2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
13 * Ethereal - Network traffic analyzer
14 * By Gerald Combs <gerald@ethereal.com>
15 * Copyright 1998 Gerald Combs
17 * This program is free software; you can redistribute it and/or
18 * modify it under the terms of the GNU General Public License
19 * as published by the Free Software Foundation; either version 2
20 * of the License, or (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 #ifdef NEED_SNPRINTF_H
42 # include "snprintf.h"
45 #include <epan/packet.h>
46 #include <epan/ipv6-utils.h>
47 #include <epan/ipproto.h>
48 #include <epan/dissectors/packet-x509if.h>
50 #define isakmp_min(a, b) ((a<b) ? a : b)
52 #define ARLEN(a) (sizeof(a)/sizeof(a[0]))
54 static int proto_isakmp = -1;
56 static gint ett_isakmp = -1;
57 static gint ett_isakmp_flags = -1;
58 static gint ett_isakmp_payload = -1;
60 static int isakmp_version = 0;
62 #define UDP_PORT_ISAKMP 500
63 #define TCP_PORT_ISAKMP 500
65 static const value_string vs_proto[] = {
91 static proto_tree *dissect_payload_header(tvbuff_t *, int, int, guint8,
92 guint8 *, guint16 *, proto_tree *);
94 static void dissect_sa(tvbuff_t *, int, int, proto_tree *,
96 static void dissect_proposal(tvbuff_t *, int, int, proto_tree *,
98 static void dissect_transform(tvbuff_t *, int, int, proto_tree *,
100 static void dissect_transform2(tvbuff_t *, int, int, proto_tree *,
102 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *,
104 static void dissect_id(tvbuff_t *, int, int, proto_tree *,
106 static void dissect_cert(tvbuff_t *, int, int, proto_tree *,
108 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *,
110 static void dissect_hash(tvbuff_t *, int, int, proto_tree *,
112 static void dissect_auth(tvbuff_t *, int, int, proto_tree *,
114 static void dissect_sig(tvbuff_t *, int, int, proto_tree *,
116 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *,
118 static void dissect_notif(tvbuff_t *, int, int, proto_tree *,
120 static void dissect_delete(tvbuff_t *, int, int, proto_tree *,
122 static void dissect_vid(tvbuff_t *, int, int, proto_tree *,
124 static void dissect_config(tvbuff_t *, int, int, proto_tree *,
126 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree *,
128 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *,
130 static void dissect_ts(tvbuff_t *, int, int, proto_tree *,
132 static void dissect_enc(tvbuff_t *, int, int, proto_tree *,
134 static void dissect_eap(tvbuff_t *, int, int, proto_tree *,
137 static const char *payloadtype2str(guint8);
138 static const char *exchtype2str(guint8);
139 static const char *doitype2str(guint32);
140 static const char *msgtype2str(guint16);
141 static const char *situation2str(guint32);
142 static const char *v1_attrval2str(int, guint16, guint32);
143 static const char *v2_attrval2str(guint16, guint32);
144 static const char *cfgtype2str(guint8);
145 static const char *cfgattr2str(guint16);
146 static const char *id2str(guint8);
147 static const char *v2_tstype2str(guint8);
148 static const char *v2_auth2str(guint8);
149 static const char *certtype2str(guint8);
151 static gboolean get_num(tvbuff_t *, int, guint16, guint32 *);
153 #define LOAD_TYPE_NONE 0 /* payload type for None */
154 #define LOAD_TYPE_PROPOSAL 2 /* payload type for Proposal */
155 #define LOAD_TYPE_TRANSFORM 3 /* payload type for Transform */
157 struct payload_func {
160 void (*func)(tvbuff_t *, int, int, proto_tree *, packet_info *, int);
163 static struct payload_func v1_plfunc[] = {
165 { 1, "Security Association", dissect_sa },
166 { 2, "Proposal", dissect_proposal },
167 { 3, "Transform", dissect_transform },
168 { 4, "Key Exchange", dissect_key_exch },
169 { 5, "Identification", dissect_id },
170 { 6, "Certificate", dissect_cert },
171 { 7, "Certificate Request", dissect_certreq },
172 { 8, "Hash", dissect_hash },
173 { 9, "Signature", dissect_sig },
174 { 10, "Nonce", dissect_nonce },
175 { 11, "Notification", dissect_notif },
176 { 12, "Delete", dissect_delete },
177 { 13, "Vendor ID", dissect_vid },
178 { 14, "Attrib", dissect_config },
179 { 15, "NAT-Discovery", dissect_nat_discovery }, /* draft-ietf-ipsec-nat-t-ike-04 */
180 { 16, "NAT-Original Address", dissect_nat_original_address }, /* draft-ietf-ipsec-nat-t-ike */
181 { 130, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)", dissect_nat_discovery },
182 { 131, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 04)", dissect_nat_original_address },
185 static struct payload_func v2_plfunc[] = {
186 { 2, "Proposal", dissect_proposal },
187 { 3, "Transform", dissect_transform2 },
188 { 33, "Security Association", dissect_sa },
189 { 34, "Key Exchange", dissect_key_exch },
190 { 35, "Identification - I", dissect_id },
191 { 36, "Identification - R", dissect_id },
192 { 37, "Certificate", dissect_cert },
193 { 38, "Certificate Request", dissect_certreq },
194 { 39, "Authentication", dissect_auth },
195 { 40, "Nonce", dissect_nonce },
196 { 41, "Notification", dissect_notif },
197 { 42, "Delete", dissect_delete },
198 { 43, "Vendor ID", dissect_vid },
199 { 44, "Traffic Selector - I", dissect_ts },
200 { 45, "Traffic Selector - R", dissect_ts },
201 { 46, "Encrypted", dissect_enc },
202 { 47, "Configuration", dissect_config },
203 { 48, "Extensible Authentication", dissect_eap },
206 static struct payload_func * getpayload_func(guint8);
209 #define VID_MS_LEN 20
210 static const guint8 VID_MS_W2K_WXP[VID_MS_LEN] = {0x1E, 0x2B, 0x51, 0x69, 0x5, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61, 0x0, 0x0, 0x0, 0x2}; /* according to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0602.asp */
212 #define VID_CP_LEN 20
213 static const guint8 VID_CP[VID_CP_LEN] = {0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51, 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28, 0x7, 0xB4, 0x38, 0x1F};
215 static const guint8 VID_CYBERGUARD[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC, 0xF2, 0x14};
217 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[VID_LEN] = {0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F, 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56}; /* according to http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-03.txt */
219 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[VID_LEN] = {0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA, 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23}; /* Ssh Communications Security IPSEC Express version 1.1.0 */
221 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[VID_LEN] = {0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46, 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30}; /* Ssh Communications Security IPSEC Express version 1.1.1 */
223 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[VID_LEN] = {0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C, 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5}; /* Ssh Communications Security IPSEC Express version 1.1.2 */
225 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[VID_LEN] = {0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D, 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB}; /* Ssh Communications Security IPSEC Express version 1.2.1 */
227 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[VID_LEN] = {0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58, 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E}; /* Ssh Communications Security IPSEC Express version 1.2.2 */
229 static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[VID_LEN] = {0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0, 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84}; /* SSH Communications Security IPSEC Express version 2.0.0 */
231 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[VID_LEN] = {0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E, 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC}; /* SSH Communications Security IPSEC Express version 2.1.0 */
233 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[VID_LEN] = {0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B, 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5}; /* SSH Communications Security IPSEC Express version 2.1.1 */
235 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[VID_LEN] = {0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C, 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20}; /* SSH Communications Security IPSEC Express version 2.1.2 */
237 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_0[VID_LEN] = {0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00, 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB}; /* SSH Communications Security IPSEC Express version 3.0.0 */
239 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_1[VID_LEN] = {0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43, 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F}; /* SSH Communications Security IPSEC Express version 3.0.1 */
241 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_0[VID_LEN] = {0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA, 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0}; /* SSH Communications Security IPSEC Express version 4.0.0 */
243 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_1[VID_LEN] = {0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9, 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C}; /* SSH Communications Security IPSEC Express version 4.0.1 */
245 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_0[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14}; /* SSH Communications Security IPSEC Express version 4.1.0 */
247 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_1[VID_LEN] = {0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A, 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F}; /* SSH Communications Security IPSEC Express version 4.1.1 */
249 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0[VID_LEN] = {0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57, 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C}; /* SSH Communications Security IPSEC Express version 5.0 */
251 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0_0[VID_LEN] = {0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93, 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0}; /* SSH Communications Security IPSEC Express version 5.0.0 */
253 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_0[VID_LEN] = {0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C, 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B}; /* SSH Communications Security IPSEC Express version 5.1.0 */
255 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_1[VID_LEN] = {0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78, 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51}; /* SSH Communications Security IPSEC Express version 5.1.1 */
257 static const guint8 VID_SSH_SENTINEL[VID_LEN] = {0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06, 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82}; /* SSH Sentinel */
259 static const guint8 VID_SSH_SENTINEL_1_1[VID_LEN] = {0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5, 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8}; /* SSH Sentinel 1.1 */
261 static const guint8 VID_SSH_SENTINEL_1_2[VID_LEN] = {0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6, 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58}; /* SSH Sentinel 1.2 */
263 static const guint8 VID_SSH_SENTINEL_1_3[VID_LEN] = {0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59, 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52}; /* SSH Sentinel 1.3 */
265 static const guint8 VID_SSH_QUICKSEC_0_9_0[VID_LEN] = {0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7, 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A}; /* SSH Communications Security QuickSec 0.9.0 */
267 static const guint8 VID_SSH_QUICKSEC_1_1_0[VID_LEN] = {0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96, 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9}; /* SSH Communications Security QuickSec 1.1.0 */
269 static const guint8 VID_SSH_QUICKSEC_1_1_1[VID_LEN] = {0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD, 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94}; /* SSH Communications Security QuickSec 1.1.1 */
271 static const guint8 VID_SSH_QUICKSEC_1_1_2[VID_LEN] = {0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5, 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91}; /* SSH Communications Security QuickSec 1.1.2 */
273 static const guint8 VID_SSH_QUICKSEC_1_1_3[VID_LEN] = {0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3, 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87}; /* SSH Communications Security QuickSec 1.1.3 */
275 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_01[VID_LEN] = {0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5, 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83}; /* draft-huttunen-ipsec-esp-in-udp-01.txt */
277 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_01[VID_LEN] = {0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60, 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0}; /* draft-stenberg-ipsec-nat-traversal-01 */
279 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_02[VID_LEN]= {0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4, 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD}; /* draft-stenberg-ipsec-nat-traversal-02 */
281 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_00[VID_LEN]= {0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD, 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC}; /* draft-ietf-ipsec-nat-t-ike-00 */
283 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02a[VID_LEN]= {0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8, 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48}; /* draft-ietf-ipsec-nat-t-ike-02 */
285 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02b[VID_LEN]= {0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E, 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F}; /* draft-ietf-ipsec-nat-t-ike-02 */
287 static const guint8 VID_draft_beaulieu_ike_xauth_02[VID_LEN]= {0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12, 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5}; /* draft-beaulieu-ike-xauth-02.txt */
290 static const guint8 VID_rfc3706_dpd[VID_LEN]= {0xAF, 0xCA,0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9, 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00}; /* RFC 3706 */
292 static const guint8 VID_IKE_CHALLENGE_RESPONSE_1[VID_LEN]= {0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5, 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
294 static const guint8 VID_IKE_CHALLENGE_RESPONSE_2[VID_LEN]= {0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E, 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
296 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_1[VID_LEN]= {0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52, 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
298 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_2[VID_LEN]= {0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9, 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
300 static const guint8 VID_MS_L2TP_IPSEC_VPN_CLIENT[VID_LEN]= {0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85, 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3}; /* Microsoft L2TP/IPSec VPN Client */
302 static const guint8 VID_GSS_API_1[VID_LEN]= {0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2, 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA}; /* A GSS-API Authentication Method for IKE */
304 static const guint8 VID_GSS_API_2[VID_LEN]= {0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83, 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55}; /* A GSS-API Authentication Method for IKE */
306 static const guint8 VID_GSSAPI[VID_LEN]= {0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1, 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE}; /* GSSAPI */
308 static const guint8 VID_MS_NT5_ISAKMPOAKLEY[VID_LEN]= {0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61}; /* MS NT5 ISAKMPOAKLEY */
310 static const guint8 VID_CISCO_UNITY[VID_LEN]= {0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9, 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC, 0x02, 0xD4}; /* CISCO-UNITY */
313 static const guint8 VID_draft_ietf_ipsec_antireplay_00[VID_LEN_8]= {0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD}; /* draft-ietf-ipsec-antireplay-00.txt */
315 static const guint8 VID_draft_ietf_ipsec_heartbeats_00[VID_LEN_8]= {0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60}; /* draft-ietf-ipsec-heartbeats-00.txt */
318 * Seen in Netscreen. Suppose to be ASCII HeartBeat_Notify - but I don't know the rest yet. I suspect it then proceeds with
319 * 8k10, which means every 8K (?), and version 1.0 of the protocol (?). I won't add it to the code, until I know what it really
320 * means. ykaul-at-bezeqint.net
322 static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79};
324 static int hf_ike_certificate_authority = -1;
327 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, guint8 initial_payload,
328 int offset, int length, packet_info *pinfo)
330 guint8 payload, next_payload;
331 guint16 payload_length;
333 struct payload_func * f;
335 for (payload = initial_payload; length > 0; payload = next_payload) {
336 if (payload == LOAD_TYPE_NONE) {
338 * What? There's more stuff in this chunk of data, but the
339 * previous payload had a "next payload" type of None?
341 proto_tree_add_text(tree, tvb, offset, length,
343 tvb_bytes_to_str(tvb, offset, length));
346 ntree = dissect_payload_header(tvb, offset, length, payload,
347 &next_payload, &payload_length, tree);
350 if (payload_length >= 4) { /* XXX = > 4? */
351 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
352 if ((f = getpayload_func(payload)) != NULL && f->func != NULL)
353 (*f->func)(tvb, offset + 4, payload_length - 4, ntree, pinfo, -1);
355 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4,
359 else if (payload_length > length) {
360 proto_tree_add_text(ntree, tvb, 0, 0,
361 "Payload (bogus, length is %u, greater than remaining length %d",
362 payload_length, length);
366 proto_tree_add_text(ntree, tvb, 0, 0,
367 "Payload (bogus, length is %u, must be at least 4)",
371 offset += payload_length;
372 length -= payload_length;
376 static struct payload_func *
377 getpayload_func(guint8 payload)
379 struct payload_func *f = 0;
382 if (isakmp_version == 1) {
384 len = ARLEN(v1_plfunc);
385 } else if (isakmp_version == 2) {
387 len = ARLEN(v2_plfunc);
390 for (i = 0; i < len; i++) {
391 if (f[i].type == payload)
398 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
401 struct isakmp_hdr hdr;
403 proto_tree * isakmp_tree = NULL;
405 if (check_col(pinfo->cinfo, COL_PROTOCOL))
406 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
407 if (check_col(pinfo->cinfo, COL_INFO))
408 col_clear(pinfo->cinfo, COL_INFO);
411 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, FALSE);
412 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
415 hdr.length = tvb_get_ntohl(tvb, offset + sizeof(hdr) - sizeof(hdr.length));
416 hdr.exch_type = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload) + sizeof(hdr.version));
417 hdr.version = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload));
418 isakmp_version = hi_nibble(hdr.version); /* save the version */
419 if (check_col(pinfo->cinfo, COL_INFO))
420 col_add_str(pinfo->cinfo, COL_INFO, exchtype2str(hdr.exch_type));
423 tvb_memcpy(tvb, (guint8 *)&hdr.icookie, offset, sizeof(hdr.icookie));
424 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.icookie),
425 "Initiator cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.icookie)));
426 offset += sizeof(hdr.icookie);
428 tvb_memcpy(tvb, (guint8 *)&hdr.rcookie, offset, sizeof(hdr.rcookie));
429 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.rcookie),
430 "Responder cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.rcookie)));
431 offset += sizeof(hdr.rcookie);
433 hdr.next_payload = tvb_get_guint8(tvb, offset);
434 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.next_payload),
435 "Next payload: %s (%u)",
436 payloadtype2str(hdr.next_payload), hdr.next_payload);
437 offset += sizeof(hdr.next_payload);
439 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.version),
441 hi_nibble(hdr.version), lo_nibble(hdr.version));
442 offset += sizeof(hdr.version);
444 hdr.exch_type = tvb_get_guint8(tvb, offset);
445 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.exch_type),
446 "Exchange type: %s (%u)",
447 exchtype2str(hdr.exch_type), hdr.exch_type);
448 offset += sizeof(hdr.exch_type);
454 hdr.flags = tvb_get_guint8(tvb, offset);
455 fti = proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.flags), "Flags");
456 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
458 if (isakmp_version == 1) {
459 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
460 decode_boolean_bitfield(hdr.flags, E_FLAG, sizeof(hdr.flags)*8,
461 "Encrypted", "Not encrypted"));
462 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
463 decode_boolean_bitfield(hdr.flags, C_FLAG, sizeof(hdr.flags)*8,
464 "Commit", "No commit"));
465 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
466 decode_boolean_bitfield(hdr.flags, A_FLAG, sizeof(hdr.flags)*8,
467 "Authentication", "No authentication"));
468 } else if (isakmp_version == 2) {
469 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
470 decode_boolean_bitfield(hdr.flags, I_FLAG, sizeof(hdr.flags)*8,
471 "Initiator", "Responder"));
472 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
473 decode_boolean_bitfield(hdr.flags, V_FLAG, sizeof(hdr.flags)*8,
474 "A higher version enabled", ""));
475 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
476 decode_boolean_bitfield(hdr.flags, R_FLAG, sizeof(hdr.flags)*8,
477 "Response", "Request"));
479 offset += sizeof(hdr.flags);
482 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.message_id),
483 "Message ID: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.message_id)));
484 offset += sizeof(hdr.message_id);
486 if (hdr.length < sizeof(hdr)) {
487 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
488 "Length: (bogus, length is %u, should be at least %lu)",
489 hdr.length, (unsigned long)sizeof(hdr));
493 len = hdr.length - sizeof(hdr);
496 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
497 "Length: (bogus, length is %u, which is too large)",
502 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
503 "Length: %u", hdr.length);
504 offset += sizeof(hdr.length);
506 if (hdr.flags & E_FLAG) {
507 if (len && isakmp_tree) {
508 proto_tree_add_text(isakmp_tree, tvb, offset, len,
509 "Encrypted payload (%d byte%s)",
510 len, plurality(len, "", "s"));
513 dissect_payloads(tvb, isakmp_tree, hdr.next_payload, offset, len, pinfo);
518 dissect_payload_header(tvbuff_t *tvb, int offset, int length, guint8 payload,
519 guint8 *next_payload_p, guint16 *payload_length_p, proto_tree *tree)
522 guint16 payload_length;
527 proto_tree_add_text(tree, tvb, offset, length,
528 "Not enough room in payload for all transforms");
531 next_payload = tvb_get_guint8(tvb, offset);
532 payload_length = tvb_get_ntohs(tvb, offset + 2);
534 ti = proto_tree_add_text(tree, tvb, offset, payload_length,
535 "%s payload", payloadtype2str(payload));
536 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
538 proto_tree_add_text(ntree, tvb, offset, 1,
539 "Next payload: %s (%u)",
540 payloadtype2str(next_payload), next_payload);
541 if (isakmp_version == 2) {
542 proto_tree_add_text(ntree, tvb, offset + 1, 1, "%s",
543 decode_boolean_bitfield(tvb_get_guint8(tvb, offset + 1), 0x80,
544 8, "Critical", "Not critical"));
546 proto_tree_add_text(ntree, tvb, offset + 2, 2, "Length: %u", payload_length);
548 *next_payload_p = next_payload;
549 *payload_length_p = payload_length;
554 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
555 packet_info *pinfo, int unused _U_)
561 proto_tree_add_text(tree, tvb, offset, length,
562 "DOI %s (length is %u, should be >= 4)",
563 tvb_bytes_to_str(tvb, offset, length), length);
566 if (isakmp_version == 1) {
567 doi = tvb_get_ntohl(tvb, offset);
568 proto_tree_add_text(tree, tvb, offset, 4,
569 "Domain of interpretation: %s (%u)",
570 doitype2str(doi), doi);
577 proto_tree_add_text(tree, tvb, offset, length,
578 "Situation: %s (length is %u, should be >= 4)",
579 tvb_bytes_to_str(tvb, offset, length), length);
582 situation = tvb_get_ntohl(tvb, offset);
583 proto_tree_add_text(tree, tvb, offset, 4,
584 "Situation: %s (%u)",
585 situation2str(situation), situation);
589 dissect_payloads(tvb, tree, LOAD_TYPE_PROPOSAL, offset, length, pinfo);
592 proto_tree_add_text(tree, tvb, offset, length,
594 tvb_bytes_to_str(tvb, offset, length));
596 } else if (isakmp_version == 2) {
597 dissect_payloads(tvb, tree, LOAD_TYPE_PROPOSAL, offset, length, pinfo);
602 dissect_proposal(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
603 packet_info *pinfo _U_, int unused _U_)
607 guint8 num_transforms;
609 guint16 payload_length;
613 proposal_num = tvb_get_guint8(tvb, offset);
615 proto_item_append_text(tree, " # %d",proposal_num);
616 proto_tree_add_text(tree, tvb, offset, 1,
617 "Proposal number: %u", proposal_num);
621 protocol_id = tvb_get_guint8(tvb, offset);
622 proto_tree_add_text(tree, tvb, offset, 1,
623 "Protocol ID: %s (%u)",
624 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
628 spi_size = tvb_get_guint8(tvb, offset);
629 proto_tree_add_text(tree, tvb, offset, 1,
630 "SPI size: %u", spi_size);
634 num_transforms = tvb_get_guint8(tvb, offset);
635 proto_tree_add_text(tree, tvb, offset, 1,
636 "Number of transforms: %u", num_transforms);
641 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: %s",
642 tvb_bytes_to_str(tvb, offset, spi_size));
647 while (num_transforms > 0) {
648 ntree = dissect_payload_header(tvb, offset, length, LOAD_TYPE_TRANSFORM,
649 &next_payload, &payload_length, tree);
652 if (length < payload_length) {
653 proto_tree_add_text(tree, tvb, offset + 4, length,
654 "Not enough room in payload for all transforms");
657 if (payload_length >= 4) {
658 if (isakmp_version == 1)
659 dissect_transform(tvb, offset + 4, payload_length - 4, ntree,
661 else if (isakmp_version == 2)
662 dissect_transform2(tvb, offset + 4, payload_length - 4, ntree,
666 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4, "Payload");
667 offset += payload_length;
668 length -= payload_length;
674 dissect_transform(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
675 packet_info *pinfo _U_, int protocol_id)
677 static const value_string vs_v1_attr[] = {
678 { 1, "Encryption-Algorithm" },
679 { 2, "Hash-Algorithm" },
680 { 3, "Authentication-Method" },
681 { 4, "Group-Description" },
683 { 6, "Group-Prime" },
684 { 7, "Group-Generator-One" },
685 { 8, "Group-Generator-Two" },
686 { 9, "Group-Curve-A" },
687 { 10, "Group-Curve-B" },
689 { 12, "Life-Duration" },
691 { 14, "Key-Length" },
692 { 15, "Field-Size" },
693 { 16, "Group-Order" },
697 static const value_string vs_v2_sttr[] = {
698 { 1, "SA-Life-Type" },
699 { 2, "SA-Life-Duration" },
700 { 3, "Group-Description" },
701 { 4, "Encapsulation-Mode" },
702 { 5, "Authentication-Algorithm" },
705 { 8, "Compress-Dictinary-Size" },
706 { 9, "Compress-Private-Algorithm" },
707 { 10, "ECN Tunnel" },
711 static const value_string vs_v1_trans_isakmp[] = {
717 static const value_string vs_v1_trans_ah[] = {
729 static const value_string vs_v1_trans_esp[] = {
746 static const value_string vs_v1_trans_ipcomp[] = {
756 guint8 transform_num;
758 transform_num = tvb_get_guint8(tvb, offset);
759 proto_item_append_text(tree," # %d",transform_num);
760 proto_tree_add_text(tree, tvb, offset, 1,
761 "Transform number: %u", transform_num);
765 transform_id = tvb_get_guint8(tvb, offset);
766 switch (protocol_id) {
768 proto_tree_add_text(tree, tvb, offset, 1,
769 "Transform ID: %u", transform_id);
772 proto_tree_add_text(tree, tvb, offset, 1,
773 "Transform ID: %s (%u)",
774 val_to_str(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
777 proto_tree_add_text(tree, tvb, offset, 1,
778 "Transform ID: %s (%u)",
779 val_to_str(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
782 proto_tree_add_text(tree, tvb, offset, 1,
783 "Transform ID: %s (%u)",
784 val_to_str(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
787 proto_tree_add_text(tree, tvb, offset, 1,
788 "Transform ID: %s (%u)",
789 val_to_str(transform_id, vs_v1_trans_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
798 guint16 aft = tvb_get_ntohs(tvb, offset);
799 guint16 type = aft & 0x7fff;
804 if (protocol_id == 1 && transform_id == 1) {
806 str = val_to_str(type, vs_v1_attr, "UNKNOWN-ATTRIBUTE-TYPE");
809 str = val_to_str(type, vs_v2_sttr, "UNKNOWN-ATTRIBUTE-TYPE");
813 val = tvb_get_ntohs(tvb, offset + 2);
814 proto_tree_add_text(tree, tvb, offset, 4,
817 v1_attrval2str(ike_phase1, type, val), val);
822 len = tvb_get_ntohs(tvb, offset + 2);
824 if (!get_num(tvb, offset + 4, len, &val)) {
825 proto_tree_add_text(tree, tvb, offset, pack_len,
826 "%s (%u): <too big (%u bytes)>",
829 proto_tree_add_text(tree, tvb, offset, pack_len,
832 v1_attrval2str(ike_phase1, type, val), val);
840 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
842 v2_tid2encstr(guint16 tid)
844 static const value_string vs_v2_trans_enc[] = {
846 { 1, "ENCR_DES_IV64" },
852 { 7, "ENCR_BLOWFISH" },
854 { 9, "ENCR_DES_IV32" },
857 { 12, "ENCR_AES_CBC" },
858 { 13, "ENCR_AES_CTR" },
862 return val_to_str(tid, vs_v2_trans_enc, "UNKNOWN-ENC-ALG");
865 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
867 v2_tid2prfstr(guint16 tid)
869 static const value_string vs_v2_trans_prf[] = {
871 { 1, "PRF_HMAC_MD5" },
872 { 2, "PRF_HMAC_SHA1" },
873 { 3, "PRF_HMAC_TIGER" },
874 { 4, "PRF_AES128_CBC" },
877 return val_to_str(tid, vs_v2_trans_prf, "UNKNOWN-PRF");
880 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
882 v2_tid2iastr(guint16 tid)
884 static const value_string vs_v2_trans_integrity[] = {
886 { 1, "AUTH_HMAC_MD5_96" },
887 { 2, "AUTH_HMAC_SHA1_96" },
888 { 3, "AUTH_DES_MAC" },
889 { 4, "AUTH_KPDK_MD5" },
890 { 5, "AUTH_AES_XCBC_96" },
893 return val_to_str(tid, vs_v2_trans_integrity, "UNKNOWN-INTEGRITY-ALG");
896 /* For Transform Type 4 (Diffie-Hellman Group), defined Transform IDs */
898 v2_tid2dhstr(guint16 tid)
900 static const value_string vs_v2_trans_dhgroup[] = {
902 { 1, "Group 1 - 768 Bit MODP" },
903 { 2, "Group 2 - 1024 Bit MODP" },
906 { 5, "group 5 - 1536 Bit MODP" },
907 { 14, "2048-bit MODP Group" },
908 { 15, "3072-bit MODP Group" },
909 { 16, "4096-bit MODP Group" },
910 { 17, "6144-bit MODP Group" },
911 { 18, "8192-bit MODP Group" },
915 if ((tid >= 6 && tid <= 13) || (tid >= 19 && tid <= 1023))
916 return "RESERVED TO IANA";
918 return "PRIVATE USE";
919 return val_to_str(tid, vs_v2_trans_dhgroup, "UNKNOWN-DH-GROUP");
922 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
924 v2_tid2esnstr(guint16 tid)
926 static const value_string vs_v2_trans_esn[] = {
927 { 0, "No Extended Sequence Numbers" },
928 { 1, "Extended Sequence Numbers" },
932 return val_to_str(tid, vs_v2_trans_esn, "UNKNOWN-ESN-TYPE");
938 const char *(*func)(guint16);
940 { 0, "RESERVED", NULL, },
941 { 1, "Encryption Algorithm (ENCR)", v2_tid2encstr },
942 { 2, "Pseudo-random Function (PRF)", v2_tid2prfstr },
943 { 3, "Integrity Algorithm (INTEG)", v2_tid2iastr },
944 { 4, "Diffie-Hellman Group (D-H)", v2_tid2dhstr },
945 { 5, "Extended Sequence Numbers (ESN)", v2_tid2esnstr },
949 v2_trans2str(guint8 type)
951 if (type < ARLEN(v2_tid_func)) return v2_tid_func[type].str;
952 if (type < 240) return "RESERVED TO IANA";
953 return "PRIVATE USE";
957 v2_tid2str(guint8 type, guint16 tid)
959 if (type < ARLEN(v2_tid_func) && v2_tid_func[type].func != NULL) {
960 return (v2_tid_func[type].func)(tid);
966 v2_aft2str(guint16 aft)
968 if (aft < 14 || (aft > 14 && aft < 18)) return "RESERVED";
969 if (aft == 14) return "Key Length (in bits)";
970 if (aft >= 18 && aft < 16384) return "RESERVED TO IANA";
971 return "PRIVATE USE";
975 dissect_transform2(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
976 packet_info *pinfo _U_, int unused _U_)
978 guint8 transform_type;
979 guint16 transform_id;
981 transform_type = tvb_get_guint8(tvb, offset);
982 proto_tree_add_text(tree, tvb, offset, 1,
983 "Transform type: %s (%u)", v2_trans2str(transform_type), transform_type);
987 transform_id = tvb_get_ntohs(tvb, offset);
988 proto_tree_add_text(tree, tvb, offset, 2,
989 "Transform ID: %s (%u)", v2_tid2str(transform_type, transform_id),
996 guint16 aft = tvb_get_ntohs(tvb, offset);
997 guint16 type = aft & 0x7fff;
1002 str = v2_aft2str(aft);
1005 val = tvb_get_ntohs(tvb, offset + 2);
1006 proto_tree_add_text(tree, tvb, offset, 4,
1009 v2_attrval2str(type, val), val);
1014 len = tvb_get_ntohs(tvb, offset + 2);
1016 if (!get_num(tvb, offset + 4, len, &val)) {
1017 proto_tree_add_text(tree, tvb, offset, pack_len,
1018 "%s (%u): <too big (%u bytes)>",
1021 proto_tree_add_text(tree, tvb, offset, pack_len,
1024 v2_attrval2str(type, val), val);
1033 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1034 packet_info *pinfo _U_, int unused _U_)
1038 if (isakmp_version == 2) {
1039 dhgroup = tvb_get_ntohs(tvb, offset);
1040 proto_tree_add_text(tree, tvb, offset, 2,
1041 "DH Group #: %u", dhgroup);
1046 proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data");
1050 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1051 packet_info *pinfo, int unused _U_)
1057 id_type = tvb_get_guint8(tvb, offset);
1058 proto_tree_add_text(tree, tvb, offset, 1,
1059 "ID type: %s (%u)", id2str(id_type), id_type);
1063 protocol_id = tvb_get_guint8(tvb, offset);
1064 if (protocol_id == 0) {
1065 proto_tree_add_text(tree, tvb, offset, 1,
1066 "Protocol ID: Unused");
1068 proto_tree_add_text(tree, tvb, offset, 1,
1069 "Protocol ID: %s (%u)",
1070 ipprotostr(protocol_id), protocol_id);
1075 port = tvb_get_ntohs(tvb, offset);
1077 proto_tree_add_text(tree, tvb, offset, 2, "Port: Unused");
1079 proto_tree_add_text(tree, tvb, offset, 2, "Port: %u", port);
1085 proto_tree_add_text(tree, tvb, offset, length,
1086 "Identification data: %s",
1087 ip_to_str(tvb_get_ptr(tvb, offset, 4)));
1091 proto_tree_add_text(tree, tvb, offset, length,
1092 "Identification data: %.*s", length,
1093 tvb_get_ptr(tvb, offset, length));
1096 proto_tree_add_text(tree, tvb, offset, length,
1097 "Identification data: %s/%s",
1098 ip_to_str(tvb_get_ptr(tvb, offset, 4)),
1099 ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
1102 dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree,
1103 hf_ike_certificate_authority);
1106 proto_tree_add_text(tree, tvb, offset, length, "Identification Data");
1112 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1113 packet_info *pinfo _U_, int unused _U_)
1117 cert_enc = tvb_get_guint8(tvb, offset);
1118 proto_tree_add_text(tree, tvb, offset, 1,
1119 "Certificate encoding: %u - %s",
1120 cert_enc, certtype2str(cert_enc));
1124 proto_tree_add_text(tree, tvb, offset, length, "Certificate Data");
1128 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1129 packet_info *pinfo, int unused _U_)
1133 cert_type = tvb_get_guint8(tvb, offset);
1134 proto_tree_add_text(tree, tvb, offset, 1,
1135 "Certificate type: %u - %s",
1136 cert_type, certtype2str(cert_type));
1142 dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree, hf_ike_certificate_authority);
1144 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
1147 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority (empty)");
1151 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1152 packet_info *pinfo _U_, int unused _U_)
1154 proto_tree_add_text(tree, tvb, offset, length, "Hash Data");
1158 dissect_auth(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1159 packet_info *pinfo _U_, int unused _U_)
1163 auth = tvb_get_guint8(tvb, offset);
1164 proto_tree_add_text(tree, tvb, offset, 1,
1165 "Auth Method: %s (%u)", v2_auth2str(auth), auth);
1169 proto_tree_add_text(tree, tvb, offset, length, "Authentication Data");
1173 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1174 packet_info *pinfo _U_, int unused _U_)
1176 proto_tree_add_text(tree, tvb, offset, length, "Signature Data");
1180 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1181 packet_info *pinfo _U_, int unused _U_)
1183 proto_tree_add_text(tree, tvb, offset, length, "Nonce Data");
1187 v2_ipcomptype2str(guint8 type)
1189 static const value_string vs_v2_ipcomptype[] = {
1191 { 1, "IPCOMP_OUI" },
1192 { 2, "IPCOMP_DEFLATE" },
1193 { 3, "IPCOMP_LZS" },
1194 { 4, "IPCOMP_LZJH" },
1198 if (type >= 5 && type <= 240)
1199 return "RESERVED TO IANA";
1201 return "PRIVATE USE";
1202 return val_to_str(type, vs_v2_ipcomptype, "UNKNOWN-IPCOMP-TYPE");
1206 dissect_notif(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1207 packet_info *pinfo _U_, int unused _U_)
1215 if (isakmp_version == 1) {
1216 doi = tvb_get_ntohl(tvb, offset);
1217 proto_tree_add_text(tree, tvb, offset, 4,
1218 "Domain of Interpretation: %s (%u)",
1219 doitype2str(doi), doi);
1224 protocol_id = tvb_get_guint8(tvb, offset);
1225 proto_tree_add_text(tree, tvb, offset, 1,
1226 "Protocol ID: %s (%u)",
1227 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
1231 spi_size = tvb_get_guint8(tvb, offset);
1232 proto_tree_add_text(tree, tvb, offset, 1,
1233 "SPI size: %u", spi_size);
1237 msgtype = tvb_get_ntohs(tvb, offset);
1238 proto_tree_add_text(tree, tvb, offset, 2,
1239 "Message type: %s (%u)", msgtype2str(msgtype), msgtype);
1244 proto_tree_add_text(tree, tvb, offset, spi_size, "Security Parameter Index");
1250 proto_tree_add_text(tree, tvb, offset, length, "Notification Data");
1252 /* notification data */
1253 if (isakmp_version == 2 && msgtype == 16387) {
1254 /* IPCOMP_SUPPORTED */
1255 proto_tree_add_text(tree, tvb, offset, 2,
1256 "IPComp CPI (%u)", tvb_get_ntohs(tvb, offset));
1257 ipcomptype = tvb_get_guint8(tvb, offset + 2);
1258 proto_tree_add_text(tree, tvb, offset + 2, 1,
1259 "Transform ID: %s (%u)",
1260 v2_ipcomptype2str(ipcomptype), ipcomptype);
1268 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1269 packet_info *pinfo _U_, int unused _U_)
1277 doi = tvb_get_ntohl(tvb, offset);
1278 proto_tree_add_text(tree, tvb, offset, 4,
1279 "Domain of Interpretation: %s (%u)",
1280 doitype2str(doi), doi);
1284 protocol_id = tvb_get_guint8(tvb, offset);
1285 proto_tree_add_text(tree, tvb, offset, 1,
1286 "Protocol ID: %s (%u)",
1287 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
1291 spi_size = tvb_get_guint8(tvb, offset);
1292 proto_tree_add_text(tree, tvb, offset, 1,
1293 "SPI size: %u", spi_size);
1297 num_spis = tvb_get_ntohs(tvb, offset);
1298 proto_tree_add_text(tree, tvb, offset, 2,
1299 "Number of SPIs: %u", num_spis);
1303 for (i = 0; i < num_spis; ++i) {
1304 if (length < spi_size) {
1305 proto_tree_add_text(tree, tvb, offset, length,
1306 "Not enough room in payload for all SPI's");
1309 proto_tree_add_text(tree, tvb, offset, spi_size,
1317 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1318 packet_info *pinfo _U_, int unused _U_)
1320 guint32 CPproduct, CPversion;
1321 const guint8 * pVID;
1324 pVID = tvb_get_ptr(tvb, offset, length);
1325 pt = proto_tree_add_text(tree, tvb, offset, length, "Vendor ID: ");
1326 if (memcmp(pVID, VID_MS_W2K_WXP, isakmp_min(VID_MS_LEN, length)) == 0)
1327 proto_item_append_text(pt, "Microsoft Win2K/WinXP");
1329 if (memcmp(pVID, VID_CP, isakmp_min(VID_CP_LEN, length)) == 0)
1331 proto_item_append_text(pt, "Check Point");
1332 offset += VID_CP_LEN;
1333 CPproduct = tvb_get_ntohl(tvb, offset);
1334 ntree = proto_item_add_subtree(pt, ett_isakmp_payload);
1335 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPproduct), "Check Point Product: ");
1336 switch (CPproduct) {
1337 case 1: proto_item_append_text(pt, "VPN-1");
1339 case 2: proto_item_append_text(pt, "SecuRemote/SecureClient");
1341 default: proto_item_append_text(pt, "Unknown CP product!");
1344 offset += sizeof(CPproduct);
1345 CPversion = tvb_get_ntohl(tvb, offset);
1346 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPversion), "Version: ");
1347 switch (CPversion) {
1348 case 2: proto_item_append_text(pt, "4.1");
1350 case 3: proto_item_append_text(pt, "4.1 SP-1");
1352 case 4002: proto_item_append_text(pt, "4.1 (SP-2 or above)");
1354 case 5000: proto_item_append_text(pt, "NG");
1356 case 5001: proto_item_append_text(pt, "NG Feature Pack 1");
1358 case 5002: proto_item_append_text(pt, "NG Feature Pack 2");
1360 case 5003: proto_item_append_text(pt, "NG Feature Pack 3");
1362 case 5004: proto_item_append_text(pt, "NG with Application Intelligence");
1364 case 5005: proto_item_append_text(pt, "NG with Application Intelligence R55");
1366 default: proto_item_append_text(pt, " Unknown CP version!");
1369 offset += sizeof(CPversion);
1370 proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters");
1373 if (memcmp(pVID, VID_CYBERGUARD, isakmp_min(VID_LEN, length)) == 0)
1374 proto_item_append_text(pt, "Cyber Guard");
1376 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_03, isakmp_min(VID_LEN, length)) == 0)
1377 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-03");
1379 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_0, isakmp_min(VID_LEN, length)) == 0)
1380 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.0");
1382 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_1, isakmp_min(VID_LEN, length)) == 0)
1383 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.1");
1385 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_2, isakmp_min(VID_LEN, length)) == 0)
1386 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.2");
1388 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_1, isakmp_min(VID_LEN, length)) == 0)
1389 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.2.1");
1391 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_2, isakmp_min(VID_LEN, length)) == 0)
1392 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.2.2");
1394 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_0_0, isakmp_min(VID_LEN, length)) == 0)
1395 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.0.0");
1397 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_0, isakmp_min(VID_LEN, length)) == 0)
1398 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.0");
1400 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_1, isakmp_min(VID_LEN, length)) == 0)
1401 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.1");
1403 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_2, isakmp_min(VID_LEN, length)) == 0)
1404 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 2.1.2");
1406 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_0, isakmp_min(VID_LEN, length)) == 0)
1407 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 3.0.0");
1409 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_1, isakmp_min(VID_LEN, length)) == 0)
1410 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 3.0.1");
1412 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_0, isakmp_min(VID_LEN, length)) == 0)
1413 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.0.0");
1415 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_1, isakmp_min(VID_LEN, length)) == 0)
1416 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.0.1");
1418 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_0, isakmp_min(VID_LEN, length)) == 0)
1419 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.1.0");
1421 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_1, isakmp_min(VID_LEN, length)) == 0)
1422 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 4.1.1");
1424 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0, isakmp_min(VID_LEN, length)) == 0)
1425 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.0");
1427 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0_0, isakmp_min(VID_LEN, length)) == 0)
1428 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.0.0");
1430 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_0, isakmp_min(VID_LEN, length)) == 0)
1431 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.1.0");
1433 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_1, isakmp_min(VID_LEN, length)) == 0)
1434 proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 5.1.1");
1436 if (memcmp(pVID, VID_SSH_SENTINEL, isakmp_min(VID_LEN, length)) == 0)
1437 proto_item_append_text(pt, "SSH Sentinel");
1439 if (memcmp(pVID, VID_SSH_SENTINEL_1_1, isakmp_min(VID_LEN, length)) == 0)
1440 proto_item_append_text(pt, "SSH Sentinel 1.1");
1442 if (memcmp(pVID, VID_SSH_SENTINEL_1_2, isakmp_min(VID_LEN, length)) == 0)
1443 proto_item_append_text(pt, "SSH Sentinel 1.2");
1445 if (memcmp(pVID, VID_SSH_SENTINEL_1_3, isakmp_min(VID_LEN, length)) == 0)
1446 proto_item_append_text(pt, "SSH Sentinel 1.3");
1448 if (memcmp(pVID, VID_SSH_QUICKSEC_0_9_0, isakmp_min(VID_LEN, length)) == 0)
1449 proto_item_append_text(pt, "SSH Communications Security QuickSec 0.9.0");
1451 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_0, isakmp_min(VID_LEN, length)) == 0)
1452 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.0");
1454 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_1, isakmp_min(VID_LEN, length)) == 0)
1455 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.1");
1457 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_2, isakmp_min(VID_LEN, length)) == 0)
1458 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.2");
1460 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_3, isakmp_min(VID_LEN, length)) == 0)
1461 proto_item_append_text(pt, "SSH Communications Security QuickSec 1.1.3");
1463 if (memcmp(pVID, VID_draft_huttunen_ipsec_esp_in_udp_01, isakmp_min(VID_LEN, length)) == 0)
1464 proto_item_append_text(pt, "draft-huttunen-ipsec-esp-in-udp-01.txt");
1466 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_01, isakmp_min(VID_LEN, length)) == 0)
1467 proto_item_append_text(pt, "draft-stenberg-ipsec-nat-traversal-01");
1469 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_02, isakmp_min(VID_LEN, length)) == 0)
1470 proto_item_append_text(pt, "draft-stenberg-ipsec-nat-traversal-02");
1472 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_00, isakmp_min(VID_LEN, length)) == 0)
1473 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-00");
1475 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02a, isakmp_min(VID_LEN, length)) == 0)
1476 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-02");
1478 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02b, isakmp_min(VID_LEN, length)) == 0)
1479 proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-02");
1481 if (memcmp(pVID, VID_draft_beaulieu_ike_xauth_02, isakmp_min(VID_LEN, length)) == 0)
1482 proto_item_append_text(pt, "draft-beaulieu-ike-xauth-02.txt");
1484 if (memcmp(pVID, VID_rfc3706_dpd, isakmp_min(VID_LEN, length)) == 0)
1485 proto_item_append_text(pt, "RFC 3706 Detecting Dead IKE Peers (DPD)");
1487 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_1, isakmp_min(VID_LEN, length)) == 0)
1488 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys");
1490 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_2, isakmp_min(VID_LEN, length)) == 0)
1491 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys");
1493 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_1, isakmp_min(VID_LEN, length)) == 0)
1494 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)");
1496 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_2, isakmp_min(VID_LEN, length)) == 0)
1497 proto_item_append_text(pt, "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)");
1499 if (memcmp(pVID, VID_MS_L2TP_IPSEC_VPN_CLIENT, isakmp_min(VID_LEN, length)) == 0)
1500 proto_item_append_text(pt, "Microsoft L2TP/IPSec VPN Client");
1502 if (memcmp(pVID, VID_GSS_API_1, isakmp_min(VID_LEN, length)) == 0)
1503 proto_item_append_text(pt, "A GSS-API Authentication Method for IKE");
1505 if (memcmp(pVID, VID_GSS_API_2, isakmp_min(VID_LEN, length)) == 0)
1506 proto_item_append_text(pt, "A GSS-API Authentication Method for IKE");
1508 if (memcmp(pVID, VID_GSSAPI, isakmp_min(VID_LEN, length)) == 0)
1509 proto_item_append_text(pt, "GSSAPI");
1511 if (memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, isakmp_min(VID_LEN, length)) == 0)
1512 proto_item_append_text(pt, "MS NT5 ISAKMPOAKLEY");
1514 if (memcmp(pVID, VID_CISCO_UNITY, isakmp_min(VID_LEN, length)) == 0)
1515 proto_item_append_text(pt, "CISCO-UNITY");
1517 if (memcmp(pVID, VID_draft_ietf_ipsec_antireplay_00, isakmp_min(VID_LEN_8, length)) == 0)
1518 proto_item_append_text(pt, "draft-ietf-ipsec-antireplay-00.txt");
1520 if (memcmp(pVID, VID_draft_ietf_ipsec_heartbeats_00, isakmp_min(VID_LEN_8, length)) == 0)
1521 proto_item_append_text(pt, "draft-ietf-ipsec-heartbeats-00.txt");
1523 proto_item_append_text(pt, "unknown vendor ID: 0x%s",tvb_bytes_to_str(tvb, offset, length));
1527 dissect_config(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1528 packet_info *pinfo _U_, int unused _U_)
1532 if (isakmp_version == 1) {
1533 type = tvb_get_guint8(tvb, offset);
1534 proto_tree_add_text(tree, tvb, offset, 1,
1535 "Type %s (%u)", cfgtype2str(type), type);
1539 proto_tree_add_text(tree, tvb, offset, 2,
1540 "Identifier: %u", tvb_get_ntohs(tvb, offset));
1543 } else if (isakmp_version == 2) {
1544 type = tvb_get_guint8(tvb, offset);
1545 proto_tree_add_text(tree, tvb, offset, 1,
1546 "CFG Type %s (%u)", cfgtype2str(type), type);
1552 guint16 aft = tvb_get_ntohs(tvb, offset);
1553 guint16 type = aft & 0x7fff;
1559 val = tvb_get_ntohs(tvb, offset + 2);
1560 proto_tree_add_text(tree, tvb, offset, 4,
1561 "%s (%u)", cfgattr2str(type), val);
1566 len = tvb_get_ntohs(tvb, offset + 2);
1568 if (!get_num(tvb, offset + 4, len, &val)) {
1569 proto_tree_add_text(tree, tvb, offset, pack_len,
1570 "%s: <too big (%u bytes)>",
1571 cfgattr2str(type), len);
1573 proto_tree_add_text(tree, tvb, offset, 4,
1574 "%s (%ue)", cfgattr2str(type),
1584 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1585 packet_info *pinfo _U_, int unused _U_)
1587 proto_tree_add_text(tree, tvb, offset, length,
1588 "Hash of address and port: %s",
1589 tvb_bytes_to_str(tvb, offset, length));
1593 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1594 packet_info *pinfo _U_, int unused _U_)
1598 struct e_in6_addr addr_ipv6;
1600 id_type = tvb_get_guint8(tvb, offset);
1601 proto_tree_add_text(tree, tvb, offset, 1,
1602 "ID type: %s (%u)", id2str(id_type), id_type);
1606 offset += 3; /* reserved */
1611 case 1: /* ID_IPV4_ADDR */
1613 tvb_memcpy(tvb, (guint8 *)&addr_ipv4, offset, length);
1614 proto_tree_add_text(tree, tvb, offset, length,
1615 "Original address: %s",
1616 ip_to_str((guint8 *)&addr_ipv4));
1618 proto_tree_add_text(tree, tvb, offset, length,
1619 "Original address: bad length, should be 4, is %u",
1624 case 5: /* ID_IPV6_ADDR */
1626 tvb_memcpy(tvb, (guint8 *)&addr_ipv6, offset, length);
1627 proto_tree_add_text(tree, tvb, offset, length,
1628 "Original address: %s",
1629 ip6_to_str(&addr_ipv6));
1631 proto_tree_add_text(tree, tvb, offset, length,
1632 "Original address: bad length, should be 16, is %u",
1638 proto_tree_add_text(tree, tvb, offset, length,
1639 "Original address: bad address type");
1645 dissect_ts(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1646 packet_info *pinfo _U_, int unused _U_)
1648 guint8 num, tstype, protocol_id, addrlen;
1651 proto_tree_add_text(tree, tvb, offset, length, "Traffic Selector");
1653 num = tvb_get_guint8(tvb, offset);
1654 proto_item_append_text(tree," # %d", num);
1655 proto_tree_add_text(tree, tvb, offset, 1,
1656 "Number of TSs: %u", num);
1660 while (length > 0) {
1661 tstype = tvb_get_guint8(tvb, offset);
1662 proto_tree_add_text(tree, tvb, offset, 1,
1664 v2_tstype2str(tstype), tstype);
1676 * XXX should the remaining of the length check be done here ?
1677 * it seems other routines don't check the length.
1679 if (length < (8 + addrlen * 2)) {
1680 proto_tree_add_text(tree, tvb, offset, length,
1681 "Length mismatch (%u)", length);
1687 protocol_id = tvb_get_guint8(tvb, offset);
1688 proto_tree_add_text(tree, tvb, offset, 1,
1689 "Protocol ID: (%u)", protocol_id);
1693 len = tvb_get_ntohs(tvb, offset);
1694 proto_tree_add_text(tree, tvb, offset, 2,
1695 "Selector Length: %u", len);
1699 port = tvb_get_ntohs(tvb, offset);
1700 proto_tree_add_text(tree, tvb, offset, 2,
1701 "Start Port: (%u)", port);
1705 port = tvb_get_ntohs(tvb, offset);
1706 proto_tree_add_text(tree, tvb, offset, 2,
1707 "End Port: (%u)", port);
1711 proto_tree_add_text(tree, tvb, offset, length,
1712 "Starting Address: %s",
1713 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
1717 proto_tree_add_text(tree, tvb, offset, length,
1718 "Starting Address: %s",
1719 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
1726 dissect_enc(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1727 packet_info *pinfo _U_, int unused _U_)
1729 proto_tree_add_text(tree, tvb, offset, 4, "Initialization Vector: 0x%s",
1730 tvb_bytes_to_str(tvb, offset, 4));
1731 proto_tree_add_text(tree, tvb, offset + 4, length, "Encrypted Data");
1735 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1736 packet_info *pinfo _U_, int unused _U_)
1738 proto_tree_add_text(tree, tvb, offset, length, "EAP Message");
1742 payloadtype2str(guint8 type)
1744 struct payload_func *f;
1746 if ((f = getpayload_func(type)) != NULL)
1749 if (isakmp_version == 1) {
1752 return "Private USE";
1753 } else if (isakmp_version == 2) {
1755 return "PRIVATE USE";
1757 return "RESERVED TO IANA";
1760 return "UNKNOWN-ISAKMP-VERSION";
1764 exchtype2str(guint8 type)
1766 static const value_string vs_v1_exchange[] = {
1769 { 2, "Identity Protection (Main Mode)" },
1770 { 3, "Authentication Only" },
1771 { 4, "Aggressive" },
1772 { 5, "Informational" },
1773 { 6, "Transaction (Config Mode)" },
1774 { 32, "Quick Mode" },
1775 { 33, "New Group Mode" },
1779 static const value_string vs_v2_exchange[] = {
1780 { 34, "IKE_SA_INIT" },
1781 { 35, "IKE_AUTH " },
1782 { 36, "CREATE_CHILD_SA" },
1786 if (isakmp_version == 1) {
1787 if (type > 6 && type < 32)
1788 return "ISAKMP Future Use";
1789 if (type > 33 && type < 240)
1790 return "DOI Specific Use";
1791 return val_to_str(type, vs_v1_exchange, "Private Use");
1792 } else if (isakmp_version == 2) {
1795 if (type > 37 && type < 240)
1796 return "Reserved for IKEv2+";
1797 return val_to_str(type, vs_v2_exchange, "Reserved for private use");
1799 return "UNKNOWN-ISAKMP-VERSION";
1803 doitype2str(guint32 type)
1805 if (type == 1) return "IPSEC";
1806 return "Unknown DOI Type";
1810 msgtype2str(guint16 type)
1812 static const value_string vs_v1_notifmsg[] = {
1814 { 1, "INVALID-PAYLOAD-TYPE" },
1815 { 2, "DOI-NOT-SUPPORTED" },
1816 { 3, "SITUATION-NOT-SUPPORTED" },
1817 { 4, "INVALID-COOKIE" },
1818 { 5, "INVALID-MAJOR-VERSION" },
1819 { 6, "INVALID-MINOR-VERSION" },
1820 { 7, "INVALID-EXCHANGE-TYPE" },
1821 { 8, "INVALID-FLAGS" },
1822 { 9, "INVALID-MESSAGE-ID" },
1823 { 10, "INVALID-PROTOCOL-ID" },
1824 { 11, "INVALID-SPI" },
1825 { 12, "INVALID-TRANSFORM-ID" },
1826 { 13, "ATTRIBUTES-NOT-SUPPORTED" },
1827 { 14, "NO-PROPOSAL-CHOSEN" },
1828 { 15, "BAD-PROPOSAL-SYNTAX" },
1829 { 16, "PAYLOAD-MALFORMED" },
1830 { 17, "INVALID-KEY-INFORMATION" },
1831 { 18, "INVALID-ID-INFORMATION" },
1832 { 19, "INVALID-CERT-ENCODING" },
1833 { 20, "INVALID-CERTIFICATE" },
1834 { 21, "CERT-TYPE-UNSUPPORTED" },
1835 { 22, "INVALID-CERT-AUTHORITY" },
1836 { 23, "INVALID-HASH-INFORMATION" },
1837 { 24, "AUTHENTICATION-FAILED" },
1838 { 25, "INVALID-SIGNATURE" },
1839 { 26, "ADDRESS-NOTIFICATION" },
1840 { 27, "NOTIFY-SA-LIFETIME" },
1841 { 28, "CERTIFICATE-UNAVAILABLE" },
1842 { 29, "UNSUPPORTED-EXCHANGE-TYPE" },
1843 { 30, "UNEQUAL-PAYLOAD-LENGTHS" },
1844 { 8192, "RESERVED" },
1845 { 16384, "RESPONDER-LIFETIME" },
1846 { 24576, "REPLAY-STATUS" },
1847 { 24577, "DOI-specific codes" }, /* XXX missing number ? */
1848 { 24578, "INITIAL-CONTACT" },
1852 static const value_string vs_v2_notifmsg[] = {
1854 { 4, "INVALID_IKE_SPI" },
1855 { 5, "INVALID_MAJOR_VERSION" },
1856 { 7, "INVALID_SYNTAX" },
1857 { 9, "INVALID_MESSAGE_ID" },
1858 { 11, "INVALID_SPI" },
1859 { 14, "NO_PROPOSAL_CHOSEN" },
1860 { 17, "INVALID_KE_PAYLOAD" },
1861 { 24, "AUTHENTICATION_FAILED" },
1862 { 34, "SINGLE_PAIR_REQUIRED" },
1863 { 35, "NO_ADDITIONAL_SAS" },
1864 { 36, "INTERNAL_ADDRESS_FAILURE" },
1865 { 37, "FAILED_CP_REQUIRED" },
1866 { 38, "TS_UNACCEPTABLE" },
1867 { 39, "INVALID_SELECTORS" },
1868 { 16384, "INITIAL_CONTACT" },
1869 { 16385, "SET_WINDOW_SIZE" },
1870 { 16386, "ADDITIONAL_TS_POSSIBLE" },
1871 { 16387, "IPCOMP_SUPPORTED" },
1872 { 16388, "NAT_DETECTION_SOURCE_IP" },
1873 { 16389, "NAT_DETECTION_DESTINATION_IP" },
1874 { 16390, "COOKIE" },
1875 { 16391, "USE_TRANSPORT_MODE" },
1876 { 16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
1877 { 16393, "REKEY_SA" },
1878 { 16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
1879 { 16395, "NON_FIRST_FRAGMENTS_ALSO" },
1883 if (isakmp_version == 1) {
1884 if (type > 30 && type < 8192)
1885 return "RESERVED (Future Use)";
1886 if (type > 8192 && type < 16384)
1887 return "Private Use";
1888 if (type > 16384 && type < 24576)
1889 return "RESERVED (Future Use) - status";
1890 if (type > 24578 && type < 32768)
1891 return "DOI-specific codes";
1892 if (type > 32767 && type < 40960)
1893 return "Private Use - status";
1894 if (type > 40959 && type < 65535)
1895 return "RESERVED (Future Use) - status (2)";
1896 return val_to_str(type, vs_v1_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
1897 } else if (isakmp_version == 2) {
1898 if (type >= 40 && type <= 8191)
1899 return "RESERVED TO IANA - Error types";
1900 if (type >= 16396 && type <= 40959)
1901 return "RESERVED TO IANA - STATUS TYPES";
1902 if (type >= 8192 && type <= 16383)
1903 return "Private Use - Errors";
1905 return "Private Use - STATUS TYPES";
1906 return val_to_str(type, vs_v2_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
1908 return "UNKNOWN-ISAKMP-VERSION";
1912 situation2str(guint32 type)
1915 #define SIT_MSG_NUM 1024
1916 #define SIT_IDENTITY 0x01
1917 #define SIT_SECRECY 0x02
1918 #define SIT_INTEGRITY 0x04
1920 static char msg[SIT_MSG_NUM];
1925 if (type & SIT_IDENTITY) {
1926 ret = snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
1927 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
1929 msg[SIT_MSG_NUM-1] = '\0';
1935 if (type & SIT_SECRECY) {
1936 if (n >= SIT_MSG_NUM) {
1940 ret = snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
1941 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
1943 msg[SIT_MSG_NUM-1] = '\0';
1949 if (type & SIT_INTEGRITY) {
1950 if (n >= SIT_MSG_NUM) {
1954 ret = snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
1955 if (ret == -1 || ret >= SIT_MSG_NUM-n) {
1957 msg[SIT_MSG_NUM-1] = '\0';
1968 v2_attrval2str(guint16 att_type, guint32 value)
1970 value = 0; /* dummy to be less warning in compiling it */
1973 return "Key-Length";
1975 return "UNKNOWN-ATTRIBUTE-TYPE";
1980 v1_attrval2str(int ike_p1, guint16 att_type, guint32 value)
1982 static const value_string vs_v1_attrval_lttype[] = {
1989 static const value_string vs_v1_attrval_encap[] = {
1993 { 3, "UDP-Encapsulated-Tunnel" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
1994 { 4, "UDP-Encapsulated-Transport" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
1995 { 61440, "Check Point IPSec UDP Encapsulation" },
1996 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
1997 { 61444, "UDP-Encapsulated-Transport (draft)" },
2001 static const value_string vs_v1_attrval_auth[] = {
2007 { 5, "HMAC-SHA2-256" },
2008 { 6, "HMAC-SHA2-384" },
2009 { 7, "HMAC-SHA2-512" },
2013 static const value_string vs_v1_attrval_enc[] = {
2017 { 3, "BLOWFISH-CBC" },
2018 { 4, "RC5-R16-B64-CBC" },
2025 static const value_string vs_v1_attrval_hash[] = {
2036 static const value_string vs_v1_attrval_authmeth[] = {
2042 { 5, "RSA-Revised-ENC" },
2043 { 6, "Encryption with El-Gamal" },
2044 { 7, "Revised encryption with El-Gamal" },
2045 { 8, "ECDSA signatures" },
2046 { 9, "AES-XCBC-MAC" },
2047 { 64221, "HybridInitRSA" },
2048 { 64222, "HybridRespRSA" },
2049 { 64223, "HybridInitDSS" },
2050 { 64224, "HybridRespDSS" },
2051 { 65001, "XAUTHInitPreShared" },
2052 { 65002, "XAUTHRespPreShared" },
2053 { 65003, "XAUTHInitDSS" },
2054 { 65004, "XAUTHRespDSS" },
2055 { 65005, "XAUTHInitRSA" },
2056 { 65006, "XAUTHRespRSA" },
2057 { 65007, "XAUTHInitRSAEncryption" },
2058 { 65008, "XAUTHRespRSAEncryption" },
2059 { 65009, "XAUTHInitRSARevisedEncryption" },
2060 { 65010, "XAUTHRespRSARevisedEncryption" },
2064 static const value_string vs_v1_attrval_grpdesc[] = {
2065 { 0, "UNDEFINED - 0" },
2066 { 1, "Default 768-bit MODP group" },
2067 { 2, "Alternate 1024-bit MODP group" },
2068 { 3, "EC2N group on GP[2^155] group" },
2069 { 4, "EC2N group on GP[2^185] group" },
2070 { 5, "1536 bit MODP group" },
2071 { 6, "EC2N group over GF[2^163]" },
2072 { 7, "EC2N group over GF[2^163]" },
2073 { 8, "EC2N group over GF[2^283]" },
2074 { 9, "EC2N group over GF[2^283]" },
2075 { 10, "EC2N group over GF[2^409]" },
2076 { 11, "EC2N group over GF[2^409]" },
2077 { 12, "EC2N group over GF[2^571]" },
2078 { 13, "EC2N group over GF[2^571]" },
2079 { 14, "2048 bit MODP group" },
2080 { 15, "3072 bit MODP group" },
2081 { 16, "4096 bit MODP group" },
2082 { 17, "6144 bit MODP group" },
2083 { 18, "8192 bit MODP group" },
2087 static const value_string vs_v1_attrval_grptype[] = {
2088 { 0, "UNDEFINED - 0" },
2095 static const value_string vs_v1_attrval_lifetype[] = {
2096 { 0, "UNDEFINED - 0" },
2102 if (value == 0) return "RESERVED";
2107 return val_to_str(value, vs_v1_attrval_lttype, "UNKNOWN-LIFETIME-TYPE");
2109 return "Duration-Value";
2111 return "Group-Value";
2113 return val_to_str(value, vs_v1_attrval_encap, "UNKNOWN-ENCAPSULATION-VALUE");
2115 return val_to_str(value, vs_v1_attrval_auth, "UNKNOWN-AUTHENTICATION-VALUE");
2117 return "Key-Length";
2119 return "Key-Rounds";
2121 return "Compress-Dictionary-size";
2123 return "Compress Private Algorithm";
2125 return "UNKNOWN-ATTRIBUTE-TYPE";
2131 return val_to_str(value, vs_v1_attrval_enc, "UNKNOWN-ENCRYPTION-ALG");
2133 return val_to_str(value, vs_v1_attrval_hash, "UNKNOWN-HASH-ALG");
2135 return val_to_str(value, vs_v1_attrval_authmeth, "UNKNOWN-AUTH-METHOD");
2137 return val_to_str(value, vs_v1_attrval_grpdesc, "UNKNOWN-GROUP-DESCRIPTION");
2144 return "Group-Value";
2146 return val_to_str(value, vs_v1_attrval_grptype, "UNKNOWN-GROUP-TYPE");
2148 return val_to_str(value, vs_v1_attrval_lifetype, "UNKNOWN-LIFE-TYPE");
2150 return "Duration-Value";
2154 return "Key-Length";
2156 return "Field-Size";
2158 return "UNKNOWN-ATTRIBUTE-TYPE";
2164 cfgtype2str(guint8 type)
2166 static const value_string vs_v1_cfgtype[] = {
2168 { 1, "ISAKMP_CFG_REQUEST" },
2169 { 2, "ISAKMP_CFG_REPLY" },
2170 { 3, "ISAKMP_CFG_SET" },
2171 { 4, "ISAKMP_CFG_ACK" },
2176 static const value_string vs_v2_cfgtype[] = {
2178 { 1, "CFG_REQUEST" },
2186 if (isakmp_version == 1) {
2187 if (type >= 5 && type <= 127)
2188 return "Future use";
2190 return "Private Use";
2191 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
2192 } else if (isakmp_version == 2) {
2193 if (type >= 5 && type <= 127)
2194 return "RESERVED TO IANA";
2196 return "PRIVATE USE";
2197 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
2199 return "UNKNOWN-ISAKMP-VERSION";
2205 static const value_string vs_v1_ident[] = {
2210 { 4, "IPV4_ADDR_SUBNET" },
2212 { 6, "IPV6_ADDR_SUBNET" },
2213 { 7, "IPV4_ADDR_RANGE" },
2214 { 8, "IPV6_ADDR_RANGE" },
2215 { 9, "DER_ASN1_DN" },
2216 { 10, "DER_ASN1_GN" },
2220 static const value_string vs_v2_ident[] = {
2225 { 4, "IPV4_ADDR_SUBNET" },
2227 { 9, "DER_ASN1_DN" },
2228 { 10, "DER_ASN1_GN" },
2233 if (isakmp_version == 1)
2234 return val_to_str(type, vs_v1_ident, "UNKNOWN-ID-TYPE");
2235 else if (isakmp_version == 2) {
2236 if ((type >= 6 && type <=8) || (type >= 12 && type <= 200))
2237 return "Reserved to IANA";
2239 return "Reserved for private use";
2240 return val_to_str(type, vs_v2_ident, "UNKNOWN-ID-TYPE");
2242 return "UNKNOWN-ISAKMP-VERSION";
2246 v2_tstype2str(guint8 type)
2248 static const value_string vs_v2_tstype[] = {
2249 { 7, "TS_IPV4_ADDR_RANGE" },
2250 { 8, "TS_IPV6_ADDR_RANGE" },
2256 if (type >= 9 && type <= 240)
2257 return "RESERVED TO IANA";
2259 return "PRIVATE USE";
2260 return val_to_str(type, vs_v2_tstype, "UNKNOWN-TS-TYPE");
2264 v2_auth2str(guint8 type)
2266 static const value_string vs_v2_authmeth[] = {
2267 { 0, "RESERVED TO IANA" },
2268 { 1, "RSA Digital Signature" },
2269 { 2, "Shared Key Message Integrity Code" },
2270 { 3, "DSS Digital Signature" },
2274 if (type >= 4 && type <= 200)
2275 return "RESERVED TO IANA";
2277 return "PRIVATE USE";
2278 return val_to_str(type, vs_v2_authmeth, "UNKNOWN-AUTHMETHOD-TYPE");
2282 cfgattr2str(guint16 ident)
2284 static const value_string vs_v1_cfgattr[] = {
2286 { 1, "INTERNAL_IP4_ADDRESS" },
2287 { 2, "INTERNAL_IP4_NETMASK" },
2288 { 3, "INTERNAL_IP4_DNS" },
2289 { 4, "INTERNAL_IP4_NBNS" },
2290 { 5, "INTERNAL_ADDRESS_EXPIREY" },
2291 { 6, "INTERNAL_IP4_DHCP" },
2292 { 7, "APPLICATION_VERSION" },
2293 { 8, "INTERNAL_IP6_ADDRESS" },
2294 { 9, "INTERNAL_IP6_NETMASK" },
2295 { 10, "INTERNAL_IP6_DNS" },
2296 { 11, "INTERNAL_IP6_NBNS" },
2297 { 12, "INTERNAL_IP6_DHCP" },
2298 { 13, "INTERNAL_IP4_SUBNET" },
2299 { 14, "SUPPORTED_ATTRIBUTES" },
2300 { 16520, "XAUTH_TYPE" },
2301 { 16521, "XAUTH_USER_NAME" },
2302 { 16522, "XAUTH_USER_PASSWORD" },
2303 { 16523, "XAUTH_PASSCODE" },
2304 { 16524, "XAUTH_MESSAGE" },
2305 { 16525, "XAUTH_CHALLANGE" },
2306 { 16526, "XAUTH_DOMAIN" },
2307 { 16527, "XAUTH_STATUS" },
2308 { 16528, "XAUTH_NEXT_PIN" },
2309 { 16529, "XAUTH_ANSWER" },
2313 static const value_string vs_v2_cfgattr[] = {
2315 { 1, "INTERNAL_IP4_ADDRESS" },
2316 { 2, "INTERNAL_IP4_NETMASK" },
2317 { 3, "INTERNAL_IP4_DNS" },
2318 { 4, "INTERNAL_IP4_NBNS" },
2319 { 5, "INTERNAL_ADDRESS_EXPIREY" },
2320 { 6, "INTERNAL_IP4_DHCP" },
2321 { 7, "APPLICATION_VERSION" },
2322 { 8, "INTERNAL_IP6_ADDRESS" },
2324 { 10, "INTERNAL_IP6_DNS" },
2325 { 11, "INTERNAL_IP6_NBNS" },
2326 { 12, "INTERNAL_IP6_DHCP" },
2327 { 13, "INTERNAL_IP4_SUBNET" },
2328 { 14, "SUPPORTED_ATTRIBUTES" },
2329 { 15, "INTERNAL_IP6_SUBNET" },
2333 if (isakmp_version == 1) {
2334 if (ident >= 15 && ident <= 16383)
2335 return "Future use";
2336 if (ident >= 16384 && ident <= 16519)
2337 return "PRIVATE USE";
2338 if (ident >= 16530 && ident <= 32767)
2339 return "PRIVATE USE";
2340 return val_to_str(ident, vs_v1_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
2341 } else if (isakmp_version == 2) {
2342 if (ident >= 16 && ident <= 16383)
2343 return "RESERVED TO IANA";
2344 if (ident >= 16384 && ident <= 32767)
2345 return "PRIVATE USE";
2346 return val_to_str(ident, vs_v2_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
2348 return "UNKNOWN-ISAKMP-VERSION";
2352 certtype2str(guint8 type)
2354 static const value_string vs_v1_certtype[] = {
2356 { 1, "PKCS #7 wrapped X.509 certificate" },
2357 { 2, "PGP Certificate" },
2358 { 3, "DNS Signed Key" },
2359 { 4, "X.509 Certificate - Signature" },
2360 { 5, "X.509 Certificate - Key Exchange" },
2361 { 6, "Kerberos Tokens" },
2362 { 7, "Certificate Revocation List (CRL)" },
2363 { 8, "Authority Revocation List (ARL)" },
2364 { 9, "SPKI Certificate" },
2365 { 10, "X.509 Certificate - Attribute" },
2369 static const value_string vs_v2_certtype[] = {
2371 { 1, "PKCS #7 wrapped X.509 certificate" },
2372 { 2, "PGP Certificate" },
2373 { 3, "DNS Signed Key" },
2374 { 4, "X.509 Certificate - Signature" },
2375 { 5, "*undefined by any document*" },
2376 { 6, "Kerberos Tokens" },
2377 { 7, "Certificate Revocation List (CRL)" },
2378 { 8, "Authority Revocation List (ARL)" },
2379 { 9, "SPKI Certificate" },
2380 { 10, "X.509 Certificate - Attribute" },
2381 { 11, "Raw RSA Key" },
2382 { 12, "Hash and URL of X.509 certificate" },
2383 { 13, "Hash and URL of X.509 bundle" },
2387 if (isakmp_version == 1)
2388 return val_to_str(type, vs_v1_certtype, "RESERVED");
2389 else if (isakmp_version == 2) {
2390 if (type >= 14 && type <= 200)
2391 return "RESERVED to IANA";
2393 return "PRIVATE USE";
2394 return val_to_str(type, vs_v2_certtype, "RESERVED");
2396 return "UNKNOWN-ISAKMP-VERSION";
2400 get_num(tvbuff_t *tvb, int offset, guint16 len, guint32 *num_p)
2404 *num_p = tvb_get_guint8(tvb, offset);
2407 *num_p = tvb_get_ntohs(tvb, offset);
2410 *num_p = tvb_get_ntoh24(tvb, offset);
2413 *num_p = tvb_get_ntohl(tvb, offset);
2423 proto_register_isakmp(void)
2425 static hf_register_info hf[] = {
2426 { &hf_ike_certificate_authority,
2427 { "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, "Certificate Authority Distinguished Name", HFILL }
2430 static gint *ett[] = {
2433 &ett_isakmp_payload,
2436 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
2437 "ISAKMP", "isakmp");
2438 proto_register_field_array(proto_isakmp, hf, array_length(hf));
2439 proto_register_subtree_array(ett, array_length(ett));
2441 register_dissector("isakmp", dissect_isakmp, proto_isakmp);
2445 proto_reg_handoff_isakmp(void)
2447 dissector_handle_t isakmp_handle;
2449 isakmp_handle = find_dissector("isakmp");
2450 dissector_add("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
2451 dissector_add("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);