_data_len, md_len;
4496 guchar *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL;
4497 gcry_cipher_hd_t cipher_hd;
4499 gcry_error_t err = 0;
4500 proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL, *iv_item = NULL;
4501 tvbuff_t *decr_tvb = NULL;
4503 proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
4505 if (pinfo->private_data) {
4506 key_info = (ikev2_decrypt_data_t*)(pinfo->private_data);
4507 encr_key_len = key_info->encr_spec->key_len;
4508 iv_len = key_info->encr_spec->iv_len;
4509 icd_len = key_info->auth_spec->trunc_len;
4510 encr_data_len = length - iv_len - icd_len;
4512 * Zero or negative length of encrypted data shows that the user specified
4513 * wrong encryption algorithm and/or authentication algorithm.
4515 if (encr_data_len <= 0) {
4516 item = proto_tree_add_text(tree, tvb, offset, length, "Not enough data for IV, Encrypted data and ICD.");
4517 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload");
4518 PROTO_ITEM_SET_GENERATED(item);
4523 * Add the IV to the tree and store it in a packet scope buffer for later decryption
4524 * if the specified encryption algorithm uses IV.
4527 iv_item = proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, FALSE);
4528 proto_item_append_text(iv_item, " (%d bytes)", iv_len);
4529 iv = ep_tvb_memdup(tvb, offset, iv_len);
4535 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
4537 encr_data_item = proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, encr_data_len, FALSE);
4538 proto_item_append_text(encr_data_item, " (%d bytes)",encr_data_len);
4539 encr_data = ep_tvb_memdup(tvb, offset, encr_data_len);
4540 offset += encr_data_len;
4543 * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
4544 * the ICD be displayed even if the decryption fails.
4547 icd_item = proto_tree_add_item(tree, hf_isakmp_enc_icd, tvb, offset, icd_len, FALSE);
4548 proto_item_append_text(icd_item, " (%d bytes)",icd_len);
4551 * Recalculate ICD value if the specified authentication algorithm allows it.
4553 if (key_info->auth_spec->gcry_alg) {
4554 err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
4556 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
4557 key_info->auth_spec->gcry_alg, gcry_strerror(err)));
4559 err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len);
4561 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
4562 gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err)));
4565 /* Calculate hash over the bytes from the beginning of the ISAKMP header to the right before the ICD. */
4566 entire_message = ep_tvb_memdup(tvb, 0, offset);
4567 gcry_md_write(md_hd, entire_message, offset);
4568 md = gcry_md_read(md_hd, 0);
4569 md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg);
4570 if (md_len < icd_len) {
4571 gcry_md_close(md_hd);
4572 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
4573 gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len));
4575 if (tvb_memeql(tvb, offset, md, icd_len) == 0) {
4576 proto_item_append_text(icd_item, "[correct]");
4578 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(md, icd_len));
4579 expert_add_info_format(pinfo, icd_item, PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect");
4581 gcry_md_close(md_hd);
4583 proto_item_append_text(icd_item, "[not validated]");
4589 * Confirm encrypted data length is multiple of block size.
4591 if (encr_data_len % key_info->encr_spec->block_len != 0) {
4592 proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
4593 key_info->encr_spec->block_len);
4594 expert_add_info_format(pinfo, encr_data_item, PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size");
4599 * Allocate buffer for decrypted data.
4601 decr_data = (guchar*)g_malloc(encr_data_len);
4602 decr_data_len = encr_data_len;
4605 * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
4606 * And otherwise perform decryption with libgcrypt.
4608 if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
4609 memcpy(decr_data, encr_data, decr_data_len);
4611 err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0);
4614 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
4615 key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err)));
4617 err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, key_info->encr_spec->key_len);
4620 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
4621 key_info->encr_spec->gcry_alg, key_info->encr_spec->key_len, gcry_strerror(err)));
4623 err = gcry_cipher_setiv(cipher_hd, iv, iv_len);
4626 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv failed: %s",
4627 key_info->encr_spec->gcry_alg, iv_len, gcry_strerror(err)));
4629 err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
4632 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
4633 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
4635 gcry_cipher_close(cipher_hd);
4638 decr_tvb = tvb_new_real_data(decr_data, decr_data_len, decr_data_len);
4639 tvb_set_free_cb(decr_tvb, g_free);
4640 tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
4641 add_new_data_source(pinfo, decr_tvb, "Decrypted Data");
4642 item = proto_tree_add_item(tree, hf_isakmp_enc_decrypted_data, decr_tvb, 0, decr_data_len, FALSE);
4643 proto_item_append_text(item, " (%d byte%s)", decr_data_len, plurality(decr_data_len, "", "s"));
4645 /* Move the ICD item to the bottom of the tree. */
4647 proto_tree_move_item(tree, item, icd_item);
4649 decr_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_data);
4651 pad_len = tvb_get_guint8(decr_tvb, decr_data_len - 1);
4652 payloads_len = decr_data_len - 1 - pad_len;
4654 if (payloads_len > 0) {
4655 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_contained_data, decr_tvb, 0, payloads_len, FALSE);
4656 proto_item_append_text(item, " (%d byte%s)", payloads_len, plurality(payloads_len, "", "s"));
4657 decr_payloads_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_payloads);
4660 padlen_item = proto_tree_add_item(decr_tree, hf_isakmp_enc_pad_length, decr_tvb, payloads_len + pad_len, 1, FALSE);
4662 if (payloads_len < 0) {
4663 proto_item_append_text(padlen_item, " [too long]");
4664 expert_add_info_format(pinfo, padlen_item, PI_MALFORMED, PI_WARN, "Pad length is too big");
4666 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_padding, decr_tvb, payloads_len, pad_len, FALSE);
4667 proto_item_append_text(item, " (%d byte%s)", pad_len, plurality(pad_len, "", "s"));
4668 proto_tree_move_item(decr_tree, item, padlen_item);
4673 * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
4674 * even if the dissection fails. This may occur when the user specify wrong encryption key.
4676 if (decr_payloads_tree) {
4677 dissect_payloads(decr_tvb, decr_payloads_tree, decr_tree, 2, inner_payload, 0, payloads_len, pinfo);
4680 #endif /* HAVE_LIBGCRYPT */
4681 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, FALSE);
4682 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, FALSE);
4683 #ifdef HAVE_LIBGCRYPT
4685 #endif /* HAVE_LIBGCRYPT */
4689 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
4691 tvbuff_t *eap_tvb = NULL;
4693 eap_tvb = tvb_new_subset(tvb, offset,length, length );
4694 if ((eap_tvb != NULL)&& eap_handle != NULL){
4695 call_dissector(eap_handle, eap_tvb, pinfo, tree);
4697 proto_tree_add_item(tree, hf_isakmp_eap_data, tvb, offset, length, FALSE);
4703 * Protocol initialization
4706 #ifdef HAVE_LIBGCRYPT
4708 isakmp_hash_func(gconstpointer c) {
4709 const guint8 *i_cookie = (guint8 *) c;
4710 guint val = 0, keychunk, i;
4712 /* XOR our icookie down to the size of a guint */
4713 for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % sizeof(keychunk)); i += sizeof(keychunk)) {
4714 memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
4722 isakmp_equal_func(gconstpointer ic1, gconstpointer ic2) {
4724 if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
4730 static guint ikev2_key_hash_func(gconstpointer k) {
4731 const ikev2_uat_data_key_t *key = (const ikev2_uat_data_key_t*)k;
4732 guint hash = 0, keychunk, i;
4734 /* XOR our icookie down to the size of a guint */
4735 for (i = 0; i < key->spii_len - (key->spii_len % sizeof(keychunk)); i += sizeof(keychunk)) {
4736 memcpy(&keychunk, &key->spii[i], sizeof(keychunk));
4739 for (i = 0; i < key->spir_len - (key->spir_len % sizeof(keychunk)); i += sizeof(keychunk)) {
4740 memcpy(&keychunk, &key->spir[i], sizeof(keychunk));
4747 static gint ikev2_key_equal_func(gconstpointer k1, gconstpointer k2) {
4748 const ikev2_uat_data_key_t *key1 = k1, *key2 = k2;
4749 if (key1->spii_len != key2->spii_len) return 0;
4750 if (key1->spir_len != key2->spir_len) return 0;
4751 if (memcmp(key1->spii, key2->spii, key1->spii_len) != 0) return 0;
4752 if (memcmp(key1->spir, key2->spir, key1->spir_len) != 0) return 0;
4756 #endif /* HAVE_LIBGCRYPT */
4758 #ifdef HAVE_LIBGCRYPT
4759 #if GLIB_CHECK_VERSION(2,10,0)
4761 free_cookie(gpointer key_arg, gpointer value, gpointer user_data _U_)
4763 guint8 *ic_key = key_arg;
4764 decrypt_data_t *decr = value;
4766 g_slice_free1(COOKIE_SIZE, ic_key);
4767 g_slice_free1(sizeof(decrypt_data_t), decr);
4774 isakmp_init_protocol(void) {
4775 #ifdef HAVE_LIBGCRYPT
4777 #endif /* HAVE_LIBGCRYPT */
4778 fragment_table_init(&isakmp_fragment_table);
4779 reassembled_table_init(&isakmp_reassembled_table);
4781 #ifdef HAVE_LIBGCRYPT
4783 #if GLIB_CHECK_VERSION(2,10,0)
4784 g_hash_table_foreach_remove(isakmp_hash, free_cookie, NULL);
4786 g_hash_table_destroy(isakmp_hash);
4788 #if GLIB_CHECK_VERSION(2,10,0)
4790 if (isakmp_key_data)
4791 g_mem_chunk_destroy(isakmp_key_data);
4792 if (isakmp_decrypt_data)
4793 g_mem_chunk_destroy(isakmp_decrypt_data);
4795 isakmp_key_data = g_mem_chunk_new("isakmp_key_data",
4796 COOKIE_SIZE, 5 * COOKIE_SIZE,
4798 isakmp_decrypt_data = g_mem_chunk_new("isakmp_decrypt_data",
4799 sizeof(decrypt_data_t), 5 * sizeof(decrypt_data_t),
4802 isakmp_hash = g_hash_table_new(isakmp_hash_func, isakmp_equal_func);
4805 log_f = ws_fopen(pluto_log_path, "r");
4809 if (ikev2_key_hash) {
4810 g_hash_table_destroy(ikev2_key_hash);
4813 ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
4814 for (i = 0; i < num_ikev2_uat_data; i++) {
4815 g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
4817 #endif /* HAVE_LIBGCRYPT */
4821 isakmp_prefs_apply_cb(void) {
4822 #ifdef HAVE_LIBGCRYPT
4823 isakmp_init_protocol();
4824 #endif /* HAVE_LIBGCRYPT */
4827 #ifdef HAVE_LIBGCRYPT
4828 UAT_BUFFER_CB_DEF(ikev2_users, spii, ikev2_uat_data_t, key.spii, key.spii_len)
4829 UAT_BUFFER_CB_DEF(ikev2_users, spir, ikev2_uat_data_t, key.spir, key.spir_len)
4830 UAT_BUFFER_CB_DEF(ikev2_users, sk_ei, ikev2_uat_data_t, sk_ei, sk_ei_len)
4831 UAT_BUFFER_CB_DEF(ikev2_users, sk_er, ikev2_uat_data_t, sk_er, sk_er_len)
4832 UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR)
4833 UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
4834 UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
4835 UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR)
4837 static void ikev2_uat_data_update_cb(void* p, const char** err) {
4838 ikev2_uat_data_t *ud = p;
4840 if (ud->key.spii_len != COOKIE_SIZE) {
4841 *err = ep_strdup_printf("Length of Initiator's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
4845 if (ud->key.spir_len != COOKIE_SIZE) {
4846 *err = ep_strdup_printf("Length of Responder's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
4850 if ((ud->encr_spec = ikev2_decrypt_find_encr_spec(ud->encr_alg)) == NULL) {
4851 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 encryption algorithm spec.");
4854 if ((ud->auth_spec = ikev2_decrypt_find_auth_spec(ud->auth_alg)) == NULL) {
4855 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 authentication algorithm spec.");
4858 if (ud->sk_ei_len != ud->encr_spec->key_len) {
4859 *err = ep_strdup_printf("Length of SK_ei (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
4860 ud->sk_ei_len, ud->encr_spec->key_len);
4864 if (ud->sk_er_len != ud->encr_spec->key_len) {
4865 *err = ep_strdup_printf("Length of SK_er (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
4866 ud->sk_er_len, ud->encr_spec->key_len);
4870 if (ud->sk_ai_len != ud->auth_spec->key_len) {
4871 *err = ep_strdup_printf("Length of SK_ai (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
4872 ud->sk_ai_len, ud->auth_spec->key_len);
4876 if (ud->sk_ar_len != ud->auth_spec->key_len) {
4877 *err = ep_strdup_printf("Length of SK_ar (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
4878 ud->sk_ar_len, ud->auth_spec->key_len);
4882 #endif /* HAVE_LIBGCRYPT */
4885 proto_register_isakmp(void)
4887 module_t *isakmp_module;
4889 static hf_register_info hf[] = {
4890 { &hf_isakmp_icookie,
4891 { "Initiator cookie", "isakmp.icookie",
4892 FT_BYTES, BASE_NONE, NULL, 0x0,
4893 "ISAKMP Initiator Cookie", HFILL }},
4894 { &hf_isakmp_rcookie,
4895 { "Responder cookie", "isakmp.rcookie",
4896 FT_BYTES, BASE_NONE, NULL, 0x0,
4897 "ISAKMP Responder Cookie", HFILL }},
4898 { &hf_isakmp_typepayload,
4899 { "Type Payload", "isakmp.typepayload",
4900 FT_UINT8,BASE_RANGE_STRING | BASE_DEC, RVALS(&payload_type), 0x0,
4901 "ISAKMP Type Payload", HFILL }},
4902 { &hf_isakmp_nextpayload,
4903 { "Next payload", "isakmp.nextpayload",
4904 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&payload_type), 0x0,
4905 "ISAKMP Next Payload", HFILL }},
4906 { &hf_isakmp_criticalpayload,
4907 { "Critical Bit", "isakmp.criticalpayload",
4908 FT_BOOLEAN, 8,TFS(&criticalpayload), 0x80,
4909 "ISAKMP (v2) Critical Payload", HFILL }},
4910 { &hf_isakmp_extradata,
4911 { "Extra data", "isakmp.extradata",
4912 FT_BYTES, BASE_NONE, NULL, 0x0,
4913 "Extra data ??????", HFILL }},
4914 { &hf_isakmp_datapayload,
4915 { "Data Payload", "isakmp.datapayload",
4916 FT_BYTES, BASE_NONE, NULL, 0x0,
4917 "Data Payload (not dissect)", HFILL }},
4918 { &hf_isakmp_version,
4919 { "Version", "isakmp.version",
4920 FT_UINT8, BASE_HEX, NULL, 0x0,
4921 "ISAKMP Version (major + minor)", HFILL }},
4922 { &hf_isakmp_exchangetype_v1,
4923 { "Exchange type", "isakmp.exchangetype",
4924 FT_UINT8, BASE_DEC, VALS(exchange_v1_type), 0x0,
4925 "ISAKMP Exchange Type", HFILL }},
4926 { &hf_isakmp_exchangetype_v2,
4927 { "Exchange type", "isakmp.exchangetype",
4928 FT_UINT8, BASE_DEC, VALS(exchange_v2_type), 0x0,
4929 "ISAKMP Exchange Type", HFILL }},
4931 { "Flags", "isakmp.flags",
4932 FT_UINT8, BASE_HEX, NULL, 0x0,
4933 "ISAKMP Flags", HFILL }},
4934 { &hf_isakmp_flag_e,
4935 { "Encryption", "isakmp.flag_e",
4936 FT_BOOLEAN, 8, TFS(&flag_e), E_FLAG,
4937 "Encryption Bit", HFILL }},
4938 { &hf_isakmp_flag_c,
4939 { "Commit", "isakmp.flag_c",
4940 FT_BOOLEAN, 8, TFS(&flag_c), C_FLAG,
4941 "Commit Bit", HFILL }},
4942 { &hf_isakmp_flag_a,
4943 { "Authentication", "isakmp.flag_a",
4944 FT_BOOLEAN, 8, TFS(&flag_a), A_FLAG,
4945 "Authentication Bit", HFILL }},
4946 { &hf_isakmp_flag_i,
4947 { "Initiator", "isakmp.flag_i",
4948 FT_BOOLEAN, 8, TFS(&flag_i), I_FLAG,
4949 "Initiator Bit", HFILL }},
4950 { &hf_isakmp_flag_v,
4951 { "Version", "isakmp.flag_v",
4952 FT_BOOLEAN, 8, TFS(&flag_v), V_FLAG,
4953 "Version Bit", HFILL }},
4954 { &hf_isakmp_flag_r,
4955 { "Response", "isakmp.flag_r",
4956 FT_BOOLEAN, 8, TFS(&flag_r), R_FLAG,
4957 "Response Bit", HFILL }},
4958 { &hf_isakmp_messageid,
4959 { "Message ID", "isakmp.messageid",
4960 FT_UINT32, BASE_HEX, NULL, 0x0,
4961 "ISAKMP Message ID", HFILL }},
4962 { &hf_isakmp_length,
4963 { "Length", "isakmp.length",
4964 FT_UINT32, BASE_DEC, NULL, 0x0,
4965 "ISAKMP Length", HFILL }},
4966 { &hf_isakmp_payloadlen,
4967 { "Payload length", "isakmp.payloadlength",
4968 FT_UINT16, BASE_DEC, NULL, 0x0,
4969 "ISAKMP Payload Length", HFILL }},
4970 { &hf_isakmp_sa_doi,
4971 { "Domain of interpretation", "isakmp.sa.doi",
4972 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
4973 "ISAKMP Domain of Interpretation", HFILL }},
4974 { &hf_isakmp_sa_situation,
4975 { "Situation", "isakmp.sa.situation",
4976 FT_BYTES, BASE_NONE, NULL, 0x0,
4977 "ISAKMP SA Situation", HFILL }},
4978 { &hf_isakmp_sa_situation_identity_only,
4979 { "Identity Only", "isakmp.sa.situation.identity_only",
4980 FT_BOOLEAN, 32, NULL, SIT_IDENTITY_ONLY,
4981 "The type specifies that the SA will be identified by source identity information present in an associated Identification Payload", HFILL }},
4982 { &hf_isakmp_sa_situation_secrecy,
4983 { "Secrecy", "isakmp.sa.situation.secrecy",
4984 FT_BOOLEAN, 32, NULL, SIT_SECRECY,
4985 "The type specifies that the SA is being negotiated in an environment that requires labeled secrecy.", HFILL }},
4986 { &hf_isakmp_sa_situation_integrity,
4987 { "Integrity", "isakmp.sa.situation.integrity",
4988 FT_BOOLEAN, 32, NULL, SIT_INTEGRITY,
4989 "The type specifies that the SA is being negotiated in an environment that requires labeled integrity", HFILL }},
4990 { &hf_isakmp_prop_protoid_v1,
4991 { "Protocol ID", "isakmp.prop.protoid",
4992 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
4993 "ISAKMP Proposal Protocol ID", HFILL }},
4994 { &hf_isakmp_prop_protoid_v2,
4995 { "Protocol ID", "isakmp.prop.protoid",
4996 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
4997 "IKEv2 Proposal Protocol ID", HFILL }},
4998 { &hf_isakmp_prop_number,
4999 { "Proposal number", "isakmp.prop.number",
5000 FT_UINT8, BASE_DEC, NULL, 0x0,
5001 "ISAKMP Proposal Number", HFILL }},
5002 { &hf_isakmp_spisize,
5003 { "SPI Size", "isakmp.spisize",
5004 FT_UINT8, BASE_DEC, NULL, 0x0,
5005 "ISAKMP SPI Size", HFILL }},
5007 { "SPI Size", "isakmp.spi",
5008 FT_BYTES, BASE_NONE, NULL, 0x0,
5009 "ISAKMP SPI", HFILL }},
5010 { &hf_isakmp_prop_transforms,
5011 { "Proposal transforms", "isakmp.prop.transforms",
5012 FT_UINT8, BASE_DEC, NULL, 0x0,
5013 "ISAKMP Proposal Transforms", HFILL }},
5014 { &hf_isakmp_trans_number,
5015 { "Transform number", "isakmp.trans.number",
5016 FT_UINT8, BASE_DEC, NULL, 0x0,
5017 "ISAKMP Transform Number", HFILL }},
5018 { &hf_isakmp_trans_id,
5019 { "Transform ID", "isakmp.trans.id",
5020 FT_UINT8, BASE_DEC, NULL, 0x0,
5021 "ISAKMP Transform ID", HFILL }},
5022 { &hf_isakmp_id_type_v1,
5023 { "ID type", "isakmp.id.type",
5024 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v1_id_type), 0x0,
5025 "ISAKMP (v1) ID Type", HFILL }},
5026 { &hf_isakmp_id_type_v2,
5027 { "ID type", "isakmp.id.type",
5028 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v2_id_type), 0x0,
5029 "ISAKMP (v2) ID Type", HFILL }},
5030 { &hf_isakmp_id_protoid,
5031 { "Protocol ID", "isakmp.id.protoid",
5032 FT_UINT8, BASE_DEC|BASE_EXT_STRING, (&ipproto_val_ext), 0x0,
5033 "ISAKMP ID Protocol ID", HFILL }},
5034 { &hf_isakmp_id_port,
5035 { "Port", "isakmp.id.port",
5036 FT_UINT16, BASE_DEC, NULL, 0x0,
5037 "ISAKMP ID Port", HFILL }},
5038 { &hf_isakmp_id_data,
5039 { "Identification Data:", "isakmp.id.data",
5040 FT_NONE, BASE_NONE, NULL, 0x0,
5041 "ISAKMP ID Data", HFILL }},
5042 { &hf_isakmp_id_data_ipv4_addr,
5043 { "ID_IPV4_ADDR", "isakmp.id.data.ipv4_addr",
5044 FT_IPv4, BASE_NONE, NULL, 0x0,
5045 "The type specifies a single four (4) octet IPv4 address", HFILL }},
5046 { &hf_isakmp_id_data_fqdn,
5047 { "ID_FQDN", "isakmp.id.data.fqdn",
5048 FT_STRING, BASE_NONE, NULL, 0x0,
5049 "The type specifies a fully-qualified domain name string", HFILL }},
5050 { &hf_isakmp_id_data_user_fqdn,
5051 { "ID_FQDN", "isakmp.id.data.user_fqdn",
5052 FT_STRING, BASE_NONE, NULL, 0x0,
5053 "The type specifies a fully-qualified username string", HFILL }},
5054 { &hf_isakmp_id_data_ipv4_subnet,
5055 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_subnet",
5056 FT_IPv4, BASE_NONE, NULL, 0x0,
5057 "The second is an IPv4 network mask", HFILL }},
5058 { &hf_isakmp_id_data_ipv4_range_start,
5059 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_range_start",
5060 FT_IPv4, BASE_NONE, NULL, 0x0,
5061 "The first value is the beginning IPv4 address (inclusive)", HFILL }},
5062 { &hf_isakmp_id_data_ipv4_range_end,
5063 { "ID_IPV4_RANGE (End)", "isakmp.id.data.ipv4_range_end",
5064 FT_IPv4, BASE_NONE, NULL, 0x0,
5065 "The second value is the ending IPv4 address (inclusive)", HFILL }},
5066 { &hf_isakmp_id_data_ipv6_addr,
5067 { "ID_IPV6_ADDR", "isakmp.id.data.ipv6_addr",
5068 FT_IPv6, BASE_NONE, NULL, 0x0,
5069 "The type specifies a single sixteen (16) octet IPv6 address", HFILL }},
5070 { &hf_isakmp_id_data_ipv6_subnet,
5071 { "ID_IPV6A_ADDR_SUBNET", "isakmp.id.data.ipv6_subnet",
5072 FT_IPv6, BASE_NONE, NULL, 0x0,
5073 "The type specifies a range of IPv6 addresses represented by two sixteen (16) octet values", HFILL }},
5074 { &hf_isakmp_id_data_ipv6_range_start,
5075 { "ID_IPV6_ADDR_RANGE (Start)", "isakmp.id.data.ipv6_range_start",
5076 FT_IPv6, BASE_NONE, NULL, 0x0,
5077 "The first value is the beginning IPv6 address (inclusive)", HFILL }},
5078 { &hf_isakmp_id_data_ipv6_range_end,
5079 { "ID_IPV6_ADDR_RANGE (End)", "isakmp.id.data.ipv6_range_end",
5080 FT_IPv6, BASE_NONE, NULL, 0x0,
5081 "the second value is the ending IPv6 address (inclusive)", HFILL }},
5082 { &hf_isakmp_id_data_key_id,
5083 { "ID_KEY_ID", "isakmp.id.data.key_id",
5084 FT_BYTES, BASE_NONE, NULL, 0x0,
5085 "The type specifies an opaque byte stream which may be used to pass vendor-specific information necessary to identify which pre-hared key should be used to authenticate Aggressive mode negotiations", HFILL }},
5086 { &hf_isakmp_id_data_cert,
5087 { "ID_DER_ASN1_DN", "isakmp.id.data.der_asn1_dn",
5088 FT_UINT32, BASE_DEC, NULL, 0x0,
5090 { &hf_isakmp_cert_encoding_v1,
5091 { "Certificate Encoding", "isakmp.cert.encoding",
5092 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&cert_v1_type), 0x0,
5093 "ISAKMP Certificate Encoding", HFILL }},
5094 { &hf_isakmp_cert_encoding_v2,
5095 { "Certificate Encoding", "isakmp.cert.encoding",
5096 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&cert_v2_type), 0x0,
5097 "IKEv2 Certificate Encoding", HFILL }},
5098 { &hf_isakmp_cert_data,
5099 { "Certificate Data", "isakmp.cert.data",
5100 FT_NONE, BASE_NONE, NULL, 0x0,
5101 "ISAKMP Certificate Data", HFILL }},
5102 { &hf_isakmp_certreq_type_v1,
5103 { "Certificate Type", "isakmp.certreq.type",
5104 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&cert_v1_type), 0x0,
5105 "ISAKMP Certificate Type", HFILL }},
5106 { &hf_isakmp_certreq_type_v2,
5107 { "Certificate Type", "isakmp.certreq.type",
5108 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&cert_v2_type), 0x0,
5109 "IKEv2 Certificate Type", HFILL }},
5110 { &hf_isakmp_auth_meth,
5111 { "Authentication Method", "isakmp.auth.method",
5112 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&authmeth_v2_type), 0x0,
5113 "IKEv2 Authentication Method", HFILL }},
5114 { &hf_isakmp_auth_data,
5115 { "Authentication Data", "isakmp.auth.data",
5116 FT_BYTES, BASE_NONE, NULL, 0x0,
5117 "IKEv2 Authentication Data", HFILL }},
5118 { &hf_isakmp_notify_doi,
5119 { "Domain of interpretation", "isakmp.notify.doi",
5120 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
5121 "ISAKMP Notify Domain of Interpretation", HFILL }},
5122 { &hf_isakmp_notify_protoid_v1,
5123 { "Protocol ID", "isakmp.notify.protoid",
5124 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
5125 "ISAKMP Notify Protocol ID", HFILL }},
5126 { &hf_isakmp_notify_protoid_v2,
5127 { "Protocol ID", "isakmp.notify.protoid",
5128 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
5129 "IKEv2 Notify Protocol ID", HFILL }},
5130 { &hf_isakmp_notify_msgtype_v1,
5131 { "Notify Message Type", "isakmp.notify.msgtype",
5132 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v1_type), 0x0,
5133 "ISAKMP Notify Message Type", HFILL }},
5134 { &hf_isakmp_notify_msgtype_v2,
5135 { "Notify Message Type", "isakmp.notify.msgtype",
5136 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v2_type), 0x0,
5137 "ISAKMP Notify Message Type", HFILL }},
5138 { &hf_isakmp_notify_data,
5139 { "Notification DATA", "isakmp.notify.data",
5140 FT_BYTES, BASE_NONE, NULL, 0x0,
5142 { &hf_isakmp_notify_data_dpd_are_you_there,
5143 { "DPD ARE-YOU-THERE sequence", "isakmp.notify.data.dpd.are_you_there",
5144 FT_UINT32, BASE_DEC, NULL, 0x0,
5146 { &hf_isakmp_notify_data_dpd_are_you_there_ack,
5147 { "DPD ARE-YOU-THERE-ACK sequence", "isakmp.notify.data.dpd.are_you_there_ack",
5148 FT_UINT32, BASE_DEC, NULL, 0x0,
5150 { &hf_isakmp_notify_data_unity_load_balance,
5151 { "UNITY LOAD BALANCE", "isakmp.notify.data.unity.load_balance",
5152 FT_IPv4, BASE_NONE, NULL, 0x0,
5154 { &hf_isakmp_notify_data_ipcomp_cpi,
5155 { "IPCOMP CPI", "isakmp.notify.data.ipcomp.cpi",
5156 FT_UINT16, BASE_DEC, NULL, 0x0,
5158 { &hf_isakmp_notify_data_ipcomp_transform_id,
5159 { "IPCOMP CPI", "isakmp.notify.data.ipcomp.cpi",
5160 FT_UINT8, BASE_DEC, VALS(transform_id_ipcomp), 0x0,
5162 { &hf_isakmp_notify_data_redirect_gw_ident_type,
5163 { "Gateway Identity Type", "isakmp.notify.data.redirect.gw_ident.type",
5164 FT_UINT8, BASE_DEC, VALS(redirect_gateway_identity_type), 0x0,
5166 { &hf_isakmp_notify_data_redirect_gw_ident_len,
5167 { "Gateway Identity Length", "isakmp.notify.data.redirect.gw_ident.len",
5168 FT_UINT8, BASE_DEC, NULL, 0x0,
5170 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4,
5171 { "New Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv4",
5172 FT_IPv4, BASE_NONE, NULL, 0x0,
5174 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6,
5175 { "New Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv6",
5176 FT_IPv6, BASE_NONE, NULL, 0x0,
5178 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn,
5179 { "New Responder Gateway Identity (FQDN)", "isakmp.notify.data.redirect.new_resp_gw_ident.fqdn",
5180 FT_STRING, BASE_NONE, NULL, 0x0,
5182 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident,
5183 { "New Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.new_resp_gw_ident.data",
5184 FT_BYTES, BASE_NONE, NULL, 0x0,
5186 { &hf_isakmp_notify_data_redirect_nonce_data,
5187 { "Redirect Nonce Data", "isakmp.notify.data.redirect.nonce_data",
5188 FT_BYTES, BASE_NONE, NULL, 0x0,
5190 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4,
5191 { "Original Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv4",
5192 FT_IPv4, BASE_NONE, NULL, 0x0,
5194 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6,
5195 { "Original Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv6",
5196 FT_IPv6, BASE_NONE, NULL, 0x0,
5198 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident,
5199 { "Original Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.org_resp_gw_ident.data",
5200 FT_BYTES, BASE_NONE, NULL, 0x0,
5203 { &hf_isakmp_notify_data_ticket_lifetime,
5204 { "TICKET OPAQUE Lifetime", "isakmp.notify.data.ticket_opaque.lifetime",
5205 FT_UINT32, BASE_DEC, NULL, 0x0,
5206 "The Lifetime field contains a relative time value, the number of seconds until the ticket expires (encoded as an unsigned integer).", HFILL }},
5207 { &hf_isakmp_notify_data_ticket_data,
5208 { "TICKET OPAQUE Data", "isakmp.notify.data.ticket_opaque.data",
5209 FT_BYTES, BASE_NONE, NULL, 0x0,
5212 /* ROHC Attributes Type */
5213 { &hf_isakmp_notify_data_rohc_attr,
5214 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr",
5215 FT_NONE, BASE_NONE, NULL, 0x00,
5217 { &hf_isakmp_notify_data_rohc_attr_type,
5218 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr.type",
5219 FT_UINT16, BASE_DEC, VALS(rohc_attr_type), 0x00,
5221 { &hf_isakmp_notify_data_rohc_attr_format,
5222 { "ROHC Format", "isakmp.notify.data.rohc.attr.format",
5223 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
5225 { &hf_isakmp_notify_data_rohc_attr_length,
5226 { "Length", "isakmp.notify.data.rohc.attr.length",
5227 FT_UINT16, BASE_DEC, NULL, 0x00,
5229 { &hf_isakmp_notify_data_rohc_attr_value,
5230 { "Value", "isakmp.notify.data.rohc.attr.value",
5231 FT_BYTES, BASE_NONE, NULL, 0x00,
5233 { &hf_isakmp_notify_data_rohc_attr_max_cid,
5234 { "Maximum Context Identifier", "isakmp.notify.data.rohc.attr.max_cid",
5235 FT_UINT16, BASE_DEC, NULL, 0x00,
5237 { &hf_isakmp_notify_data_rohc_attr_profile,
5238 { "ROHC Profile", "isakmp.notify.data.rohc.attr.profile",
5239 FT_UINT16, BASE_DEC, NULL, 0x00,
5241 { &hf_isakmp_notify_data_rohc_attr_integ,
5242 { "ROHC Integrity Algorithm", "isakmp.notify.data.rohc.attr.integ",
5243 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
5245 { &hf_isakmp_notify_data_rohc_attr_icv_len,
5246 { "ROHC ICV Length in bytes", "isakmp.notify.data.rohc.attr.icv_len",
5247 FT_UINT16, BASE_DEC, NULL, 0x00,
5248 "In bytes", HFILL }},
5249 { &hf_isakmp_notify_data_rohc_attr_mrru,
5250 { "MRRU", "isakmp.notify.data.rohc.attr.mrru",
5251 FT_UINT16, BASE_DEC, NULL, 0x00,
5254 { &hf_isakmp_delete_doi,
5255 { "Domain of interpretation", "isakmp.delete.doi",
5256 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
5257 "ISAKMP Delete Domain of Interpretation", HFILL }},
5258 { &hf_isakmp_delete_protoid_v1,
5259 { "Protocol ID", "isakmp.delete.protoid",
5260 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
5261 "ISAKMP Delete Protocol ID", HFILL }},
5262 { &hf_isakmp_delete_protoid_v2,
5263 { "Protocol ID", "isakmp.delete.protoid",
5264 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
5265 "IKEv2 Delete Protocol ID", HFILL }},
5266 { &hf_isakmp_delete_spi,
5267 { "Delete SPI", "isakmp.delete.spi",
5268 FT_BYTES, BASE_NONE, NULL, 0x0,
5269 "Identifies the specific security association(s) to delete", HFILL }},
5270 { &hf_isakmp_vid_bytes,
5271 { "Vendor ID", "isakmp.vid",
5272 FT_BYTES, BASE_NONE, NULL, 0x0,
5274 { &hf_isakmp_vid_string,
5275 { "Vendor ID", "isakmp.vid",
5276 FT_STRING, BASE_NONE, NULL, 0x0,
5278 { &hf_isakmp_vid_cp_product,
5279 { "Checkpoint Product", "isakmp.vid.cp.product",
5280 FT_UINT32, BASE_DEC, VALS(cp_product), 0x0,
5282 { &hf_isakmp_vid_cp_version,
5283 { "Checkpoint Cersion", "isakmp.vid.cp.version",
5284 FT_UINT32, BASE_DEC, VALS(cp_version), 0x0,
5285 "Encoded Version number", HFILL }},
5286 { &hf_isakmp_vid_cp_timestamp,
5287 { "Checkpoint Timestamp", "isakmp.vid.cp.timestamp",
5288 FT_UINT32, BASE_DEC, NULL, 0x0,
5289 "Timestamp (NGX only; always zero in 4.1 or NG)", HFILL }},
5290 { &hf_isakmp_vid_cp_reserved,
5291 { "Checkpoint Reserved", "isakmp.vid.cp.reserved",
5292 FT_UINT32, BASE_HEX, NULL, 0x0,
5294 { &hf_isakmp_vid_cp_features,
5295 { "Checkpoint Features", "isakmp.vid.cp.features",
5296 FT_UINT32, BASE_HEX, NULL, 0x0,
5299 { &hf_isakmp_vid_cisco_unity_major,
5300 { "CISCO-UNITY Major version", "isakmp.vid.cisco_unity.major",
5301 FT_UINT8, BASE_DEC, NULL, 0x0,
5303 { &hf_isakmp_vid_cisco_unity_minor,
5304 { "CISCO-UNITY Minor version", "isakmp.vid.cisco_unity.minor",
5305 FT_UINT8, BASE_DEC, NULL, 0x0,
5308 { &hf_isakmp_vid_ms_nt5_isakmpoakley,
5309 { "MS NT5 ISAKMPOAKLEY", "isakmp.vid.ms_nt5_isakmpoakley",
5310 FT_UINT32, BASE_DEC, VALS(ms_nt5_isakmpoakley_type), 0x0,
5313 { &hf_isakmp_vid_aruba_via_auth_profile,
5314 { "Auth Profile", "isakmp.vid.aruba_via_auth_profile",
5315 FT_STRING, BASE_NONE, NULL, 0x0,
5316 "Aruba Networks Auth Profile for VIA Client", HFILL }},
5318 { &hf_isakmp_ts_number_of_ts,
5319 { "Number of Traffic Selector", "isakmp.ts.number",
5320 FT_UINT8, BASE_DEC, NULL, 0x0,
5322 { &hf_isakmp_ts_type,
5323 { "Traffic Selector Type", "isakmp.ts.type",
5324 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(traffic_selector_type), 0x0,
5326 { &hf_isakmp_ts_protoid,
5327 { "Protocol ID", "isakmp.ts.protoid",
5328 FT_UINT8, BASE_DEC|BASE_EXT_STRING, (&ipproto_val_ext), 0x0,
5329 "IKEv2 Traffic Selector Protocol ID", HFILL }},
5330 { &hf_isakmp_ts_selector_length,
5331 { "Selector Length", "isakmp.ts.selector_length",
5332 FT_UINT16, BASE_DEC, NULL, 0x0,
5334 { &hf_isakmp_ts_start_port,
5335 { "Start Port", "isakmp.ts.start_port",
5336 FT_UINT16, BASE_DEC, NULL, 0x0,
5338 { &hf_isakmp_ts_end_port,
5339 { "End Port", "isakmp.ts.end_port",
5340 FT_UINT16, BASE_DEC, NULL, 0x0,
5342 { &hf_isakmp_ts_start_addr_ipv4,
5343 { "Starting Addr", "isakmp.ts.start_ipv4",
5344 FT_IPv4, BASE_NONE, NULL, 0x0,
5346 { &hf_isakmp_ts_end_addr_ipv4,
5347 { "Ending Addr", "isakmp.ts.end_ipv4",
5348 FT_IPv4, BASE_NONE, NULL, 0x0,
5350 { &hf_isakmp_ts_start_addr_ipv6,
5351 { "Starting Addr", "isakmp.ts.start_ipv6",
5352 FT_IPv6, BASE_NONE, NULL, 0x0,
5354 { &hf_isakmp_ts_end_addr_ipv6,
5355 { "Ending Addr", "isakmp.ts.end_ipv6",
5356 FT_IPv6, BASE_NONE, NULL, 0x0,
5358 { &hf_isakmp_ts_start_addr_fc,
5359 { "Starting Addr", "isakmp.ts.start_fc",
5360 FT_UINT32, BASE_DEC, NULL, 0x0,
5362 { &hf_isakmp_ts_end_addr_fc,
5363 { "Ending Addr", "isakmp.ts.end_fc",
5364 FT_UINT32, BASE_DEC, NULL, 0x0,
5366 { &hf_isakmp_ts_start_r_ctl,
5367 { "Starting R_CTL", "isakmp.ts.start_r_ctl",
5368 FT_UINT8, BASE_DEC, NULL, 0x0,
5370 { &hf_isakmp_ts_end_r_ctl,
5371 { "Ending R_CTL", "isakmp.ts.end_r_ctl",
5372 FT_UINT8, BASE_DEC, NULL, 0x0,
5374 { &hf_isakmp_ts_start_type,
5375 { "Starting Type", "isakmp.ts.start_type",
5376 FT_UINT8, BASE_DEC, NULL, 0x0,
5378 { &hf_isakmp_ts_end_type,
5379 { "Ending Type", "isakmp.ts.end_type",
5380 FT_UINT8, BASE_DEC, NULL, 0x0,
5382 { &hf_isakmp_ts_data,
5383 { "Traffic Selector Data", "isakmp.ts.data",
5384 FT_BYTES, BASE_NONE, NULL, 0x0,
5387 { &hf_isakmp_num_spis,
5388 { "Port", "isakmp.spinum",
5389 FT_UINT16, BASE_DEC, NULL, 0x0,
5390 "ISAKMP Number of SPIs", HFILL }},
5392 { "Hash DATA", "isakmp.hash",
5393 FT_BYTES, BASE_NONE, NULL, 0x0,
5396 { "Signature DATA", "isakmp.sig",
5397 FT_BYTES, BASE_NONE, NULL, 0x0,
5400 { "Nonce DATA", "isakmp.nonce",
5401 FT_BYTES, BASE_NONE, NULL, 0x0,
5404 { &hf_isakmp_cisco_frag_packetid,
5405 { "Frag ID", "isakmp.frag.packetid",
5406 FT_UINT16, BASE_HEX, NULL, 0x0,
5407 "ISAKMP fragment packet-id", HFILL }},
5408 { &hf_isakmp_cisco_frag_seq,
5409 { "Frag seq", "isakmp.frag.packetid",
5410 FT_UINT8, BASE_DEC, NULL, 0x0,
5411 "ISAKMP fragment number", HFILL }},
5412 { &hf_isakmp_cisco_frag_last,
5413 { "Frag last", "isakmp.frag.last",
5414 FT_UINT8, BASE_DEC, VALS(frag_last_vals), 0x0,
5415 "ISAKMP last fragment", HFILL }},
5416 { &hf_isakmp_fragments,
5417 {"Message fragments", "isakmp.fragments",
5418 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
5419 { &hf_isakmp_fragment,
5420 {"Message fragment", "isakmp.fragment",
5421 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
5422 { &hf_isakmp_fragment_overlap,
5423 {"Message fragment overlap", "isakmp.fragment.overlap",
5424 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
5425 { &hf_isakmp_fragment_overlap_conflicts,
5426 {"Message fragment overlapping with conflicting data",
5427 "isakmp.fragment.overlap.conflicts",
5428 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
5429 { &hf_isakmp_fragment_multiple_tails,
5430 {"Message has multiple tail fragments",
5431 "isakmp.fragment.multiple_tails",
5432 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
5433 { &hf_isakmp_fragment_too_long_fragment,
5434 {"Message fragment too long", "isakmp.fragment.too_long_fragment",
5435 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
5436 { &hf_isakmp_fragment_error,
5437 {"Message defragmentation error", "isakmp.fragment.error",
5438 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
5439 { &hf_isakmp_fragment_count,
5440 {"Message fragment count", "isakmp.fragment.count",
5441 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
5442 { &hf_isakmp_reassembled_in,
5443 {"Reassembled in", "isakmp.reassembled.in",
5444 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
5445 { &hf_isakmp_reassembled_length,
5446 {"Reassembled ISAKMP length", "isakmp.reassembled.length",
5447 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
5448 { &hf_isakmp_certreq_authority_sig,
5449 { "Certificate Authority Signature", "ike.certreq.authority.sig",
5450 FT_UINT32, BASE_DEC, NULL, 0x0,
5452 { &hf_isakmp_certreq_authority_v1,
5453 { "Certificate Authority Data", "ike.certreq.authority",
5454 FT_BYTES, BASE_NONE, NULL, 0x0,
5456 { &hf_isakmp_certreq_authority_v2,
5457 { "Certificate Authority Data", "ike.certreq.authority",
5458 FT_BYTES, BASE_NONE, NULL, 0x0,
5459 "SHA-1 hash of the Certificate Authority", HFILL } },
5460 { &hf_isakmp_nat_keepalive,
5461 { "NAT Keepalive", "ike.nat_keepalive",
5462 FT_NONE, BASE_NONE, NULL, 0x0, "NAT Keepalive packet", HFILL } },
5463 { &hf_isakmp_nat_hash,
5464 { "HASH of the address and port", "ike.nat_hash",
5465 FT_BYTES, BASE_NONE, NULL, 0x00,
5467 { &hf_isakmp_nat_original_address_ipv4,
5468 { "NAT Original IPv4 Address", "ike.nat_original_address_ipv4",
5469 FT_IPv4, BASE_NONE, NULL, 0x00,
5471 { &hf_isakmp_nat_original_address_ipv6,
5472 { "NAT Original IPv6 Address", "ike.nat_original_address_ipv6",
5473 FT_IPv6, BASE_NONE, NULL, 0x00,
5476 /* Transform Attributes Type */
5477 { &hf_isakmp_tf_attr,
5478 { "Transform Attribute Type", "isakmp.tf.attr",
5479 FT_NONE, BASE_NONE, NULL, 0x00,
5480 "ISAKMP Transform Attribute", HFILL }},
5481 { &hf_isakmp_tf_attr_type_v1,
5482 { "Transform Attribute Type", "isakmp.tf.attr.type_v1",
5483 FT_UINT16, BASE_DEC, VALS(transform_isakmp_attr_type), 0x00,
5484 "ISAKMP (v1) Transform Attribute type", HFILL }},
5485 { &hf_isakmp_tf_attr_format,
5486 { "Transform Format", "isakmp.tf.attr.format",
5487 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
5488 "ISAKMP Transform Attribute Format", HFILL }},
5489 { &hf_isakmp_tf_attr_length,
5490 { "Length", "isakmp.tf.attr.length",
5491 FT_UINT16, BASE_DEC, NULL, 0x00,
5492 "ISAKMP Tranform Attribute length", HFILL }},
5493 { &hf_isakmp_tf_attr_value,
5494 { "Value", "isakmp.tf.attr.value",
5495 FT_BYTES, BASE_NONE, NULL, 0x00,
5496 "ISAKMP Transform Attribute value", HFILL }},
5497 { &hf_isakmp_tf_attr_life_type,
5498 { "Life Type", "isakmp.tf.attr.life_type",
5499 FT_UINT16, BASE_DEC, VALS(transform_attr_sa_life_type), 0x00,
5501 { &hf_isakmp_tf_attr_life_duration,
5502 { "Life Duration", "isakmp.tf.attr.life_duration",
5503 FT_UINT32, BASE_DEC, NULL, 0x00,
5505 { &hf_isakmp_tf_attr_group_description,
5506 { "Group Description", "isakmp.tf.attr.group_description",
5507 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
5509 { &hf_isakmp_tf_attr_encap_mode,
5510 { "Encapsulation Mode", "isakmp.tf.attr.encap_mode",
5511 FT_UINT16, BASE_DEC, VALS(transform_attr_encap_type), 0x00,
5513 { &hf_isakmp_tf_attr_auth_algorithm,
5514 { "Authentication Algorithm", "isakmp.tf.attr.auth_algorithm",
5515 FT_UINT16, BASE_DEC, VALS(transform_attr_auth_type), 0x00,
5517 { &hf_isakmp_tf_attr_key_length,
5518 { "Key Length", "isakmp.tf.attr.key_length",
5519 FT_UINT16, BASE_DEC, NULL, 0x00,
5521 { &hf_isakmp_tf_attr_key_rounds,
5522 { "Key Rounds", "isakmp.tf.attr.key_rounds",
5523 FT_UINT16, BASE_DEC, NULL, 0x00,
5525 { &hf_isakmp_tf_attr_cmpr_dict_size,
5526 { "Compress Dictionary Size", "isakmp.tf.attr.cmpr_dict_size",
5527 FT_UINT16, BASE_DEC, NULL, 0x00,
5529 { &hf_isakmp_tf_attr_cmpr_algorithm,
5530 { "Compress Private Algorithm", "isakmp.tf.attr.cmpr_algorithm",
5531 FT_BYTES, BASE_NONE, NULL, 0x00,
5533 { &hf_isakmp_tf_attr_ecn_tunnel,
5534 { "ECN Tunnel", "isakmp.tf.attr.ecn_tunnel",
5535 FT_UINT16, BASE_DEC, VALS(transform_attr_ecn_type), 0x00,
5537 { &hf_isakmp_tf_attr_ext_seq_nbr,
5538 { "Extended (64-bit) Sequence Number", "isakmp.tf.attr.ext_seq_nbr",
5539 FT_UINT16, BASE_DEC, VALS(transform_attr_ext_seq_nbr_type), 0x00,
5541 { &hf_isakmp_tf_attr_auth_key_length,
5542 { "Authentication Key Length", "isakmp.tf.attr.auth_key_length",
5543 FT_UINT16, BASE_DEC, NULL, 0x00,
5545 { &hf_isakmp_tf_attr_sig_enco_algorithm,
5546 { "Signature Encoding Algorithm", "isakmp.tf.attr.sig_enco_algorithm",
5547 FT_BYTES, BASE_NONE, NULL, 0x00,
5550 { &hf_isakmp_ike_attr,
5551 { "Transform IKE Attribute Type", "isakmp.ike.attr",
5552 FT_NONE, BASE_NONE, NULL, 0x00,
5553 "IKE Transform Attribute", HFILL }},
5554 { &hf_isakmp_ike_attr_type,
5555 { "Transform IKE Attribute Type", "isakmp.ike.attr.type",
5556 FT_UINT16, BASE_DEC, VALS(transform_ike_attr_type), 0x00,
5557 "IKE Transform Attribute type", HFILL }},
5558 { &hf_isakmp_ike_attr_format,
5559 { "Transform IKE Format", "isakmp.ike.attr.format",
5560 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
5561 "IKE Transform Attribute Format", HFILL }},
5562 { &hf_isakmp_ike_attr_length,
5563 { "Length", "isakmp.ike.attr.length",
5564 FT_UINT16, BASE_DEC, NULL, 0x00,
5565 "IKE Tranform Attribute length", HFILL }},
5566 { &hf_isakmp_ike_attr_value,
5567 { "Value", "isakmp.ike.attr.value",
5568 FT_BYTES, BASE_NONE, NULL, 0x00,
5569 "IKE Transform Attribute value", HFILL }},
5571 { &hf_isakmp_ike_attr_encryption_algorithm,
5572 { "Encryption Algorithm", "isakmp.ike.attr.encryption_algorithm",
5573 FT_UINT16, BASE_DEC, VALS(transform_attr_enc_type), 0x00,
5575 { &hf_isakmp_ike_attr_hash_algorithm,
5576 { "HASH Algorithm", "isakmp.ike.attr.hash_algorithm",
5577 FT_UINT16, BASE_DEC, VALS(transform_attr_hash_type), 0x00,
5579 { &hf_isakmp_ike_attr_authentication_method,
5580 { "Authentication Method", "isakmp.ike.attr.authentication_method",
5581 FT_UINT16, BASE_DEC, VALS(transform_attr_authmeth_type), 0x00,
5583 { &hf_isakmp_ike_attr_group_description,
5584 { "Group Description", "isakmp.ike.attr.group_description",
5585 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
5587 { &hf_isakmp_ike_attr_group_type,
5588 { "Groupe Type", "isakmp.ike.attr.group_type",
5589 FT_UINT16, BASE_DEC, VALS(transform_attr_grp_type), 0x00,
5591 { &hf_isakmp_ike_attr_group_prime,
5592 { "Groupe Prime", "isakmp.ike.attr.group_prime",
5593 FT_BYTES, BASE_NONE, NULL, 0x00,
5595 { &hf_isakmp_ike_attr_group_generator_one,
5596 { "Groupe Generator One", "isakmp.ike.attr.group_generator_one",
5597 FT_BYTES, BASE_NONE, NULL, 0x00,
5599 { &hf_isakmp_ike_attr_group_generator_two,
5600 { "Groupe Generator Two", "isakmp.ike.attr.group_generator_two",
5601 FT_BYTES, BASE_NONE, NULL, 0x00,
5603 { &hf_isakmp_ike_attr_group_curve_a,
5604 { "Groupe Curve A", "isakmp.ike.attr.group_curve_a",
5605 FT_BYTES, BASE_NONE, NULL, 0x00,
5607 { &hf_isakmp_ike_attr_group_curve_b,
5608 { "Groupe Curve B", "isakmp.ike.attr.group_curve_b",
5609 FT_BYTES, BASE_NONE, NULL, 0x00,
5611 { &hf_isakmp_ike_attr_life_type,
5612 { "Life Type", "isakmp.ike.attr.life_type",
5613 FT_UINT16, BASE_DEC, VALS(transform_attr_sa_life_type), 0x00,
5615 { &hf_isakmp_ike_attr_life_duration,
5616 { "Life Duration", "isakmp.ike.attr.life_duration",
5617 FT_UINT32, BASE_DEC, NULL, 0x00,
5619 { &hf_isakmp_ike_attr_prf,
5620 { "PRF", "isakmp.ike.attr.prf",
5621 FT_BYTES, BASE_NONE, NULL, 0x00,
5623 { &hf_isakmp_ike_attr_key_length,
5624 { "Key Length", "isakmp.ike.attr.key_length",
5625 FT_UINT16, BASE_DEC, NULL, 0x00,
5627 { &hf_isakmp_ike_attr_field_size,
5628 { "Field Size", "isakmp.ike.attr.field_size",
5629 FT_BYTES, BASE_NONE, NULL, 0x00,
5631 { &hf_isakmp_ike_attr_group_order,
5632 { "Key Length", "isakmp.ike.attr.group_order",
5633 FT_BYTES, BASE_NONE, NULL, 0x00,
5636 { &hf_isakmp_trans_type,
5637 { "Transform Type", "isakmp.tf.type",
5638 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_type), 0x00,
5641 { &hf_isakmp_trans_encr,
5642 { "Transform ID (ENCR)", "isakmp.tf.id.encr",
5643 FT_UINT16, BASE_DEC, VALS(transform_ike2_encr_type), 0x00,
5645 { &hf_isakmp_trans_prf,
5646 { "Transform ID (PRF)", "isakmp.tf.id.prf",
5647 FT_UINT16, BASE_DEC, VALS(transform_ike2_prf_type), 0x00,
5649 { &hf_isakmp_trans_integ,
5650 { "Transform ID (INTEG)", "isakmp.tf.id.integ",
5651 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
5653 { &hf_isakmp_trans_dh,
5654 { "Transform ID (D-H)", "isakmp.tf.id.dh",
5655 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
5657 { &hf_isakmp_trans_esn,
5658 { "Transform ID (ESN)", "isakmp.tf.id.esn",
5659 FT_UINT16, BASE_DEC, VALS(transform_ike2_esn_type), 0x00,
5661 { &hf_isakmp_trans_id_v2,
5662 { "Transform ID", "isakmp.tf.id",
5663 FT_UINT16, BASE_DEC, NULL, 0x00,
5665 { &hf_isakmp_ike2_attr,
5666 { "Transform IKE2 Attribute Type", "isakmp.ike2.attr",
5667 FT_NONE, BASE_NONE, NULL, 0x00,
5668 "IKE2 Transform Attribute", HFILL }},
5669 { &hf_isakmp_ike2_attr_type,
5670 { "Transform IKE2 Attribute Type", "isakmp.ike2.attr.type",
5671 FT_UINT16, BASE_DEC, VALS(transform_ike2_attr_type), 0x00,
5672 "IKE2 Transform Attribute type", HFILL }},
5673 { &hf_isakmp_ike2_attr_format,
5674 { "Transform IKE2 Format", "isakmp.ike2.attr.format",
5675 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
5676 "IKE2 Transform Attribute Format", HFILL }},
5677 { &hf_isakmp_ike2_attr_length,
5678 { "Length", "isakmp.ike2.attr.length",
5679 FT_UINT16, BASE_DEC, NULL, 0x00,
5680 "IKE2 Tranform Attribute length", HFILL }},
5681 { &hf_isakmp_ike2_attr_value,
5682 { "Value", "isakmp.ike2.attr.value",
5683 FT_BYTES, BASE_NONE, NULL, 0x00,
5684 "IKE2 Transform Attribute value", HFILL }},
5685 { &hf_isakmp_ike2_attr_key_length,
5686 { "Key Length", "isakmp.ike2.attr.key_length",
5687 FT_UINT16, BASE_DEC, NULL, 0x00,
5691 { &hf_isakmp_key_exch_dh_group,
5692 { "DH Group #", "isakmp.key_exchange.dh_group",
5693 FT_UINT16, BASE_DEC, VALS(transform_dh_group_type), 0x00,
5695 { &hf_isakmp_key_exch_data,
5696 { "Key Exchange Data", "isakmp.key_exchange.data",
5697 FT_BYTES, BASE_NONE, NULL, 0x00,
5699 { &hf_isakmp_eap_data,
5700 { "EAP Message", "isakmp.eap.data",
5701 FT_BYTES, BASE_NONE, NULL, 0x00,
5704 { &hf_isakmp_cfg_type_v1,
5705 { "Type", "isakmp.cfg.type",
5706 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v1_cfgtype), 0x0,
5707 "ISAKMP (v1) Config Type", HFILL }},
5708 { &hf_isakmp_cfg_identifier,
5709 { "Identifier", "isakmp.cfg.identifier",
5710 FT_UINT16, BASE_DEC, NULL, 0x0,
5711 "ISAKMP (v1) Config Identifier", HFILL }},
5712 { &hf_isakmp_cfg_type_v2,
5713 { "Type", "isakmp.cfg.type",
5714 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v2_cfgtype), 0x0,
5715 "ISAKMP (v2) Config Type", HFILL }},
5716 /* Config Attributes Type */
5717 { &hf_isakmp_cfg_attr,
5718 { "Config Attribute Type", "isakmp.cfg.attr",
5719 FT_NONE, BASE_NONE, NULL, 0x00,
5720 "ISAKMP Config Attribute", HFILL }},
5721 { &hf_isakmp_cfg_attr_type_v1,
5722 { "Type", "isakmp.cfg.attr.type",
5723 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v1_cfgattr), 0x00,
5724 "ISAKMP (v1) Config Attribute type", HFILL }},
5725 { &hf_isakmp_cfg_attr_type_v2,
5726 { "Type", "isakmp.cfg.attr.type",
5727 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(&vs_v2_cfgattr), 0x00,
5728 "ISAKMP (v2) Config Attribute type", HFILL }},
5729 { &hf_isakmp_cfg_attr_format,
5730 { "Config Attribute Format", "isakmp.cfg.attr.format",
5731 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
5732 "ISAKMP Config Attribute Format", HFILL }},
5733 { &hf_isakmp_cfg_attr_length,
5734 { "Length", "isakmp.cfg.attr.length",
5735 FT_UINT16, BASE_DEC, NULL, 0x00,
5736 "ISAKMP Config Attribute length", HFILL }},
5737 { &hf_isakmp_cfg_attr_value,
5738 { "Value", "isakmp.cfg.attr.value",
5739 FT_BYTES, BASE_NONE, NULL, 0x00,
5740 "ISAKMP Config Attribute value", HFILL }},
5741 { &hf_isakmp_cfg_attr_internal_ip4_address,
5742 { "INTERNAL IP4 ADDRESS", "isakmp.cfg.attr.internal_ip4_address",
5743 FT_IPv4, BASE_NONE, NULL, 0x00,
5744 "An IPv4 address on the internal network", HFILL }},
5745 { &hf_isakmp_cfg_attr_internal_ip4_netmask,
5746 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip4_netmask",
5747 FT_IPv4, BASE_NONE, NULL, 0x00,
5748 "The internal network's netmask", HFILL }},
5749 { &hf_isakmp_cfg_attr_internal_ip4_dns,
5750 { "INTERNAL IP4 DNS", "isakmp.cfg.attr.internal_ip4_dns",
5751 FT_IPv4, BASE_NONE, NULL, 0x00,
5752 "An IPv4 address of a DNS server within the network", HFILL }},
5753 { &hf_isakmp_cfg_attr_internal_ip4_nbns,
5754 { "INTERNAL IP4 NBNS", "isakmp.cfg.attr.internal_ip4_nbns",
5755 FT_IPv4, BASE_NONE, NULL, 0x00,
5756 "An IPv4 address of a NetBios Name Server (WINS) within the network", HFILL }},
5757 { &hf_isakmp_cfg_attr_internal_address_expiry,
5758 { "INTERNAL ADDRESS EXPIRY (Secs)", "isakmp.cfg.attr.internal_address_expiry",
5759 FT_UINT32, BASE_DEC, NULL, 0x00,
5760 "Specifies the number of seconds that the host can use the internal IP address", HFILL }},
5761 { &hf_isakmp_cfg_attr_internal_ip4_dhcp,
5762 { "INTERNAL IP4 DHCP", "isakmp.cfg.attr.internal_ip4_dhcp",
5763 FT_IPv4, BASE_NONE, NULL, 0x00,
5764 "the host to send any internal DHCP requests to the address", HFILL }},
5765 { &hf_isakmp_cfg_attr_application_version,
5766 { "APPLICATION VERSION", "isakmp.cfg.attr.application_version",
5767 FT_STRING, BASE_NONE, NULL, 0x00,
5768 "The version or application information of the IPsec host", HFILL }},
5769 { &hf_isakmp_cfg_attr_internal_ip6_address,
5770 { "INTERNAL IP6 ADDRESS", "isakmp.cfg.attr.internal_ip6_address",
5771 FT_IPv4, BASE_NONE, NULL, 0x00,
5772 "An IPv6 address on the internal network", HFILL }},
5773 { &hf_isakmp_cfg_attr_internal_ip6_netmask,
5774 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip6_netmask",
5775 FT_IPv6, BASE_NONE, NULL, 0x00,
5776 "The internal network's netmask", HFILL }},
5777 { &hf_isakmp_cfg_attr_internal_ip6_dns,
5778 { "INTERNAL IP6 DNS", "isakmp.cfg.attr.internal_ip6_dns",
5779 FT_IPv6, BASE_NONE, NULL, 0x00,
5780 "An IPv6 address of a DNS server within the network", HFILL }},
5781 { &hf_isakmp_cfg_attr_internal_ip6_nbns,
5782 { "INTERNAL IP6 NBNS", "isakmp.cfg.attr.internal_ip6_nbns",
5783 FT_IPv6, BASE_NONE, NULL, 0x00,
5784 "An IPv6 address of a NetBios Name Server (WINS) within the network", HFILL }},
5785 { &hf_isakmp_cfg_attr_internal_ip6_dhcp,
5786 { "INTERNAL IP6 DHCP", "isakmp.cfg.attr.internal_ip6_dhcp",
5787 FT_IPv6, BASE_NONE, NULL, 0x00,
5788 "The host to send any internal DHCP requests to the address", HFILL }},
5789 { &hf_isakmp_cfg_attr_internal_ip4_subnet_ip,
5790 { "INTERNAL IP4 SUBNET (IP)", "isakmp.cfg.attr.internal_ip4_subnet_ip",
5791 FT_IPv4, BASE_NONE, NULL, 0x00,
5792 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
5793 { &hf_isakmp_cfg_attr_internal_ip4_subnet_netmask,
5794 { "INTERNAL IP4 SUBNET (NETMASK)", "isakmp.cfg.attr.internal_ip4_subnet_netmask",
5795 FT_IPv4, BASE_NONE, NULL, 0x00,
5796 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
5797 { &hf_isakmp_cfg_attr_supported_attributes,
5798 { "SUPPORTED ATTRIBUTES", "isakmp.cfg.attr.supported_attributes",
5799 FT_UINT16, BASE_DEC, NULL, 0x00,
5801 { &hf_isakmp_cfg_attr_internal_ip6_subnet_ip,
5802 { "INTERNAL_IP6_SUBNET (IP)", "isakmp.cfg.attr.internal_ip6_subnet_ip",
5803 FT_IPv6, BASE_NONE, NULL, 0x00,
5805 { &hf_isakmp_cfg_attr_internal_ip6_subnet_prefix,
5806 { "INTERNAL_IP6_SUBNET (PREFIX)", "isakmp.cfg.attr.internal_ip6_subnet_prefix",
5807 FT_UINT8, BASE_DEC, NULL, 0x00,
5809 { &hf_isakmp_cfg_attr_internal_ip6_link_interface,
5810 { "INTERNAL_IP6_LINK (Link-Local Interface ID)", "isakmp.cfg.attr.internal_ip6_link_interface",
5811 FT_UINT64, BASE_DEC, NULL, 0x00,
5812 "The Interface ID used for link-local address (by the party that sent this attribute)", HFILL }},
5813 { &hf_isakmp_cfg_attr_internal_ip6_link_id,
5814 { "INTERNAL_IP6_LINK (IKEv2 Link ID)", "isakmp.cfg.attr.internal_ip6_link_id",
5815 FT_BYTES, BASE_NONE, NULL, 0x00,
5816 "The Link ID is selected by the VPN gateway and is treated as an opaque octet string by the client.", HFILL }},
5817 { &hf_isakmp_cfg_attr_internal_ip6_prefix_ip,
5818 { "INTERNAL_IP6_PREFIX (IP)", "isakmp.cfg.attr.internal_ip6_prefix_ip",
5819 FT_IPv6, BASE_NONE, NULL, 0x00,
5820 "An IPv6 prefix assigned to the virtual link", HFILL }},
5821 { &hf_isakmp_cfg_attr_internal_ip6_prefix_length,
5822 { "INTERNAL_IP6_PREFIX (Length)", "isakmp.cfg.attr.internal_ip6_prefix_length",
5823 FT_UINT8, BASE_DEC, NULL, 0x00,
5824 "The length of the prefix in bits (usually 64)", HFILL }},
5826 { &hf_isakmp_cfg_attr_xauth_type,
5827 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.type",
5828 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(cfgattr_xauth_type), 0x00,
5829 "The type of extended authentication requested", HFILL }},
5830 { &hf_isakmp_cfg_attr_xauth_user_name,
5831 { "XAUTH USER NAME", "isakmp.cfg.attr.xauth.user_name",
5832 FT_STRING, BASE_NONE, NULL, 0x00,
5833 "The user name", HFILL }},
5834 { &hf_isakmp_cfg_attr_xauth_user_password,
5835 { "XAUTH USER PASSWORD", "isakmp.cfg.attr.xauth.user_password",
5836 FT_STRING, BASE_NONE, NULL, 0x00,
5837 "The user's password", HFILL }},
5838 { &hf_isakmp_cfg_attr_xauth_passcode,
5839 { "XAUTH PASSCODE", "isakmp.cfg.attr.xauth.passcode",
5840 FT_STRING, BASE_NONE, NULL, 0x00,
5841 "A token card's passcode", HFILL }},
5842 { &hf_isakmp_cfg_attr_xauth_message,
5843 { "XAUTH MESSAGE", "isakmp.cfg.attr.xauth.message",
5844 FT_STRING, BASE_NONE, NULL, 0x00,
5845 "A textual message from an edge device to an IPSec host", HFILL }},
5846 { &hf_isakmp_cfg_attr_xauth_challenge,
5847 { "XAUTH CHALLENGE", "isakmp.cfg.attr.xauth.challenge",
5848 FT_STRING, BASE_NONE, NULL, 0x00,
5849 "A challenge string sent from the edge device to the IPSec host for it to include in its calculation of a password", HFILL }},
5850 { &hf_isakmp_cfg_attr_xauth_domain,
5851 { "XAUTH DOMAIN", "isakmp.cfg.attr.xauth.domain",
5852 FT_STRING, BASE_NONE, NULL, 0x00,
5853 "The domain to be authenticated in", HFILL }},
5854 { &hf_isakmp_cfg_attr_xauth_status,
5855 { "XAUTH STATUS", "isakmp.cfg.attr.xauth.status",
5856 FT_UINT16, BASE_DEC, VALS(cfgattr_xauth_status), 0x00,
5857 "A variable that is used to denote authentication success or failure", HFILL }},
5858 { &hf_isakmp_cfg_attr_xauth_next_pin,
5859 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.next_pin",
5860 FT_STRING, BASE_NONE, NULL, 0x00,
5861 "A variable which is used when the edge device is requesting that the user choose a new pin number", HFILL }},
5862 { &hf_isakmp_cfg_attr_xauth_answer,
5863 { "XAUTH ANSWER", "isakmp.cfg.attr.xauth.answer",
5864 FT_STRING, BASE_NONE, NULL, 0x00,
5865 "A variable length ASCII string used to send input to the edge device", HFILL }},
5866 { &hf_isakmp_cfg_attr_unity_banner,
5867 { "UNITY BANNER", "isakmp.cfg.attr.unity.banner",
5868 FT_STRING, BASE_NONE, NULL, 0x00,
5870 { &hf_isakmp_cfg_attr_unity_def_domain,
5871 { "UNITY DEF DOMAIN", "isakmp.cfg.attr.unity.def_domain",
5872 FT_STRING, BASE_NONE, NULL, 0x00,
5875 { &hf_isakmp_enc_decrypted_data,
5876 { "Decrypted Data", "isakmp.enc.decrypted",
5877 FT_NONE, BASE_NONE, NULL, 0x0,
5879 { &hf_isakmp_enc_contained_data,
5880 { "Contained Data", "isakmp.enc.contained",
5881 FT_NONE, BASE_NONE, NULL, 0x0,
5883 { &hf_isakmp_enc_padding,
5884 { "Padding", "isakmp.enc.padding",
5885 FT_NONE, BASE_NONE, NULL, 0x0,
5887 { &hf_isakmp_enc_pad_length,
5888 { "Pad Length", "isakmp.enc.pad_length",
5889 FT_UINT16, BASE_DEC, NULL, 0x0,
5891 { &hf_isakmp_enc_data,
5892 { "Encrypted Data", "isakmp.enc.data",
5893 FT_NONE, BASE_NONE, NULL, 0x0,
5895 { &hf_isakmp_enc_iv,
5896 { "Initialization Vector", "isakmp.enc.iv",
5897 FT_BYTES, BASE_NONE, NULL, 0x0,
5899 { &hf_isakmp_enc_icd,
5900 { "Integrity Checksum Data", "isakmp.enc.icd",
5901 FT_BYTES, BASE_NONE, NULL, 0x0,
5906 static gint *ett[] = {
5909 &ett_isakmp_payload,
5910 &ett_isakmp_fragment,
5911 &ett_isakmp_fragments,
5913 &ett_isakmp_tf_attr,
5914 &ett_isakmp_tf_ike_attr,
5915 &ett_isakmp_tf_ike2_attr,
5917 &ett_isakmp_cfg_attr,
5918 &ett_isakmp_rohc_attr,
5919 #ifdef HAVE_LIBGCRYPT
5920 &ett_isakmp_decrypted_data,
5921 &ett_isakmp_decrypted_payloads
5922 #endif /* HAVE_LIBGCRYPT */
5924 #ifdef HAVE_LIBGCRYPT
5925 static uat_field_t ikev2_uat_flds[] = {
5926 UAT_FLD_BUFFER(ikev2_users, spii, "Initiator's SPI", "Initiator's SPI value of the IKE_SA"),
5927 UAT_FLD_BUFFER(ikev2_users, spir, "Responder's SPI", "Responder's SPI value of the IKE_SA"),
5928 UAT_FLD_BUFFER(ikev2_users, sk_ei, "SK_ei", "Key used to encrypt/decrypt IKEv2 packets from initiator to responder"),
5929 UAT_FLD_BUFFER(ikev2_users, sk_er, "SK_er", "Key used to encrypt/decrypt IKEv2 packets from responder to initiator"),
5930 UAT_FLD_VS(ikev2_users, encr_alg, "Encryption algorithm", vs_ikev2_encr_algs, "Encryption algorithm of IKE_SA"),
5931 UAT_FLD_BUFFER(ikev2_users, sk_ai, "SK_ai", "Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator to responder"),
5932 UAT_FLD_BUFFER(ikev2_users, sk_ar, "SK_ar", "Key used to calculate Integrity Checksum Data for IKEv2 packets from responder to initiator"),
5933 UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"),
5936 #endif /* HAVE_LIBGCRYPT */
5937 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
5938 "ISAKMP", "isakmp");
5939 proto_register_field_array(proto_isakmp, hf, array_length(hf));
5940 proto_register_subtree_array(ett, array_length(ett));
5941 register_init_routine(&isakmp_init_protocol);
5943 register_dissector("isakmp", dissect_isakmp, proto_isakmp);
5945 isakmp_module = prefs_register_protocol(proto_isakmp, isakmp_prefs_apply_cb);
5946 #ifdef HAVE_LIBGCRYPT
5947 prefs_register_string_preference(isakmp_module, "log",
5949 "Path to a pluto log file containing DH secret information",
5952 ikev2_uat = uat_new("IKEv2 Decryption Table",
5953 sizeof(ikev2_uat_data_t),
5954 "ikev2_decryption_table",
5956 (void*)&ikev2_uat_data,
5957 &num_ikev2_uat_data,
5959 "ChIKEv2DecryptionSection",
5961 ikev2_uat_data_update_cb,
5966 prefs_register_uat_preference(isakmp_module,
5967 "ikev2_decryption_table",
5968 "IKEv2 Decryption Table",
5969 "Table of IKE_SA security parameters for decryption of IKEv2 packets",
5972 #endif /* HAVE_LIBGCRYPT */
5976 proto_reg_handoff_isakmp(void)
5978 dissector_handle_t isakmp_handle;
5980 isakmp_handle = find_dissector("isakmp");
5981 eap_handle = find_dissector("eap");
5982 dissector_add_uint("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
5983 dissector_add_uint("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);