2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
16 * Ethereal - Network traffic analyzer
17 * By Gerald Combs <gerald@ethereal.com>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
44 #include <epan/packet.h>
45 #include <epan/ipproto.h>
46 #include <epan/dissectors/packet-x509if.h>
47 #include <epan/dissectors/packet-isakmp.h>
49 #define isakmp_min(a, b) ((a<b) ? a : b)
51 #define ARLEN(a) (sizeof(a)/sizeof(a[0]))
53 static int proto_isakmp = -1;
54 static int hf_ike_certificate_authority = -1;
55 static int hf_ike_v2_certificate_authority = -1;
56 static int hf_ike_nat_keepalive = -1;
58 static gint ett_isakmp = -1;
59 static gint ett_isakmp_flags = -1;
60 static gint ett_isakmp_payload = -1;
62 /* IKE port number assigned by IANA */
63 #define UDP_PORT_ISAKMP 500
64 #define TCP_PORT_ISAKMP 500
69 * draft-ietf-ipsec-ikev2-17.txt for IKEv2
71 #define IKE_ID_IPV4_ADDR 1
73 #define IKE_ID_USER_FQDN 3
74 #define IKE_ID_IPV4_ADDR_SUBNET 4
75 #define IKE_ID_IPV6_ADDR 5
76 #define IKE_ID_IPV6_ADDR_SUBNET 6
77 #define IKE_ID_IPV4_ADDR_RANGE 7
78 #define IKE_ID_IPV6_ADDR_RANGE 8
79 #define IKE_ID_DER_ASN1_DN 9
80 #define IKE_ID_DER_ASN1_GN 10
81 #define IKE_ID_KEY_ID 11
84 * Traffic Selector Type
85 * Not in use for IKEv1
87 #define IKEV2_TS_IPV4_ADDR_RANGE 7
88 #define IKEV2_TS_IPV6_ADDR_RANGE 8
90 static const value_string vs_proto[] = {
116 static proto_tree *dissect_payload_header(tvbuff_t *, int, int, int, guint8,
117 guint8 *, guint16 *, proto_tree *);
119 static void dissect_sa(tvbuff_t *, int, int, proto_tree *,
120 packet_info *, int, int);
121 static void dissect_proposal(tvbuff_t *, int, int, proto_tree *,
122 packet_info *, int, int);
123 static void dissect_transform(tvbuff_t *, int, int, proto_tree *,
124 packet_info *, int, int);
125 static void dissect_transform2(tvbuff_t *, int, int, proto_tree *,
126 packet_info *, int, int);
127 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *,
128 packet_info *, int, int);
129 static void dissect_id(tvbuff_t *, int, int, proto_tree *,
130 packet_info *, int, int);
131 static void dissect_cert(tvbuff_t *, int, int, proto_tree *,
132 packet_info *, int, int);
133 static void dissect_certreq_v1(tvbuff_t *, int, int, proto_tree *,
134 packet_info *, int, int);
135 static void dissect_certreq_v2(tvbuff_t *, int, int, proto_tree *,
136 packet_info *, int, int);
137 static void dissect_hash(tvbuff_t *, int, int, proto_tree *,
138 packet_info *, int, int);
139 static void dissect_auth(tvbuff_t *, int, int, proto_tree *,
140 packet_info *, int, int);
141 static void dissect_sig(tvbuff_t *, int, int, proto_tree *,
142 packet_info *, int, int);
143 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *,
144 packet_info *, int, int);
145 static void dissect_notif(tvbuff_t *, int, int, proto_tree *,
146 packet_info *, int, int);
147 static void dissect_delete(tvbuff_t *, int, int, proto_tree *,
148 packet_info *, int, int);
149 static void dissect_vid(tvbuff_t *, int, int, proto_tree *,
150 packet_info *, int, int);
151 static void dissect_config(tvbuff_t *, int, int, proto_tree *,
152 packet_info *, int, int);
153 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree *,
154 packet_info *, int, int);
155 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *,
156 packet_info *, int, int);
157 static void dissect_ts(tvbuff_t *, int, int, proto_tree *,
158 packet_info *, int, int);
159 static void dissect_enc(tvbuff_t *, int, int, proto_tree *,
160 packet_info *, int, int);
161 static void dissect_eap(tvbuff_t *, int, int, proto_tree *,
162 packet_info *, int, int);
165 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
166 guint8 initial_payload, int offset, int length,
170 static const char *payloadtype2str(int, guint8);
171 static const char *exchtype2str(int, guint8);
172 static const char *doitype2str(guint32);
173 static const char *msgtype2str(int, guint16);
174 static const char *situation2str(guint32);
175 static const char *v1_attrval2str(int, guint16, guint32);
176 static const char *v2_attrval2str(guint16, guint32);
177 static const char *cfgtype2str(int, guint8);
178 static const char *cfgattr2str(int, guint16);
179 static const char *id2str(int, guint8);
180 static const char *v2_tstype2str(guint8);
181 static const char *v2_auth2str(guint8);
182 static const char *certtype2str(int, guint8);
184 static gboolean get_num(tvbuff_t *, int, guint16, guint32 *);
186 #define LOAD_TYPE_NONE 0 /* payload type for None */
187 #define LOAD_TYPE_PROPOSAL 2 /* payload type for Proposal */
188 #define LOAD_TYPE_TRANSFORM 3 /* payload type for Transform */
190 struct payload_func {
193 void (*func)(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int);
196 static struct payload_func v1_plfunc[] = {
198 { 1, "Security Association", dissect_sa },
199 { 2, "Proposal", dissect_proposal },
200 { 3, "Transform", dissect_transform },
201 { 4, "Key Exchange", dissect_key_exch },
202 { 5, "Identification", dissect_id },
203 { 6, "Certificate", dissect_cert },
204 { 7, "Certificate Request", dissect_certreq_v1},
205 { 8, "Hash", dissect_hash },
206 { 9, "Signature", dissect_sig },
207 { 10, "Nonce", dissect_nonce },
208 { 11, "Notification", dissect_notif },
209 { 12, "Delete", dissect_delete },
210 { 13, "Vendor ID", dissect_vid },
211 { 14, "Attrib", dissect_config },
212 { 15, "NAT-Discovery", dissect_nat_discovery }, /* draft-ietf-ipsec-nat-t-ike-04 */
213 { 16, "NAT-Original Address", dissect_nat_original_address }, /* draft-ietf-ipsec-nat-t-ike */
214 { 20, "NAT-D (RFC 3947)", dissect_nat_discovery },
215 { 21, "NAT-OA (RFC 3947)", dissect_nat_original_address },
216 { 130, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)", dissect_nat_discovery },
217 { 131, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 04)", dissect_nat_original_address },
220 static struct payload_func v2_plfunc[] = {
221 { 2, "Proposal", dissect_proposal },
222 { 3, "Transform", dissect_transform2 },
223 { 33, "Security Association", dissect_sa },
224 { 34, "Key Exchange", dissect_key_exch },
225 { 35, "Identification - I", dissect_id },
226 { 36, "Identification - R", dissect_id },
227 { 37, "Certificate", dissect_cert },
228 { 38, "Certificate Request", dissect_certreq_v2},
229 { 39, "Authentication", dissect_auth },
230 { 40, "Nonce", dissect_nonce },
231 { 41, "Notification", dissect_notif },
232 { 42, "Delete", dissect_delete },
233 { 43, "Vendor ID", dissect_vid },
234 { 44, "Traffic Selector - I", dissect_ts },
235 { 45, "Traffic Selector - R", dissect_ts },
236 { 46, "Encrypted", dissect_enc },
237 { 47, "Configuration", dissect_config },
238 { 48, "Extensible Authentication", dissect_eap },
241 static struct payload_func * getpayload_func(guint8, int);
244 #define VID_MS_LEN 20
245 static const guint8 VID_MS_W2K_WXP[VID_MS_LEN] = {0x1E, 0x2B, 0x51, 0x69, 0x5, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61, 0x0, 0x0, 0x0, 0x2}; /* according to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0602.asp */
247 #define VID_CP_LEN 20
248 static const guint8 VID_CP[VID_CP_LEN] = {0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51, 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28, 0x7, 0xB4, 0x38, 0x1F};
250 static const guint8 VID_CYBERGUARD[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC, 0xF2, 0x14};
252 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[VID_LEN] = {0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F, 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56}; /* according to http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-03.txt */
254 static const guint8 VID_rfc3947[VID_LEN] = {0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45, 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f}; /* RFC 3947 Negotiation of NAT-Traversal in the IKE*/
256 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[VID_LEN] = {0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA, 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23}; /* Ssh Communications Security IPSEC Express version 1.1.0 */
258 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[VID_LEN] = {0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46, 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30}; /* Ssh Communications Security IPSEC Express version 1.1.1 */
260 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[VID_LEN] = {0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C, 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5}; /* Ssh Communications Security IPSEC Express version 1.1.2 */
262 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[VID_LEN] = {0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D, 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB}; /* Ssh Communications Security IPSEC Express version 1.2.1 */
264 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[VID_LEN] = {0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58, 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E}; /* Ssh Communications Security IPSEC Express version 1.2.2 */
266 static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[VID_LEN] = {0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0, 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84}; /* SSH Communications Security IPSEC Express version 2.0.0 */
268 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[VID_LEN] = {0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E, 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC}; /* SSH Communications Security IPSEC Express version 2.1.0 */
270 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[VID_LEN] = {0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B, 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5}; /* SSH Communications Security IPSEC Express version 2.1.1 */
272 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[VID_LEN] = {0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C, 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20}; /* SSH Communications Security IPSEC Express version 2.1.2 */
274 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_0[VID_LEN] = {0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00, 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB}; /* SSH Communications Security IPSEC Express version 3.0.0 */
276 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_1[VID_LEN] = {0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43, 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F}; /* SSH Communications Security IPSEC Express version 3.0.1 */
278 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_0[VID_LEN] = {0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA, 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0}; /* SSH Communications Security IPSEC Express version 4.0.0 */
280 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_1[VID_LEN] = {0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9, 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C}; /* SSH Communications Security IPSEC Express version 4.0.1 */
282 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_0[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14}; /* SSH Communications Security IPSEC Express version 4.1.0 */
284 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_1[VID_LEN] = {0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A, 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F}; /* SSH Communications Security IPSEC Express version 4.1.1 */
286 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0[VID_LEN] = {0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57, 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C}; /* SSH Communications Security IPSEC Express version 5.0 */
288 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0_0[VID_LEN] = {0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93, 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0}; /* SSH Communications Security IPSEC Express version 5.0.0 */
290 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_0[VID_LEN] = {0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C, 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B}; /* SSH Communications Security IPSEC Express version 5.1.0 */
292 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_1[VID_LEN] = {0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78, 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51}; /* SSH Communications Security IPSEC Express version 5.1.1 */
294 static const guint8 VID_SSH_SENTINEL[VID_LEN] = {0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06, 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82}; /* SSH Sentinel */
296 static const guint8 VID_SSH_SENTINEL_1_1[VID_LEN] = {0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5, 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8}; /* SSH Sentinel 1.1 */
298 static const guint8 VID_SSH_SENTINEL_1_2[VID_LEN] = {0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6, 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58}; /* SSH Sentinel 1.2 */
300 static const guint8 VID_SSH_SENTINEL_1_3[VID_LEN] = {0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59, 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52}; /* SSH Sentinel 1.3 */
302 static const guint8 VID_SSH_QUICKSEC_0_9_0[VID_LEN] = {0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7, 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A}; /* SSH Communications Security QuickSec 0.9.0 */
304 static const guint8 VID_SSH_QUICKSEC_1_1_0[VID_LEN] = {0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96, 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9}; /* SSH Communications Security QuickSec 1.1.0 */
306 static const guint8 VID_SSH_QUICKSEC_1_1_1[VID_LEN] = {0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD, 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94}; /* SSH Communications Security QuickSec 1.1.1 */
308 static const guint8 VID_SSH_QUICKSEC_1_1_2[VID_LEN] = {0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5, 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91}; /* SSH Communications Security QuickSec 1.1.2 */
310 static const guint8 VID_SSH_QUICKSEC_1_1_3[VID_LEN] = {0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3, 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87}; /* SSH Communications Security QuickSec 1.1.3 */
312 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_01[VID_LEN] = {0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5, 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83}; /* draft-huttunen-ipsec-esp-in-udp-01.txt */
314 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_01[VID_LEN] = {0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60, 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0}; /* draft-stenberg-ipsec-nat-traversal-01 */
316 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_02[VID_LEN]= {0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4, 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD}; /* draft-stenberg-ipsec-nat-traversal-02 */
318 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_00[VID_LEN]= {0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD, 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC}; /* draft-ietf-ipsec-nat-t-ike-00 */
320 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02a[VID_LEN]= {0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8, 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48}; /* draft-ietf-ipsec-nat-t-ike-02 */
322 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02b[VID_LEN]= {0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E, 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F}; /* draft-ietf-ipsec-nat-t-ike-02 */
324 static const guint8 VID_draft_beaulieu_ike_xauth_02[VID_LEN]= {0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12, 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5}; /* draft-beaulieu-ike-xauth-02.txt */
327 static const guint8 VID_rfc3706_dpd[VID_LEN]= {0xAF, 0xCA,0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9, 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00}; /* RFC 3706 */
329 static const guint8 VID_IKE_CHALLENGE_RESPONSE_1[VID_LEN]= {0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5, 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
331 static const guint8 VID_IKE_CHALLENGE_RESPONSE_2[VID_LEN]= {0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E, 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
333 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_1[VID_LEN]= {0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52, 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
335 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_2[VID_LEN]= {0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9, 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
337 static const guint8 VID_MS_L2TP_IPSEC_VPN_CLIENT[VID_LEN]= {0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85, 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3}; /* Microsoft L2TP/IPSec VPN Client */
339 static const guint8 VID_GSS_API_1[VID_LEN]= {0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2, 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA}; /* A GSS-API Authentication Method for IKE */
341 static const guint8 VID_GSS_API_2[VID_LEN]= {0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83, 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55}; /* A GSS-API Authentication Method for IKE */
343 static const guint8 VID_GSSAPI[VID_LEN]= {0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1, 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE}; /* GSSAPI */
345 static const guint8 VID_MS_NT5_ISAKMPOAKLEY[VID_LEN]= {0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61}; /* MS NT5 ISAKMPOAKLEY */
347 static const guint8 VID_CISCO_UNITY[VID_LEN]= {0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9, 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC, 0x02, 0xD4}; /* CISCO-UNITY */
350 static const guint8 VID_draft_ietf_ipsec_antireplay_00[VID_LEN_8]= {0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD}; /* draft-ietf-ipsec-antireplay-00.txt */
352 static const guint8 VID_draft_ietf_ipsec_heartbeats_00[VID_LEN_8]= {0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60}; /* draft-ietf-ipsec-heartbeats-00.txt */
355 * Seen in Netscreen. Suppose to be ASCII HeartBeat_Notify - but I don't know the rest yet. I suspect it then proceeds with
356 * 8k10, which means every 8K (?), and version 1.0 of the protocol (?). I won't add it to the code, until I know what it really
357 * means. ykaul-at-bezeqint.net
359 static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79};
362 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
363 guint8 initial_payload, int offset, int length,
366 dissect_payloads(tvb, tree, isakmp_version, initial_payload, offset, length,
371 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
372 guint8 initial_payload, int offset, int length, packet_info *pinfo)
374 guint8 payload, next_payload;
375 guint16 payload_length;
377 struct payload_func * f;
379 for (payload = initial_payload; length > 0; payload = next_payload) {
380 if (payload == LOAD_TYPE_NONE) {
382 * What? There's more stuff in this chunk of data, but the
383 * previous payload had a "next payload" type of None?
385 proto_tree_add_text(tree, tvb, offset, length,
387 tvb_bytes_to_str(tvb, offset, length));
390 ntree = dissect_payload_header(tvb, offset, length, isakmp_version,
391 payload, &next_payload, &payload_length, tree);
394 if (payload_length >= 4) { /* XXX = > 4? */
395 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
396 if ((f = getpayload_func(payload, isakmp_version)) != NULL && f->func != NULL)
397 (*f->func)(tvb, offset + 4, payload_length - 4, ntree, pinfo,
400 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4,
404 else if (payload_length > length) {
405 proto_tree_add_text(ntree, tvb, 0, 0,
406 "Payload (bogus, length is %u, greater than remaining length %d",
407 payload_length, length);
411 proto_tree_add_text(ntree, tvb, 0, 0,
412 "Payload (bogus, length is %u, must be at least 4)",
416 offset += payload_length;
417 length -= payload_length;
421 static struct payload_func *
422 getpayload_func(guint8 payload, int isakmp_version)
424 struct payload_func *f = 0;
427 if (isakmp_version == 1) {
429 len = ARLEN(v1_plfunc);
430 } else if (isakmp_version == 2) {
432 len = ARLEN(v2_plfunc);
435 for (i = 0; i < len; i++) {
436 if (f[i].type == payload)
443 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
446 struct isakmp_hdr hdr;
448 proto_tree * isakmp_tree = NULL;
451 if (check_col(pinfo->cinfo, COL_PROTOCOL))
452 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
453 if (check_col(pinfo->cinfo, COL_INFO))
454 col_clear(pinfo->cinfo, COL_INFO);
457 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, FALSE);
458 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
461 /* RFC3948 2.3 NAT Keepalive packet:
462 * 1 byte payload with the value 0xff.
464 if( (tvb_length(tvb)==1) && (tvb_get_guint8(tvb, offset)==0xff) ){
465 if (check_col(pinfo->cinfo, COL_INFO)){
466 col_add_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
468 proto_tree_add_item(isakmp_tree, hf_ike_nat_keepalive, tvb, offset, 1, FALSE);
472 hdr.length = tvb_get_ntohl(tvb, offset + sizeof(hdr) - sizeof(hdr.length));
473 hdr.exch_type = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload) + sizeof(hdr.version));
474 hdr.version = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload));
475 isakmp_version = hi_nibble(hdr.version); /* save the version */
476 if (check_col(pinfo->cinfo, COL_INFO))
477 col_add_str(pinfo->cinfo, COL_INFO,
478 exchtype2str(isakmp_version, hdr.exch_type));
481 tvb_memcpy(tvb, (guint8 *)&hdr.icookie, offset, sizeof(hdr.icookie));
482 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.icookie),
483 "Initiator cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.icookie)));
484 offset += sizeof(hdr.icookie);
486 tvb_memcpy(tvb, (guint8 *)&hdr.rcookie, offset, sizeof(hdr.rcookie));
487 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.rcookie),
488 "Responder cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.rcookie)));
489 offset += sizeof(hdr.rcookie);
491 hdr.next_payload = tvb_get_guint8(tvb, offset);
492 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.next_payload),
493 "Next payload: %s (%u)",
494 payloadtype2str(isakmp_version, hdr.next_payload),
496 offset += sizeof(hdr.next_payload);
498 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.version),
500 hi_nibble(hdr.version), lo_nibble(hdr.version));
501 offset += sizeof(hdr.version);
503 hdr.exch_type = tvb_get_guint8(tvb, offset);
504 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.exch_type),
505 "Exchange type: %s (%u)",
506 exchtype2str(isakmp_version, hdr.exch_type),
508 offset += sizeof(hdr.exch_type);
514 hdr.flags = tvb_get_guint8(tvb, offset);
515 fti = proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.flags), "Flags");
516 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
518 if (isakmp_version == 1) {
519 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
520 decode_boolean_bitfield(hdr.flags, E_FLAG, sizeof(hdr.flags)*8,
521 "Encrypted", "Not encrypted"));
522 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
523 decode_boolean_bitfield(hdr.flags, C_FLAG, sizeof(hdr.flags)*8,
524 "Commit", "No commit"));
525 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
526 decode_boolean_bitfield(hdr.flags, A_FLAG, sizeof(hdr.flags)*8,
527 "Authentication", "No authentication"));
528 } else if (isakmp_version == 2) {
529 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
530 decode_boolean_bitfield(hdr.flags, I_FLAG, sizeof(hdr.flags)*8,
531 "Initiator", "Responder"));
532 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
533 decode_boolean_bitfield(hdr.flags, V_FLAG, sizeof(hdr.flags)*8,
534 "A higher version enabled", ""));
535 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
536 decode_boolean_bitfield(hdr.flags, R_FLAG, sizeof(hdr.flags)*8,
537 "Response", "Request"));
539 offset += sizeof(hdr.flags);
542 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.message_id),
543 "Message ID: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.message_id)));
544 offset += sizeof(hdr.message_id);
546 if (hdr.length < sizeof(hdr)) {
547 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
548 "Length: (bogus, length is %u, should be at least %lu)",
549 hdr.length, (unsigned long)sizeof(hdr));
553 len = hdr.length - sizeof(hdr);
556 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
557 "Length: (bogus, length is %u, which is too large)",
562 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
563 "Length: %u", hdr.length);
564 offset += sizeof(hdr.length);
566 if (hdr.flags & E_FLAG) {
567 if (len && isakmp_tree) {
568 proto_tree_add_text(isakmp_tree, tvb, offset, len,
569 "Encrypted payload (%d byte%s)",
570 len, plurality(len, "", "s"));
573 dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload,
579 dissect_payload_header(tvbuff_t *tvb, int offset, int length,
580 int isakmp_version, guint8 payload, guint8 *next_payload_p,
581 guint16 *payload_length_p, proto_tree *tree)
584 guint16 payload_length;
589 proto_tree_add_text(tree, tvb, offset, length,
590 "Not enough room in payload for all transforms");
593 next_payload = tvb_get_guint8(tvb, offset);
594 payload_length = tvb_get_ntohs(tvb, offset + 2);
596 ti = proto_tree_add_text(tree, tvb, offset, payload_length,
597 "%s payload", payloadtype2str(isakmp_version, payload));
598 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
600 proto_tree_add_text(ntree, tvb, offset, 1,
601 "Next payload: %s (%u)",
602 payloadtype2str(isakmp_version, next_payload),
604 if (isakmp_version == 2) {
605 proto_tree_add_text(ntree, tvb, offset + 1, 1, "%s",
606 decode_boolean_bitfield(tvb_get_guint8(tvb, offset + 1), 0x80,
607 8, "Critical", "Not critical"));
609 proto_tree_add_text(ntree, tvb, offset + 2, 2, "Length: %u", payload_length);
611 *next_payload_p = next_payload;
612 *payload_length_p = payload_length;
617 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
618 packet_info *pinfo, int isakmp_version, int unused _U_)
624 proto_tree_add_text(tree, tvb, offset, length,
625 "DOI %s (length is %u, should be >= 4)",
626 tvb_bytes_to_str(tvb, offset, length), length);
629 if (isakmp_version == 1) {
630 doi = tvb_get_ntohl(tvb, offset);
631 proto_tree_add_text(tree, tvb, offset, 4,
632 "Domain of interpretation: %s (%u)",
633 doitype2str(doi), doi);
640 proto_tree_add_text(tree, tvb, offset, length,
641 "Situation: %s (length is %u, should be >= 4)",
642 tvb_bytes_to_str(tvb, offset, length), length);
645 situation = tvb_get_ntohl(tvb, offset);
646 proto_tree_add_text(tree, tvb, offset, 4,
647 "Situation: %s (%u)",
648 situation2str(situation), situation);
652 dissect_payloads(tvb, tree, isakmp_version, LOAD_TYPE_PROPOSAL, offset,
656 proto_tree_add_text(tree, tvb, offset, length,
658 tvb_bytes_to_str(tvb, offset, length));
660 } else if (isakmp_version == 2) {
661 dissect_payloads(tvb, tree, isakmp_version, LOAD_TYPE_PROPOSAL, offset,
667 dissect_proposal(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
668 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
672 guint8 num_transforms;
674 guint16 payload_length;
678 proposal_num = tvb_get_guint8(tvb, offset);
680 proto_item_append_text(tree, " # %d",proposal_num);
681 proto_tree_add_text(tree, tvb, offset, 1,
682 "Proposal number: %u", proposal_num);
686 protocol_id = tvb_get_guint8(tvb, offset);
687 proto_tree_add_text(tree, tvb, offset, 1,
688 "Protocol ID: %s (%u)",
689 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
693 spi_size = tvb_get_guint8(tvb, offset);
694 proto_tree_add_text(tree, tvb, offset, 1,
695 "SPI size: %u", spi_size);
699 num_transforms = tvb_get_guint8(tvb, offset);
700 proto_tree_add_text(tree, tvb, offset, 1,
701 "Number of transforms: %u", num_transforms);
706 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
707 tvb_bytes_to_str(tvb, offset, spi_size));
712 while (num_transforms > 0) {
713 ntree = dissect_payload_header(tvb, offset, length, isakmp_version,
714 LOAD_TYPE_TRANSFORM, &next_payload, &payload_length, tree);
717 if (length < payload_length) {
718 proto_tree_add_text(tree, tvb, offset + 4, length,
719 "Not enough room in payload for all transforms");
722 if (payload_length >= 4) {
723 if (isakmp_version == 1)
724 dissect_transform(tvb, offset + 4, payload_length - 4, ntree,
725 pinfo, isakmp_version, protocol_id);
726 else if (isakmp_version == 2)
727 dissect_transform2(tvb, offset + 4, payload_length - 4, ntree,
728 pinfo, isakmp_version, protocol_id);
731 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4, "Payload");
732 offset += payload_length;
733 length -= payload_length;
739 dissect_transform(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
740 packet_info *pinfo _U_, int isakmp_version _U_, int protocol_id)
742 static const value_string vs_v1_attr[] = {
743 { 1, "Encryption-Algorithm" },
744 { 2, "Hash-Algorithm" },
745 { 3, "Authentication-Method" },
746 { 4, "Group-Description" },
748 { 6, "Group-Prime" },
749 { 7, "Group-Generator-One" },
750 { 8, "Group-Generator-Two" },
751 { 9, "Group-Curve-A" },
752 { 10, "Group-Curve-B" },
754 { 12, "Life-Duration" },
756 { 14, "Key-Length" },
757 { 15, "Field-Size" },
758 { 16, "Group-Order" },
762 static const value_string vs_v2_sttr[] = {
763 { 1, "SA-Life-Type" },
764 { 2, "SA-Life-Duration" },
765 { 3, "Group-Description" },
766 { 4, "Encapsulation-Mode" },
767 { 5, "Authentication-Algorithm" },
770 { 8, "Compress-Dictinary-Size" },
771 { 9, "Compress-Private-Algorithm" },
772 { 10, "ECN Tunnel" },
776 static const value_string vs_v1_trans_isakmp[] = {
782 static const value_string vs_v1_trans_ah[] = {
794 static const value_string vs_v1_trans_esp[] = {
811 static const value_string vs_v1_trans_ipcomp[] = {
821 guint8 transform_num;
823 transform_num = tvb_get_guint8(tvb, offset);
824 proto_item_append_text(tree," # %d",transform_num);
825 proto_tree_add_text(tree, tvb, offset, 1,
826 "Transform number: %u", transform_num);
830 transform_id = tvb_get_guint8(tvb, offset);
831 switch (protocol_id) {
833 proto_tree_add_text(tree, tvb, offset, 1,
834 "Transform ID: %u", transform_id);
837 proto_tree_add_text(tree, tvb, offset, 1,
838 "Transform ID: %s (%u)",
839 val_to_str(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
842 proto_tree_add_text(tree, tvb, offset, 1,
843 "Transform ID: %s (%u)",
844 val_to_str(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
847 proto_tree_add_text(tree, tvb, offset, 1,
848 "Transform ID: %s (%u)",
849 val_to_str(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
852 proto_tree_add_text(tree, tvb, offset, 1,
853 "Transform ID: %s (%u)",
854 val_to_str(transform_id, vs_v1_trans_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
863 guint16 aft = tvb_get_ntohs(tvb, offset);
864 guint16 type = aft & 0x7fff;
869 if (protocol_id == 1 && transform_id == 1) {
871 str = val_to_str(type, vs_v1_attr, "UNKNOWN-ATTRIBUTE-TYPE");
874 str = val_to_str(type, vs_v2_sttr, "UNKNOWN-ATTRIBUTE-TYPE");
878 val = tvb_get_ntohs(tvb, offset + 2);
879 proto_tree_add_text(tree, tvb, offset, 4,
882 v1_attrval2str(ike_phase1, type, val), val);
887 len = tvb_get_ntohs(tvb, offset + 2);
889 if (!get_num(tvb, offset + 4, len, &val)) {
890 proto_tree_add_text(tree, tvb, offset, pack_len,
891 "%s (%u): <too big (%u bytes)>",
894 proto_tree_add_text(tree, tvb, offset, pack_len,
897 v1_attrval2str(ike_phase1, type, val), val);
905 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
907 v2_tid2encstr(guint16 tid)
909 static const value_string vs_v2_trans_enc[] = {
911 { 1, "ENCR_DES_IV64" },
917 { 7, "ENCR_BLOWFISH" },
919 { 9, "ENCR_DES_IV32" },
922 { 12, "ENCR_AES_CBC" },
923 { 13, "ENCR_AES_CTR" },
927 return val_to_str(tid, vs_v2_trans_enc, "UNKNOWN-ENC-ALG");
930 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
932 v2_tid2prfstr(guint16 tid)
934 static const value_string vs_v2_trans_prf[] = {
936 { 1, "PRF_HMAC_MD5" },
937 { 2, "PRF_HMAC_SHA1" },
938 { 3, "PRF_HMAC_TIGER" },
939 { 4, "PRF_AES128_CBC" },
942 return val_to_str(tid, vs_v2_trans_prf, "UNKNOWN-PRF");
945 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
947 v2_tid2iastr(guint16 tid)
949 static const value_string vs_v2_trans_integrity[] = {
951 { 1, "AUTH_HMAC_MD5_96" },
952 { 2, "AUTH_HMAC_SHA1_96" },
953 { 3, "AUTH_DES_MAC" },
954 { 4, "AUTH_KPDK_MD5" },
955 { 5, "AUTH_AES_XCBC_96" },
958 return val_to_str(tid, vs_v2_trans_integrity, "UNKNOWN-INTEGRITY-ALG");
961 /* For Transform Type 4 (Diffie-Hellman Group), defined Transform IDs */
963 v2_tid2dhstr(guint16 tid)
965 static const value_string vs_v2_trans_dhgroup[] = {
967 { 1, "Group 1 - 768 Bit MODP" },
968 { 2, "Group 2 - 1024 Bit MODP" },
971 { 5, "group 5 - 1536 Bit MODP" },
972 { 14, "2048-bit MODP Group" },
973 { 15, "3072-bit MODP Group" },
974 { 16, "4096-bit MODP Group" },
975 { 17, "6144-bit MODP Group" },
976 { 18, "8192-bit MODP Group" },
980 if ((tid >= 6 && tid <= 13) || (tid >= 19 && tid <= 1023))
981 return "RESERVED TO IANA";
983 return "PRIVATE USE";
984 return val_to_str(tid, vs_v2_trans_dhgroup, "UNKNOWN-DH-GROUP");
987 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
989 v2_tid2esnstr(guint16 tid)
991 static const value_string vs_v2_trans_esn[] = {
992 { 0, "No Extended Sequence Numbers" },
993 { 1, "Extended Sequence Numbers" },
997 return val_to_str(tid, vs_v2_trans_esn, "UNKNOWN-ESN-TYPE");
1003 const char *(*func)(guint16);
1005 { 0, "RESERVED", NULL, },
1006 { 1, "Encryption Algorithm (ENCR)", v2_tid2encstr },
1007 { 2, "Pseudo-random Function (PRF)", v2_tid2prfstr },
1008 { 3, "Integrity Algorithm (INTEG)", v2_tid2iastr },
1009 { 4, "Diffie-Hellman Group (D-H)", v2_tid2dhstr },
1010 { 5, "Extended Sequence Numbers (ESN)", v2_tid2esnstr },
1014 v2_trans2str(guint8 type)
1016 if (type < ARLEN(v2_tid_func)) return v2_tid_func[type].str;
1017 if (type < 240) return "RESERVED TO IANA";
1018 return "PRIVATE USE";
1022 v2_tid2str(guint8 type, guint16 tid)
1024 if (type < ARLEN(v2_tid_func) && v2_tid_func[type].func != NULL) {
1025 return (v2_tid_func[type].func)(tid);
1031 v2_aft2str(guint16 aft)
1033 if (aft < 14 || (aft > 14 && aft < 18)) return "RESERVED";
1034 if (aft == 14) return "Key Length (in bits)";
1035 if (aft >= 18 && aft < 16384) return "RESERVED TO IANA";
1036 return "PRIVATE USE";
1040 dissect_transform2(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1041 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1043 guint8 transform_type;
1044 guint16 transform_id;
1046 transform_type = tvb_get_guint8(tvb, offset);
1047 proto_tree_add_text(tree, tvb, offset, 1,
1048 "Transform type: %s (%u)", v2_trans2str(transform_type), transform_type);
1052 transform_id = tvb_get_ntohs(tvb, offset);
1053 proto_tree_add_text(tree, tvb, offset, 2,
1054 "Transform ID: %s (%u)", v2_tid2str(transform_type, transform_id),
1061 guint16 aft = tvb_get_ntohs(tvb, offset);
1062 guint16 type = aft & 0x7fff;
1067 str = v2_aft2str(aft);
1070 val = tvb_get_ntohs(tvb, offset + 2);
1071 proto_tree_add_text(tree, tvb, offset, 4,
1074 v2_attrval2str(type, val), val);
1079 len = tvb_get_ntohs(tvb, offset + 2);
1081 if (!get_num(tvb, offset + 4, len, &val)) {
1082 proto_tree_add_text(tree, tvb, offset, pack_len,
1083 "%s (%u): <too big (%u bytes)>",
1086 proto_tree_add_text(tree, tvb, offset, pack_len,
1089 v2_attrval2str(type, val), val);
1098 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1099 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1103 if (isakmp_version == 2) {
1104 dhgroup = tvb_get_ntohs(tvb, offset);
1105 proto_tree_add_text(tree, tvb, offset, 2,
1106 "DH Group #: %u", dhgroup);
1111 proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data");
1115 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1116 packet_info *pinfo, int isakmp_version, int unused _U_)
1122 id_type = tvb_get_guint8(tvb, offset);
1123 proto_tree_add_text(tree, tvb, offset, 1,
1125 id2str(isakmp_version, id_type), id_type);
1129 protocol_id = tvb_get_guint8(tvb, offset);
1130 if (protocol_id == 0) {
1131 proto_tree_add_text(tree, tvb, offset, 1,
1132 "Protocol ID: Unused");
1134 proto_tree_add_text(tree, tvb, offset, 1,
1135 "Protocol ID: %s (%u)",
1136 ipprotostr(protocol_id), protocol_id);
1141 port = tvb_get_ntohs(tvb, offset);
1143 proto_tree_add_text(tree, tvb, offset, 2, "Port: Unused");
1145 proto_tree_add_text(tree, tvb, offset, 2, "Port: %u", port);
1150 * It shows strings of all types though some of types are not
1151 * supported in IKEv2 specification actually.
1154 case IKE_ID_IPV4_ADDR:
1155 proto_tree_add_text(tree, tvb, offset, length,
1156 "Identification data: %s",
1157 ip_to_str(tvb_get_ptr(tvb, offset, 4)));
1160 case IKE_ID_USER_FQDN:
1161 proto_tree_add_text(tree, tvb, offset, length,
1162 "Identification data: %.*s", length,
1163 tvb_get_ptr(tvb, offset, length));
1165 case IKE_ID_IPV4_ADDR_SUBNET:
1166 case IKE_ID_IPV4_ADDR_RANGE:
1167 proto_tree_add_text(tree, tvb, offset, length,
1168 "Identification data: %s/%s",
1169 ip_to_str(tvb_get_ptr(tvb, offset, 4)),
1170 ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
1172 case IKE_ID_IPV6_ADDR:
1173 proto_tree_add_text(tree, tvb, offset, length,
1174 "Identification data: %s",
1175 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)));
1177 case IKE_ID_IPV6_ADDR_SUBNET:
1178 case IKE_ID_IPV6_ADDR_RANGE:
1179 proto_tree_add_text(tree, tvb, offset, length,
1180 "Identification data: %s/%s",
1181 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)),
1182 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset+16, 16)));
1184 case IKE_ID_DER_ASN1_DN:
1185 dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree,
1186 hf_ike_certificate_authority);
1189 proto_tree_add_text(tree, tvb, offset, length, "Identification Data");
1195 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1196 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1200 cert_enc = tvb_get_guint8(tvb, offset);
1201 proto_tree_add_text(tree, tvb, offset, 1,
1202 "Certificate encoding: %u - %s",
1203 cert_enc, certtype2str(isakmp_version, cert_enc));
1207 proto_tree_add_text(tree, tvb, offset, length, "Certificate Data");
1211 dissect_certreq_v1(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1212 packet_info *pinfo, int isakmp_version, int unused _U_)
1216 cert_type = tvb_get_guint8(tvb, offset);
1217 proto_tree_add_text(tree, tvb, offset, 1,
1218 "Certificate type: %u - %s",
1219 cert_type, certtype2str(isakmp_version, cert_type));
1224 if (cert_type == 4){
1225 dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree, hf_ike_certificate_authority);
1227 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
1231 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority (empty)");
1235 dissect_certreq_v2(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1236 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1240 cert_type = tvb_get_guint8(tvb, offset);
1241 proto_tree_add_text(tree, tvb, offset, 1,
1242 "Certificate type: %u - %s",
1243 cert_type, certtype2str(isakmp_version, cert_type));
1247 /* this is a list of 20 byte SHA-1 hashes */
1248 while (length > 0) {
1249 proto_tree_add_item(tree, hf_ike_v2_certificate_authority, tvb, offset, 20, FALSE);
1255 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1256 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1258 proto_tree_add_text(tree, tvb, offset, length, "Hash Data");
1262 dissect_auth(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1263 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1267 auth = tvb_get_guint8(tvb, offset);
1268 proto_tree_add_text(tree, tvb, offset, 1,
1269 "Auth Method: %s (%u)", v2_auth2str(auth), auth);
1273 proto_tree_add_text(tree, tvb, offset, length, "Authentication Data");
1277 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1278 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1280 proto_tree_add_text(tree, tvb, offset, length, "Signature Data");
1284 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1285 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1287 proto_tree_add_text(tree, tvb, offset, length, "Nonce Data");
1291 v2_ipcomptype2str(guint8 type)
1293 static const value_string vs_v2_ipcomptype[] = {
1295 { 1, "IPCOMP_OUI" },
1296 { 2, "IPCOMP_DEFLATE" },
1297 { 3, "IPCOMP_LZS" },
1298 { 4, "IPCOMP_LZJH" },
1302 if (type >= 5 && type <= 240)
1303 return "RESERVED TO IANA";
1305 return "PRIVATE USE";
1306 return val_to_str(type, vs_v2_ipcomptype, "UNKNOWN-IPCOMP-TYPE");
1310 dissect_notif(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1311 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1319 if (isakmp_version == 1) {
1320 doi = tvb_get_ntohl(tvb, offset);
1321 proto_tree_add_text(tree, tvb, offset, 4,
1322 "Domain of Interpretation: %s (%u)",
1323 doitype2str(doi), doi);
1328 protocol_id = tvb_get_guint8(tvb, offset);
1329 proto_tree_add_text(tree, tvb, offset, 1,
1330 "Protocol ID: %s (%u)",
1331 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
1335 spi_size = tvb_get_guint8(tvb, offset);
1336 proto_tree_add_text(tree, tvb, offset, 1,
1337 "SPI size: %u", spi_size);
1341 msgtype = tvb_get_ntohs(tvb, offset);
1342 proto_tree_add_text(tree, tvb, offset, 2,
1343 "Message type: %s (%u)",
1344 msgtype2str(isakmp_version, msgtype), msgtype);
1349 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
1350 tvb_bytes_to_str(tvb, offset, spi_size));
1356 proto_tree_add_text(tree, tvb, offset, length, "Notification Data");
1358 /* notification data */
1359 if (isakmp_version == 2 && msgtype == 16387) {
1360 /* IPCOMP_SUPPORTED */
1361 proto_tree_add_text(tree, tvb, offset, 2,
1362 "IPComp CPI (%u)", tvb_get_ntohs(tvb, offset));
1363 ipcomptype = tvb_get_guint8(tvb, offset + 2);
1364 proto_tree_add_text(tree, tvb, offset + 2, 1,
1365 "Transform ID: %s (%u)",
1366 v2_ipcomptype2str(ipcomptype), ipcomptype);
1374 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1375 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1383 if (isakmp_version == 1) {
1384 doi = tvb_get_ntohl(tvb, offset);
1385 proto_tree_add_text(tree, tvb, offset, 4,
1386 "Domain of Interpretation: %s (%u)",
1387 doitype2str(doi), doi);
1392 protocol_id = tvb_get_guint8(tvb, offset);
1393 proto_tree_add_text(tree, tvb, offset, 1,
1394 "Protocol ID: %s (%u)",
1395 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
1399 spi_size = tvb_get_guint8(tvb, offset);
1400 proto_tree_add_text(tree, tvb, offset, 1,
1401 "SPI size: %u", spi_size);
1405 num_spis = tvb_get_ntohs(tvb, offset);
1406 proto_tree_add_text(tree, tvb, offset, 2,
1407 "Number of SPIs: %u", num_spis);
1411 for (i = 0; i < num_spis; ++i) {
1412 if (length < spi_size) {
1413 proto_tree_add_text(tree, tvb, offset, length,
1414 "Not enough room in payload for all SPI's");
1417 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
1418 tvb_bytes_to_str(tvb, offset, spi_size));
1425 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1426 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1428 guint32 CPproduct, CPversion;
1429 const guint8 * pVID;
1432 pVID = tvb_get_ptr(tvb, offset, length);
1433 pt = proto_tree_add_text(tree, tvb, offset, length, "Vendor ID: ");
1434 if (memcmp(pVID, VID_MS_W2K_WXP, isakmp_min(VID_MS_LEN, length)) == 0)
1435 proto_item_append_text(pt, "Microsoft Win2K/WinXP");
1437 if (memcmp(pVID, VID_CP, isakmp_min(VID_CP_LEN, length)) == 0)
1439 proto_item_append_text(pt, "Check Point");
1440 offset += VID_CP_LEN;
1441 CPproduct = tvb_get_ntohl(tvb, offset);
1442 ntree = proto_item_add_subtree(pt, ett_isakmp_payload);
1443 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPproduct), "Check Point Product: ");
1444 switch (CPproduct) {
1445 case 1: proto_item_append_text(pt, "VPN-1");
1447 case 2: proto_item_append_text(pt, "SecuRemote/SecureClient");
1449 default: proto_item_append_text(pt, "Unknown CP product!");
1452 offset += sizeof(CPproduct);
1453 CPversion = tvb_get_ntohl(tvb, offset);
1454 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPversion), "Version: ");
1455 switch (CPversion) {
1456 case 2: proto_item_append_text(pt, "4.1");
1458 case 3: proto_item_append_text(pt, "4.1 SP-1");
1460 case 4002: proto_item_append_text(pt, "4.1 (SP-2 or above)");
1462 case 5000: proto_item_append_text(pt, "NG");
1464 case 5001: proto_item_append_text(pt, "NG Feature Pack 1");
1466 case 5002: proto_item_append_text(pt, "NG Feature Pack 2");
1468 case 5003: proto_item_append_text(pt, "NG Feature Pack 3");
1470 case 5004: proto_item_append_text(pt, "NG with Application Intelligence");
1472 case 5005: proto_item_append_text(pt, "NG with Application Intelligence R55");
1474 default: proto_item_append_text(pt, " Unknown CP version!");
1477 offset += sizeof(CPversion);
1478 proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters");
1481 if (memcmp(pVID, VID_CYBERGUARD, isakmp_min(VID_LEN, length)) == 0)
1482 proto_item_append_text(pt, "Cyber Guard");
1484 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_03, isakmp_min(VID_LEN, length)) == 0)
1485 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-03");
1487 if (memcmp(pVID, VID_rfc3947, isakmp_min(VID_LEN, length)) == 0)
1488 proto_item_append_text(pt, "RFC 3947 Negotiation of NAT-Traversal in the IKE");
1490 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_0, isakmp_min(VID_LEN, length)) == 0)
1491 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.0");
1493 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_1, isakmp_min(VID_LEN, length)) == 0)
1494 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.1");
1496 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_2, isakmp_min(VID_LEN, length)) == 0)
1497 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.2");
1499 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_1, isakmp_min(VID_LEN, length)) == 0)
1500 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.2.1");
1502 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_2, isakmp_min(VID_LEN, length)) == 0)
1503 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.2.2");
1505 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_0_0, isakmp_min(VID_LEN, length)) == 0)
1506 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.0.0");
1508 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_0, isakmp_min(VID_LEN, length)) == 0)
1509 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.0");
1511 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_1, isakmp_min(VID_LEN, length)) == 0)
1512 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.1");
1514 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_2, isakmp_min(VID_LEN, length)) == 0)
1515 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.2");
1517 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_0, isakmp_min(VID_LEN, length)) == 0)
1518 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 3.0.0");
1520 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_1, isakmp_min(VID_LEN, length)) == 0)
1521 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 3.0.1");
1523 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_0, isakmp_min(VID_LEN, length)) == 0)
1524 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.0.0");
1526 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_1, isakmp_min(VID_LEN, length)) == 0)
1527 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.0.1");
1529 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_0, isakmp_min(VID_LEN, length)) == 0)
1530 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.1.0");
1532 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_1, isakmp_min(VID_LEN, length)) == 0)
1533 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.1.1");
1535 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0, isakmp_min(VID_LEN, length)) == 0)
1536 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.0");
1538 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0_0, isakmp_min(VID_LEN, length)) == 0)
1539 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.0.0");
1541 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_0, isakmp_min(VID_LEN, length)) == 0)
1542 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.1.0");
1544 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_1, isakmp_min(VID_LEN, length)) == 0)
1545 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.1.1");
1547 if (memcmp(pVID, VID_SSH_SENTINEL, isakmp_min(VID_LEN, length)) == 0)
1548 proto_item_append_text(pt, "SSH Sentinel");
1550 if (memcmp(pVID, VID_SSH_SENTINEL_1_1, isakmp_min(VID_LEN, length)) == 0)
1551 proto_item_append_text(pt, "SSH Sentinel 1.1");
1553 if (memcmp(pVID, VID_SSH_SENTINEL_1_2, isakmp_min(VID_LEN, length)) == 0)
1554 proto_item_append_text(pt, "SSH Sentinel 1.2");
1556 if (memcmp(pVID, VID_SSH_SENTINEL_1_3, isakmp_min(VID_LEN, length)) == 0)
1557 proto_item_append_text(pt, "SSH Sentinel 1.3");
1559 if (memcmp(pVID, VID_SSH_QUICKSEC_0_9_0, isakmp_min(VID_LEN, length)) == 0)
1560 proto_item_append_text(pt, "SSH Communications Security QuickSec 0.9.0");
1562 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_0, isakmp_min(VID_LEN, length)) == 0)
1563 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.0");
1565 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_1, isakmp_min(VID_LEN, length)) == 0)
1566 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.1");
1568 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_2, isakmp_min(VID_LEN, length)) == 0)
1569 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.2");
1571 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_3, isakmp_min(VID_LEN, length)) == 0)
1572 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.3");
1574 if (memcmp(pVID, VID_draft_huttunen_ipsec_esp_in_udp_01, isakmp_min(VID_LEN, length)) == 0)
1575 proto_item_append_text(pt, "draft-huttunen-ipsec-esp-in-udp-01.txt");
1577 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_01, isakmp_min(VID_LEN, length)) == 0)
1578 proto_item_append_text(pt, "draft-stenberg-ipsec-nat-traversal-01");
1580 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_02, isakmp_min(VID_LEN, length)) == 0)
1581 proto_item_append_text(pt, "draft-stenberg-ipsec-nat-traversal-02");
1583 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_00, isakmp_min(VID_LEN, length)) == 0)
1584 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-00");
1586 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02a, isakmp_min(VID_LEN, length)) == 0)
1587 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-02");
1589 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02b, isakmp_min(VID_LEN, length)) == 0)
1590 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-02");
1592 if (memcmp(pVID, VID_draft_beaulieu_ike_xauth_02, isakmp_min(VID_LEN, length)) == 0)
1593 proto_item_append_text(pt, "draft-beaulieu-ike-xauth-02.txt");
1595 if (memcmp(pVID, VID_rfc3706_dpd, isakmp_min(VID_LEN, length)) == 0)
1596 proto_item_append_text(pt, "RFC 3706 Detecting Dead IKE Peers (DPD)");
1598 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_1, isakmp_min(VID_LEN, length)) == 0)
1599 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys");
1601 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_2, isakmp_min(VID_LEN, length)) == 0)
1602 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys");
1604 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_1, isakmp_min(VID_LEN, length)) == 0)
1605 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)");
1607 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_2, isakmp_min(VID_LEN, length)) == 0)
1608 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)");
1610 if (memcmp(pVID, VID_MS_L2TP_IPSEC_VPN_CLIENT, isakmp_min(VID_LEN, length)) == 0)
1611 proto_item_append_text(pt, "Microsoft L2TP/IPSec VPN Client");
1613 if (memcmp(pVID, VID_GSS_API_1, isakmp_min(VID_LEN, length)) == 0)
1614 proto_item_append_text(pt, "A GSS-API Authentication Method for IKE");
1616 if (memcmp(pVID, VID_GSS_API_2, isakmp_min(VID_LEN, length)) == 0)
1617 proto_item_append_text(pt, "A GSS-API Authentication Method for IKE");
1619 if (memcmp(pVID, VID_GSSAPI, isakmp_min(VID_LEN, length)) == 0)
1620 proto_item_append_text(pt, "GSSAPI");
1622 if (memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, isakmp_min(VID_LEN, length)) == 0)
1623 proto_item_append_text(pt, "MS NT5 ISAKMPOAKLEY");
1625 if (memcmp(pVID, VID_CISCO_UNITY, isakmp_min(VID_LEN, length)) == 0)
1626 proto_item_append_text(pt, "CISCO-UNITY");
1628 if (memcmp(pVID, VID_draft_ietf_ipsec_antireplay_00, isakmp_min(VID_LEN_8, length)) == 0)
1629 proto_item_append_text(pt, "draft-ietf-ipsec-antireplay-00.txt");
1631 if (memcmp(pVID, VID_draft_ietf_ipsec_heartbeats_00, isakmp_min(VID_LEN_8, length)) == 0)
1632 proto_item_append_text(pt, "draft-ietf-ipsec-heartbeats-00.txt");
1634 proto_item_append_text(pt, "unknown vendor ID: 0x%s",tvb_bytes_to_str(tvb, offset, length));
1638 dissect_config(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1639 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1643 if (isakmp_version == 1) {
1644 type = tvb_get_guint8(tvb, offset);
1645 proto_tree_add_text(tree, tvb, offset, 1,
1647 cfgtype2str(isakmp_version, type), type);
1651 proto_tree_add_text(tree, tvb, offset, 2,
1652 "Identifier: %u", tvb_get_ntohs(tvb, offset));
1655 } else if (isakmp_version == 2) {
1656 type = tvb_get_guint8(tvb, offset);
1657 proto_tree_add_text(tree, tvb, offset, 1,
1659 cfgtype2str(isakmp_version, type), type);
1665 guint16 aft = tvb_get_ntohs(tvb, offset);
1666 guint16 type = aft & 0x7fff;
1672 val = tvb_get_ntohs(tvb, offset + 2);
1673 proto_tree_add_text(tree, tvb, offset, 4,
1675 cfgattr2str(isakmp_version, type), val);
1680 len = tvb_get_ntohs(tvb, offset + 2);
1682 if (!get_num(tvb, offset + 4, len, &val)) {
1683 proto_tree_add_text(tree, tvb, offset, pack_len,
1684 "%s: <too big (%u bytes)>",
1685 cfgattr2str(isakmp_version, type), len);
1687 proto_tree_add_text(tree, tvb, offset, 4,
1689 cfgattr2str(isakmp_version, type), val);
1698 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1699 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1701 proto_tree_add_text(tree, tvb, offset, length,
1702 "Hash of address and port: %s",
1703 tvb_bytes_to_str(tvb, offset, length));
1707 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1708 packet_info *pinfo _U_, int isakmp_version, int unused _U_)
1712 struct e_in6_addr addr_ipv6;
1714 id_type = tvb_get_guint8(tvb, offset);
1715 proto_tree_add_text(tree, tvb, offset, 1,
1717 id2str(isakmp_version, id_type), id_type);
1721 offset += 3; /* reserved */
1726 case IKE_ID_IPV4_ADDR:
1728 addr_ipv4 = tvb_get_ipv4(tvb, offset);
1729 proto_tree_add_text(tree, tvb, offset, length,
1730 "Original address: %s",
1731 ip_to_str((guint8 *)&addr_ipv4));
1733 proto_tree_add_text(tree, tvb, offset, length,
1734 "Original address: bad length, should be 4, is %u",
1739 case IKE_ID_IPV6_ADDR:
1741 tvb_get_ipv6(tvb, offset, &addr_ipv6);
1742 proto_tree_add_text(tree, tvb, offset, length,
1743 "Original address: %s",
1744 ip6_to_str(&addr_ipv6));
1746 proto_tree_add_text(tree, tvb, offset, length,
1747 "Original address: bad length, should be 16, is %u",
1753 proto_tree_add_text(tree, tvb, offset, length,
1754 "Original address: bad address type");
1760 dissect_ts(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1761 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1763 guint8 num, tstype, protocol_id, addrlen;
1766 proto_tree_add_text(tree, tvb, offset, length, "Traffic Selector");
1768 num = tvb_get_guint8(tvb, offset);
1769 proto_item_append_text(tree," # %d", num);
1770 proto_tree_add_text(tree, tvb, offset, 1,
1771 "Number of TSs: %u", num);
1775 while (length > 0) {
1776 tstype = tvb_get_guint8(tvb, offset);
1777 proto_tree_add_text(tree, tvb, offset, 1,
1779 v2_tstype2str(tstype), tstype);
1781 case IKEV2_TS_IPV4_ADDR_RANGE:
1784 case IKEV2_TS_IPV6_ADDR_RANGE:
1788 proto_item_append_text(tree, "unknown TS data (aborted decoding): 0x%s",
1789 tvb_bytes_to_str(tvb, offset, length));
1794 * XXX should the remaining of the length check be done here ?
1795 * it seems other routines don't check the length.
1797 if (length < (8 + addrlen * 2)) {
1798 proto_tree_add_text(tree, tvb, offset, length,
1799 "Length mismatch (%u)", length);
1805 protocol_id = tvb_get_guint8(tvb, offset);
1806 proto_tree_add_text(tree, tvb, offset, 1,
1807 "Protocol ID: (%u)", protocol_id);
1811 len = tvb_get_ntohs(tvb, offset);
1812 proto_tree_add_text(tree, tvb, offset, 2,
1813 "Selector Length: %u", len);
1817 port = tvb_get_ntohs(tvb, offset);
1818 proto_tree_add_text(tree, tvb, offset, 2,
1819 "Start Port: (%u)", port);
1823 port = tvb_get_ntohs(tvb, offset);
1824 proto_tree_add_text(tree, tvb, offset, 2,
1825 "End Port: (%u)", port);
1830 case IKEV2_TS_IPV4_ADDR_RANGE:
1831 proto_tree_add_text(tree, tvb, offset, length,
1832 "Starting Address: %s",
1833 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
1836 proto_tree_add_text(tree, tvb, offset, length,
1837 "Ending Address: %s",
1838 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
1842 case IKEV2_TS_IPV6_ADDR_RANGE:
1843 proto_tree_add_text(tree, tvb, offset, length,
1844 "Starting Address: %s",
1845 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
1848 proto_tree_add_text(tree, tvb, offset, length,
1849 "Ending Address: %s",
1850 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
1859 dissect_enc(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1860 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1862 proto_tree_add_text(tree, tvb, offset, 4, "Initialization Vector: 0x%s",
1863 tvb_bytes_to_str(tvb, offset, 4));
1864 proto_tree_add_text(tree, tvb, offset + 4, length, "Encrypted Data");
1868 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1869 packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_)
1871 proto_tree_add_text(tree, tvb, offset, length, "EAP Message");
1875 payloadtype2str(int isakmp_version, guint8 type)
1877 struct payload_func *f;
1879 if ((f = getpayload_func(type, isakmp_version)) != NULL)
1882 if (isakmp_version == 1) {
1885 return "Private USE";
1886 } else if (isakmp_version == 2) {
1888 return "PRIVATE USE";
1890 return "RESERVED TO IANA";
1893 return "UNKNOWN-ISAKMP-VERSION";
1897 exchtype2str(int isakmp_version, guint8 type)
1899 static const value_string vs_v1_exchange[] = {
1902 { 2, "Identity Protection (Main Mode)" },
1903 { 3, "Authentication Only" },
1904 { 4, "Aggressive" },
1905 { 5, "Informational" },
1906 { 6, "Transaction (Config Mode)" },
1907 { 32, "Quick Mode" },
1908 { 33, "New Group Mode" },
1912 static const value_string vs_v2_exchange[] = {
1913 { 34, "IKE_SA_INIT" },
1914 { 35, "IKE_AUTH " },
1915 { 36, "CREATE_CHILD_SA" },
1916 { 37, "INFORMATIONAL" },
1920 if (isakmp_version == 1) {
1921 if (type > 6 && type < 32)
1922 return "ISAKMP Future Use";
1923 if (type > 33 && type < 240)
1924 return "DOI Specific Use";
1925 return val_to_str(type, vs_v1_exchange, "Private Use");
1926 } else if (isakmp_version == 2) {
1929 if (type > 37 && type < 240)
1930 return "Reserved for IKEv2+";
1931 return val_to_str(type, vs_v2_exchange, "Reserved for private use");
1933 return "UNKNOWN-ISAKMP-VERSION";
1937 doitype2str(guint32 type)
1939 if (type == 1) return "IPSEC";
1940 return "Unknown DOI Type";
1944 msgtype2str(int isakmp_version, guint16 type)
1946 static const value_string vs_v1_notifmsg[] = {
1948 { 1, "INVALID-PAYLOAD-TYPE" },
1949 { 2, "DOI-NOT-SUPPORTED" },
1950 { 3, "SITUATION-NOT-SUPPORTED" },
1951 { 4, "INVALID-COOKIE" },
1952 { 5, "INVALID-MAJOR-VERSION" },
1953 { 6, "INVALID-MINOR-VERSION" },
1954 { 7, "INVALID-EXCHANGE-TYPE" },
1955 { 8, "INVALID-FLAGS" },
1956 { 9, "INVALID-MESSAGE-ID" },
1957 { 10, "INVALID-PROTOCOL-ID" },
1958 { 11, "INVALID-SPI" },
1959 { 12, "INVALID-TRANSFORM-ID" },
1960 { 13, "ATTRIBUTES-NOT-SUPPORTED" },
1961 { 14, "NO-PROPOSAL-CHOSEN" },
1962 { 15, "BAD-PROPOSAL-SYNTAX" },
1963 { 16, "PAYLOAD-MALFORMED" },
1964 { 17, "INVALID-KEY-INFORMATION" },
1965 { 18, "INVALID-ID-INFORMATION" },
1966 { 19, "INVALID-CERT-ENCODING" },
1967 { 20, "INVALID-CERTIFICATE" },
1968 { 21, "CERT-TYPE-UNSUPPORTED" },
1969 { 22, "INVALID-CERT-AUTHORITY" },
1970 { 23, "INVALID-HASH-INFORMATION" },
1971 { 24, "AUTHENTICATION-FAILED" },
1972 { 25, "INVALID-SIGNATURE" },
1973 { 26, "ADDRESS-NOTIFICATION" },
1974 { 27, "NOTIFY-SA-LIFETIME" },
1975 { 28, "CERTIFICATE-UNAVAILABLE" },
1976 { 29, "UNSUPPORTED-EXCHANGE-TYPE" },
1977 { 30, "UNEQUAL-PAYLOAD-LENGTHS" },
1978 { 8192, "RESERVED" },
1979 { 16384, "CONNECTED" },
1980 { 24576, "RESPONDER-LIFETIME" },
1981 { 24577, "REPLAY-STATUS" },
1982 { 24578, "INITIAL-CONTACT" },
1986 static const value_string vs_v2_notifmsg[] = {
1988 { 4, "INVALID_IKE_SPI" },
1989 { 5, "INVALID_MAJOR_VERSION" },
1990 { 7, "INVALID_SYNTAX" },
1991 { 9, "INVALID_MESSAGE_ID" },
1992 { 11, "INVALID_SPI" },
1993 { 14, "NO_PROPOSAL_CHOSEN" },
1994 { 17, "INVALID_KE_PAYLOAD" },
1995 { 24, "AUTHENTICATION_FAILED" },
1996 { 34, "SINGLE_PAIR_REQUIRED" },
1997 { 35, "NO_ADDITIONAL_SAS" },
1998 { 36, "INTERNAL_ADDRESS_FAILURE" },
1999 { 37, "FAILED_CP_REQUIRED" },
2000 { 38, "TS_UNACCEPTABLE" },
2001 { 39, "INVALID_SELECTORS" },
2002 { 16384, "INITIAL_CONTACT" },
2003 { 16385, "SET_WINDOW_SIZE" },
2004 { 16386, "ADDITIONAL_TS_POSSIBLE" },
2005 { 16387, "IPCOMP_SUPPORTED" },
2006 { 16388, "NAT_DETECTION_SOURCE_IP" },
2007 { 16389, "NAT_DETECTION_DESTINATION_IP" },
2008 { 16390, "COOKIE" },
2009 { 16391, "USE_TRANSPORT_MODE" },
2010 { 16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
2011 { 16393, "REKEY_SA" },
2012 { 16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
2013 { 16395, "NON_FIRST_FRAGMENTS_ALSO" },
2017 if (isakmp_version == 1) {
2018 if (type > 30 && type < 8192)
2019 return "RESERVED (Future Use)";
2020 if (type > 8192 && type < 16384)
2021 return "Private Use";
2022 if (type > 16384 && type < 24576)
2023 return "RESERVED (Future Use) - status";
2024 if (type > 24578 && type < 32768)
2025 return "DOI-specific codes";
2026 if (type > 32767 && type < 40960)
2027 return "Private Use - status";
2028 if (type > 40959 && type < 65535)
2029 return "RESERVED (Future Use) - status (2)";
2030 return val_to_str(type, vs_v1_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
2031 } else if (isakmp_version == 2) {
2032 if (type >= 40 && type <= 8191)
2033 return "RESERVED TO IANA - Error types";
2034 if (type >= 16396 && type <= 40959)
2035 return "RESERVED TO IANA - STATUS TYPES";
2036 if (type >= 8192 && type <= 16383)
2037 return "Private Use - Errors";
2039 return "Private Use - STATUS TYPES";
2040 return val_to_str(type, vs_v2_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
2042 return "UNKNOWN-ISAKMP-VERSION";
2046 situation2str(guint32 type)
2049 #define SIT_MSG_NUM 1024
2050 #define SIT_IDENTITY 0x01
2051 #define SIT_SECRECY 0x02
2052 #define SIT_INTEGRITY 0x04
2054 static char msg[SIT_MSG_NUM];
2056 const char * sep = "";
2059 if (type & SIT_IDENTITY) {
2060 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
2061 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
2068 if (type & SIT_SECRECY) {
2069 if (n >= SIT_MSG_NUM) {
2073 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
2074 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
2081 if (type & SIT_INTEGRITY) {
2082 if (n >= SIT_MSG_NUM) {
2086 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
2087 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
2099 v2_attrval2str(guint16 att_type, guint32 value)
2101 value = 0; /* dummy to be less warning in compiling it */
2104 return "Key-Length";
2106 return "UNKNOWN-ATTRIBUTE-TYPE";
2111 v1_attrval2str(int ike_p1, guint16 att_type, guint32 value)
2113 static const value_string vs_v1_attrval_lttype[] = {
2120 static const value_string vs_v1_attrval_encap[] = {
2124 { 3, "UDP-Encapsulated-Tunnel" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
2125 { 4, "UDP-Encapsulated-Transport" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
2126 { 61440, "Check Point IPSec UDP Encapsulation" },
2127 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
2128 { 61444, "UDP-Encapsulated-Transport (draft)" },
2132 static const value_string vs_v1_attrval_auth[] = {
2138 { 5, "HMAC-SHA2-256" },
2139 { 6, "HMAC-SHA2-384" },
2140 { 7, "HMAC-SHA2-512" },
2144 static const value_string vs_v1_attrval_enc[] = {
2148 { 3, "BLOWFISH-CBC" },
2149 { 4, "RC5-R16-B64-CBC" },
2156 static const value_string vs_v1_attrval_hash[] = {
2167 static const value_string vs_v1_attrval_authmeth[] = {
2173 { 5, "RSA-Revised-ENC" },
2174 { 6, "Encryption with El-Gamal" },
2175 { 7, "Revised encryption with El-Gamal" },
2176 { 8, "ECDSA signatures" },
2177 { 9, "AES-XCBC-MAC" },
2178 { 64221, "HybridInitRSA" },
2179 { 64222, "HybridRespRSA" },
2180 { 64223, "HybridInitDSS" },
2181 { 64224, "HybridRespDSS" },
2182 { 65001, "XAUTHInitPreShared" },
2183 { 65002, "XAUTHRespPreShared" },
2184 { 65003, "XAUTHInitDSS" },
2185 { 65004, "XAUTHRespDSS" },
2186 { 65005, "XAUTHInitRSA" },
2187 { 65006, "XAUTHRespRSA" },
2188 { 65007, "XAUTHInitRSAEncryption" },
2189 { 65008, "XAUTHRespRSAEncryption" },
2190 { 65009, "XAUTHInitRSARevisedEncryption" },
2191 { 65010, "XAUTHRespRSARevisedEncryption" },
2195 static const value_string vs_v1_attrval_grpdesc[] = {
2196 { 0, "UNDEFINED - 0" },
2197 { 1, "Default 768-bit MODP group" },
2198 { 2, "Alternate 1024-bit MODP group" },
2199 { 3, "EC2N group on GP[2^155] group" },
2200 { 4, "EC2N group on GP[2^185] group" },
2201 { 5, "1536 bit MODP group" },
2202 { 6, "EC2N group over GF[2^163]" },
2203 { 7, "EC2N group over GF[2^163]" },
2204 { 8, "EC2N group over GF[2^283]" },
2205 { 9, "EC2N group over GF[2^283]" },
2206 { 10, "EC2N group over GF[2^409]" },
2207 { 11, "EC2N group over GF[2^409]" },
2208 { 12, "EC2N group over GF[2^571]" },
2209 { 13, "EC2N group over GF[2^571]" },
2210 { 14, "2048 bit MODP group" },
2211 { 15, "3072 bit MODP group" },
2212 { 16, "4096 bit MODP group" },
2213 { 17, "6144 bit MODP group" },
2214 { 18, "8192 bit MODP group" },
2218 static const value_string vs_v1_attrval_grptype[] = {
2219 { 0, "UNDEFINED - 0" },
2226 static const value_string vs_v1_attrval_lifetype[] = {
2227 { 0, "UNDEFINED - 0" },
2233 if (value == 0) return "RESERVED";
2238 return val_to_str(value, vs_v1_attrval_lttype, "UNKNOWN-LIFETIME-TYPE");
2240 return "Duration-Value";
2242 return "Group-Value";
2244 return val_to_str(value, vs_v1_attrval_encap, "UNKNOWN-ENCAPSULATION-VALUE");
2246 return val_to_str(value, vs_v1_attrval_auth, "UNKNOWN-AUTHENTICATION-VALUE");
2248 return "Key-Length";
2250 return "Key-Rounds";
2252 return "Compress-Dictionary-size";
2254 return "Compress Private Algorithm";
2256 return "UNKNOWN-ATTRIBUTE-TYPE";
2262 return val_to_str(value, vs_v1_attrval_enc, "UNKNOWN-ENCRYPTION-ALG");
2264 return val_to_str(value, vs_v1_attrval_hash, "UNKNOWN-HASH-ALG");
2266 return val_to_str(value, vs_v1_attrval_authmeth, "UNKNOWN-AUTH-METHOD");
2268 return val_to_str(value, vs_v1_attrval_grpdesc, "UNKNOWN-GROUP-DESCRIPTION");
2275 return "Group-Value";
2277 return val_to_str(value, vs_v1_attrval_grptype, "UNKNOWN-GROUP-TYPE");
2279 return val_to_str(value, vs_v1_attrval_lifetype, "UNKNOWN-LIFE-TYPE");
2281 return "Duration-Value";
2285 return "Key-Length";
2287 return "Field-Size";
2289 return "UNKNOWN-ATTRIBUTE-TYPE";
2295 cfgtype2str(int isakmp_version, guint8 type)
2297 static const value_string vs_v1_cfgtype[] = {
2299 { 1, "ISAKMP_CFG_REQUEST" },
2300 { 2, "ISAKMP_CFG_REPLY" },
2301 { 3, "ISAKMP_CFG_SET" },
2302 { 4, "ISAKMP_CFG_ACK" },
2307 static const value_string vs_v2_cfgtype[] = {
2309 { 1, "CFG_REQUEST" },
2317 if (isakmp_version == 1) {
2318 if (type >= 5 && type <= 127)
2319 return "Future use";
2321 return "Private Use";
2322 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
2323 } else if (isakmp_version == 2) {
2324 if (type >= 5 && type <= 127)
2325 return "RESERVED TO IANA";
2327 return "PRIVATE USE";
2328 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
2330 return "UNKNOWN-ISAKMP-VERSION";
2334 id2str(int isakmp_version, guint8 type)
2336 static const value_string vs_ident[] = {
2337 { IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
2338 { IKE_ID_FQDN, "FQDN" },
2339 { IKE_ID_USER_FQDN, "USER_FQDN" },
2340 { IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
2341 { IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
2342 { IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
2343 { IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
2344 { IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
2345 { IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
2346 { IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
2347 { IKE_ID_KEY_ID, "KEY_ID" },
2351 if (isakmp_version == 1) {
2354 return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
2355 } else if (isakmp_version == 2) {
2356 if (type == 4 || (type >= 6 && type <=8) || (type >= 12 && type <= 200))
2357 return "Reserved to IANA";
2359 return "Reserved for private use";
2360 if (type == IKE_ID_USER_FQDN)
2361 return "RFC822_ADDR";
2362 return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
2364 return "UNKNOWN-ISAKMP-VERSION";
2368 v2_tstype2str(guint8 type)
2370 static const value_string vs_v2_tstype[] = {
2371 { IKEV2_TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE" },
2372 { IKEV2_TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE" },
2378 if (type >= 9 && type <= 240)
2379 return "RESERVED TO IANA";
2381 return "PRIVATE USE";
2382 return val_to_str(type, vs_v2_tstype, "UNKNOWN-TS-TYPE");
2386 v2_auth2str(guint8 type)
2388 static const value_string vs_v2_authmeth[] = {
2389 { 0, "RESERVED TO IANA" },
2390 { 1, "RSA Digital Signature" },
2391 { 2, "Shared Key Message Integrity Code" },
2392 { 3, "DSS Digital Signature" },
2396 if (type >= 4 && type <= 200)
2397 return "RESERVED TO IANA";
2399 return "PRIVATE USE";
2400 return val_to_str(type, vs_v2_authmeth, "UNKNOWN-AUTHMETHOD-TYPE");
2404 cfgattr2str(int isakmp_version, guint16 ident)
2406 static const value_string vs_v1_cfgattr[] = {
2408 { 1, "INTERNAL_IP4_ADDRESS" },
2409 { 2, "INTERNAL_IP4_NETMASK" },
2410 { 3, "INTERNAL_IP4_DNS" },
2411 { 4, "INTERNAL_IP4_NBNS" },
2412 { 5, "INTERNAL_ADDRESS_EXPIREY" },
2413 { 6, "INTERNAL_IP4_DHCP" },
2414 { 7, "APPLICATION_VERSION" },
2415 { 8, "INTERNAL_IP6_ADDRESS" },
2416 { 9, "INTERNAL_IP6_NETMASK" },
2417 { 10, "INTERNAL_IP6_DNS" },
2418 { 11, "INTERNAL_IP6_NBNS" },
2419 { 12, "INTERNAL_IP6_DHCP" },
2420 { 13, "INTERNAL_IP4_SUBNET" },
2421 { 14, "SUPPORTED_ATTRIBUTES" },
2422 { 16520, "XAUTH_TYPE" },
2423 { 16521, "XAUTH_USER_NAME" },
2424 { 16522, "XAUTH_USER_PASSWORD" },
2425 { 16523, "XAUTH_PASSCODE" },
2426 { 16524, "XAUTH_MESSAGE" },
2427 { 16525, "XAUTH_CHALLANGE" },
2428 { 16526, "XAUTH_DOMAIN" },
2429 { 16527, "XAUTH_STATUS" },
2430 { 16528, "XAUTH_NEXT_PIN" },
2431 { 16529, "XAUTH_ANSWER" },
2435 static const value_string vs_v2_cfgattr[] = {
2437 { 1, "INTERNAL_IP4_ADDRESS" },
2438 { 2, "INTERNAL_IP4_NETMASK" },
2439 { 3, "INTERNAL_IP4_DNS" },
2440 { 4, "INTERNAL_IP4_NBNS" },
2441 { 5, "INTERNAL_ADDRESS_EXPIREY" },
2442 { 6, "INTERNAL_IP4_DHCP" },
2443 { 7, "APPLICATION_VERSION" },
2444 { 8, "INTERNAL_IP6_ADDRESS" },
2446 { 10, "INTERNAL_IP6_DNS" },
2447 { 11, "INTERNAL_IP6_NBNS" },
2448 { 12, "INTERNAL_IP6_DHCP" },
2449 { 13, "INTERNAL_IP4_SUBNET" },
2450 { 14, "SUPPORTED_ATTRIBUTES" },
2451 { 15, "INTERNAL_IP6_SUBNET" },
2455 if (isakmp_version == 1) {
2456 if (ident >= 15 && ident <= 16383)
2457 return "Future use";
2458 if (ident >= 16384 && ident <= 16519)
2459 return "PRIVATE USE";
2460 if (ident >= 16530 && ident <= 32767)
2461 return "PRIVATE USE";
2462 return val_to_str(ident, vs_v1_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
2463 } else if (isakmp_version == 2) {
2464 if (ident >= 16 && ident <= 16383)
2465 return "RESERVED TO IANA";
2466 if (ident >= 16384 && ident <= 32767)
2467 return "PRIVATE USE";
2468 return val_to_str(ident, vs_v2_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
2470 return "UNKNOWN-ISAKMP-VERSION";
2474 certtype2str(int isakmp_version, guint8 type)
2476 static const value_string vs_v1_certtype[] = {
2478 { 1, "PKCS #7 wrapped X.509 certificate" },
2479 { 2, "PGP Certificate" },
2480 { 3, "DNS Signed Key" },
2481 { 4, "X.509 Certificate - Signature" },
2482 { 5, "X.509 Certificate - Key Exchange" },
2483 { 6, "Kerberos Tokens" },
2484 { 7, "Certificate Revocation List (CRL)" },
2485 { 8, "Authority Revocation List (ARL)" },
2486 { 9, "SPKI Certificate" },
2487 { 10, "X.509 Certificate - Attribute" },
2491 static const value_string vs_v2_certtype[] = {
2493 { 1, "PKCS #7 wrapped X.509 certificate" },
2494 { 2, "PGP Certificate" },
2495 { 3, "DNS Signed Key" },
2496 { 4, "X.509 Certificate - Signature" },
2497 { 5, "*undefined by any document*" },
2498 { 6, "Kerberos Tokens" },
2499 { 7, "Certificate Revocation List (CRL)" },
2500 { 8, "Authority Revocation List (ARL)" },
2501 { 9, "SPKI Certificate" },
2502 { 10, "X.509 Certificate - Attribute" },
2503 { 11, "Raw RSA Key" },
2504 { 12, "Hash and URL of X.509 certificate" },
2505 { 13, "Hash and URL of X.509 bundle" },
2509 if (isakmp_version == 1)
2510 return val_to_str(type, vs_v1_certtype, "RESERVED");
2511 else if (isakmp_version == 2) {
2512 if (type >= 14 && type <= 200)
2513 return "RESERVED to IANA";
2515 return "PRIVATE USE";
2516 return val_to_str(type, vs_v2_certtype, "RESERVED");
2518 return "UNKNOWN-ISAKMP-VERSION";
2522 get_num(tvbuff_t *tvb, int offset, guint16 len, guint32 *num_p)
2526 *num_p = tvb_get_guint8(tvb, offset);
2529 *num_p = tvb_get_ntohs(tvb, offset);
2532 *num_p = tvb_get_ntoh24(tvb, offset);
2535 *num_p = tvb_get_ntohl(tvb, offset);
2545 proto_register_isakmp(void)
2547 static hf_register_info hf[] = {
2548 { &hf_ike_certificate_authority,
2549 { "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, "Certificate Authority Distinguished Name", HFILL }
2551 { &hf_ike_v2_certificate_authority,
2552 { "Certificate Authority", "ike.cert_authority", FT_BYTES, BASE_HEX, NULL, 0x0, "SHA-1 hash of the Certificate Authority", HFILL }
2554 { &hf_ike_nat_keepalive,
2555 { "NAT Keepalive", "ike.nat_keepalive", FT_NONE, BASE_HEX, NULL, 0x0, "NAT Keepalive packet", HFILL }
2558 static gint *ett[] = {
2561 &ett_isakmp_payload,
2564 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
2565 "ISAKMP", "isakmp");
2566 proto_register_field_array(proto_isakmp, hf, array_length(hf));
2567 proto_register_subtree_array(ett, array_length(ett));
2569 register_dissector("isakmp", dissect_isakmp, proto_isakmp);
2573 proto_reg_handoff_isakmp(void)
2575 dissector_handle_t isakmp_handle;
2577 isakmp_handle = find_dissector("isakmp");
2578 dissector_add("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
2579 dissector_add("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);