2 * Routines for PacketCable (PKTC) Kerberized Key Management and
3 * PacketCable (PKTC) MTA FQDN packet disassembly
6 * [1] PacketCable 1.0 Security Specification, PKT-SP-SEC-I11-040730, July 30,
7 * 2004, Cable Television Laboratories, Inc., http://www.PacketCable.com/
14 * Ethereal - Network traffic analyzer
15 * By Gerald Combs <gerald@ethereal.com>
16 * Copyright 1998 Gerald Combs
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version 2
21 * of the License, or (at your option) any later version.
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #include <epan/packet.h>
38 #include "packet-pktc.h"
39 #include "packet-kerberos.h"
40 #include "packet-snmp.h"
42 #define PKTC_PORT 1293
43 #define PKTC_MTAFQDN_PORT 2246
45 static int proto_pktc = -1;
46 static gint hf_pktc_app_spec_data = -1;
47 static gint hf_pktc_list_of_ciphersuites = -1;
48 static gint hf_pktc_list_of_ciphersuites_len = -1;
49 static gint hf_pktc_kmmid = -1;
50 static gint hf_pktc_doi = -1;
51 static gint hf_pktc_version_major = -1;
52 static gint hf_pktc_version_minor = -1;
53 static gint hf_pktc_server_nonce = -1;
54 static gint hf_pktc_server_principal = -1;
55 static gint hf_pktc_timestamp = -1;
56 static gint hf_pktc_snmpEngineID_len = -1;
57 static gint hf_pktc_snmpEngineID = -1;
58 static gint hf_pktc_snmpEngineBoots = -1;
59 static gint hf_pktc_snmpEngineTime = -1;
60 static gint hf_pktc_usmUserName_len = -1;
61 static gint hf_pktc_usmUserName = -1;
62 static gint hf_pktc_ipsec_spi = -1;
63 static gint hf_pktc_snmpAuthenticationAlgorithm = -1;
64 static gint hf_pktc_snmpEncryptionTransformID = -1;
65 static gint hf_pktc_ipsecAuthenticationAlgorithm = -1;
66 static gint hf_pktc_ipsecEncryptionTransformID = -1;
67 static gint hf_pktc_reestablish_flag = -1;
68 static gint hf_pktc_ack_required_flag = -1;
69 static gint hf_pktc_sha1_hmac = -1;
70 static gint hf_pktc_sec_param_lifetime = -1;
71 static gint hf_pktc_grace_period = -1;
73 static gint hf_pktc_mtafqdn_msgtype = -1;
74 static gint hf_pktc_mtafqdn_enterprise = -1;
75 static gint hf_pktc_mtafqdn_version = -1;
76 static gint hf_pktc_mtafqdn_mac = -1;
77 static gint hf_pktc_mtafqdn_pub_key_hash = -1;
78 static gint hf_pktc_mtafqdn_manu_cert_revoked = -1;
79 static gint hf_pktc_mtafqdn_fqdn = -1;
80 static gint hf_pktc_mtafqdn_ip = -1;
82 static gint ett_pktc = -1;
83 static gint ett_pktc_app_spec_data = -1;
84 static gint ett_pktc_list_of_ciphersuites = -1;
85 static gint ett_pktc_engineid = -1;
87 static gint ett_pktc_mtafqdn = -1;
89 #define KMMID_WAKEUP 0x01
90 #define KMMID_AP_REQUEST 0x02
91 #define KMMID_AP_REPLY 0x03
92 #define KMMID_SEC_PARAM_REC 0x04
93 #define KMMID_REKEY 0x05
94 #define KMMID_ERROR_REPLY 0x06
95 static const value_string kmmid_types[] = {
96 { KMMID_WAKEUP , "Wake Up" },
97 { KMMID_AP_REQUEST , "AP Request" },
98 { KMMID_AP_REPLY , "AP Reply" },
99 { KMMID_SEC_PARAM_REC , "Security Parameter Recovered" },
100 { KMMID_REKEY , "Rekey" },
101 { KMMID_ERROR_REPLY , "Error Reply" },
107 #define SNMPv3_NULL 0x20
108 #define SNMPv3_DES 0x21
109 #define SNMPv3_HMAC_MD5 0x21
110 #define SNMPv3_HMAC_SHA1 0x22
111 #define ESP_3DES 0x03
113 #define ESP_IDEA 0x05
114 #define ESP_CAST 0x06
115 #define ESP_BLOWFISH 0x07
116 #define ESP_NULL 0x0b
118 #define HMAC_MD5_96 0x01
119 #define HMAC_SHA1_96 0x02
122 /* Domain of Interpretation */
123 static const value_string doi_types[] = {
124 { DOI_IPSEC , "IPsec" },
125 { DOI_SNMPv3 , "SNMPv3" },
129 /* SNMPv3 ciphersuites */
130 static const value_string snmp_authentication_algorithm_vals[] = {
131 { SNMPv3_HMAC_MD5 , "HMAC-MD5" },
132 { SNMPv3_HMAC_SHA1 , "HMAC-SHA1" },
135 static const value_string snmp_transform_id_vals[] = {
136 { SNMPv3_NULL , "NULL" }, /* no encryption */
137 { SNMPv3_DES , "DES" },
141 /* IPsec ciphersuites */
142 static const value_string ipsec_transform_id_vals[] = {
143 { ESP_3DES , "3DES" },
145 { ESP_IDEA , "IDEA" },
146 { ESP_CAST , "CAST" },
147 { ESP_BLOWFISH , "BLOWFISH" },
148 { ESP_NULL , "NULL" }, /* no encryption, RFC 2410 */
149 { ESP_AES , "AES-128" },
153 static const value_string ipsec_authentication_algorithm_vals[] = {
154 { HMAC_MD5_96 , "HMAC-MD5-96" }, /* RFC 2403 */
155 { HMAC_SHA1_96 , "HMAC-SHA-1-96" }, /* RFC 2404 */
159 /* MTA FQDN Message Types */
160 #define PKTC_MTAFQDN_REQ 0x01
161 #define PKTC_MTAFQDN_REP 0x02
162 #define PKTC_MTAFQDN_ERR 0x03
163 static const value_string pktc_mtafqdn_msgtype_vals[] = {
164 { PKTC_MTAFQDN_REQ, "MTA FQDN Request" },
165 { PKTC_MTAFQDN_REP, "MTA FQDN Reply" },
166 { PKTC_MTAFQDN_ERR, "MTA FQDN Error Reply" },
171 dissect_pktc_app_specific_data(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 doi, guint8 kmmid)
173 int old_offset=offset;
174 proto_tree *tree = NULL;
175 proto_tree *engineid_tree = NULL;
176 proto_item *item = NULL;
177 proto_item *engineid_item = NULL;
181 item = proto_tree_add_item(parent_tree, hf_pktc_app_spec_data, tvb, offset, -1, FALSE);
182 tree = proto_item_add_subtree(item, ett_pktc_app_spec_data);
188 /* we dont distinguish between manager and agent engineid.
189 feel free to add separation for this if it is imporant enough
191 case KMMID_AP_REQUEST:
193 /* snmpEngineID Length */
194 len=tvb_get_guint8(tvb, offset);
195 proto_tree_add_uint(tree, hf_pktc_snmpEngineID_len, tvb, offset, 1, len);
199 engineid_item = proto_tree_add_item(tree, hf_pktc_snmpEngineID, tvb, offset, len, FALSE);
200 engineid_tree = proto_item_add_subtree(engineid_item, ett_pktc_engineid);
201 dissect_snmp_engineid(engineid_tree, tvb, offset, len);
205 proto_tree_add_item(tree, hf_pktc_snmpEngineBoots, tvb, offset, 4, FALSE);
209 proto_tree_add_item(tree, hf_pktc_snmpEngineTime, tvb, offset, 4, FALSE);
212 /* usmUserName Length */
213 len=tvb_get_guint8(tvb, offset);
214 proto_tree_add_uint(tree, hf_pktc_usmUserName_len, tvb, offset, 1, len);
218 proto_tree_add_item(tree, hf_pktc_usmUserName, tvb, offset, len, FALSE);
223 proto_tree_add_text(tree, tvb, offset, 1, "Unknown KMMID");
224 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
229 /* we dont distinguish between SPIs for inbound Security Associations
230 of the client (AP-REQ) vs. server (AP-REP, REKEY). Feel free to add
231 separation for this if it is imporant enough for you. */
232 case KMMID_AP_REQUEST:
235 /* Security Parameter Index (SPI) */
236 proto_tree_add_item(tree, hf_pktc_ipsec_spi, tvb, offset, 4, FALSE);
241 proto_tree_add_text(tree, tvb, offset, 1, "Unknown KMMID");
242 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
246 proto_tree_add_text(tree, tvb, offset, 1, "Unknown DOI");
247 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
250 proto_item_set_len(item, offset-old_offset);
255 dissect_pktc_list_of_ciphersuites(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 doi)
257 int old_offset=offset;
258 proto_tree *tree = NULL;
259 proto_item *item = NULL;
263 item = proto_tree_add_item(parent_tree, hf_pktc_list_of_ciphersuites, tvb, offset, -1, FALSE);
264 tree = proto_item_add_subtree(item, ett_pktc_list_of_ciphersuites);
268 /* number of ciphersuites */
269 len=tvb_get_guint8(tvb, offset);
271 proto_item_append_text(tree, " (%d):", len);
273 proto_tree_add_uint_hidden(tree, hf_pktc_list_of_ciphersuites_len, tvb, offset, 1, len);
279 /* SNMPv3 authentication algorithm */
280 proto_tree_add_item(tree, hf_pktc_snmpAuthenticationAlgorithm, tvb, offset, 1, FALSE);
281 proto_item_append_text(tree, " %s", val_to_str(tvb_get_guint8(tvb, offset), snmp_authentication_algorithm_vals, "%0x"));
284 /* SNMPv3 encryption transform id */
285 proto_tree_add_item(tree, hf_pktc_snmpEncryptionTransformID, tvb, offset, 1, FALSE);
286 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_guint8(tvb, offset), snmp_transform_id_vals, "%0x"));
292 /* IPsec authentication algorithm */
293 proto_tree_add_item(tree, hf_pktc_ipsecAuthenticationAlgorithm, tvb, offset, 1, FALSE);
294 proto_item_append_text(tree, " %s", val_to_str(tvb_get_guint8(tvb, offset), ipsec_authentication_algorithm_vals, "%0x"));
297 /* IPsec encryption transform id */
298 proto_tree_add_item(tree, hf_pktc_ipsecEncryptionTransformID, tvb, offset, 1, FALSE);
299 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_guint8(tvb, offset), ipsec_transform_id_vals, "%0x"));
304 proto_tree_add_text(tree, tvb, offset, 1, "Unknown DOI");
305 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
308 proto_item_set_len(item, offset-old_offset);
313 dissect_pktc_wakeup(proto_tree *tree, tvbuff_t *tvb, int offset)
319 snonce=tvb_get_ntohl(tvb, offset);
320 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
323 /* Server Kerberos Principal Identifier */
324 string_len=tvb_strsize(tvb, offset);
325 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, FALSE);
332 dissect_pktc_ap_request(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
337 /* AP Request kerberos blob */
338 pktc_tvb = tvb_new_subset(tvb, offset, -1, -1);
339 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
342 snonce=tvb_get_ntohl(tvb, offset);
343 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
346 /* app specific data */
347 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REQUEST);
349 /* list of ciphersuites */
350 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
352 /* re-establish flag */
353 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, FALSE);
357 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, FALSE);
364 dissect_pktc_ap_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
368 /* AP Reply kerberos blob */
369 pktc_tvb = tvb_new_subset(tvb, offset, -1, -1);
370 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
372 /* app specific data */
373 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REPLY);
375 /* selected ciphersuite */
376 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
378 /* sec param lifetime */
379 proto_tree_add_uint_format(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4,
380 tvb_get_ntohl(tvb, offset), "%s: %s",
381 proto_registrar_get_name(hf_pktc_sec_param_lifetime),
382 time_secs_to_str(tvb_get_ntohl(tvb, offset)));
386 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, FALSE);
389 /* re-establish flag */
390 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, FALSE);
393 /* ack required flag */
394 proto_tree_add_item(tree, hf_pktc_ack_required_flag, tvb, offset, 1, FALSE);
398 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, FALSE);
405 dissect_pktc_sec_param_rec(proto_tree *tree, tvbuff_t *tvb, int offset)
407 /* sha-1 hmac of the subkey of the preceding AP-REP */
408 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, FALSE);
415 dissect_pktc_rekey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
419 const guint8 *timestr;
422 snonce=tvb_get_ntohl(tvb, offset);
423 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
426 /* Server Kerberos Principal Identifier */
427 string_len=tvb_strsize(tvb, offset);
428 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, FALSE);
431 /* Timestamp: YYMMDDhhmmssZ */
432 /* They really came up with a two-digit year in late 1990s! =8o */
433 timestr=tvb_get_ptr(tvb, offset, 13);
434 proto_tree_add_string_format(tree, hf_pktc_timestamp, tvb, offset, 13, timestr,
435 "%s: %.2s-%.2s-%.2s %.2s:%.2s:%.2s",
436 proto_registrar_get_name(hf_pktc_timestamp),
437 timestr, timestr+2, timestr+4, timestr+6, timestr+8, timestr+10);
440 /* app specific data */
441 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_REKEY);
443 /* list of ciphersuites */
444 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
446 /* sec param lifetime */
447 proto_tree_add_item(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4, FALSE);
451 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, FALSE);
454 /* re-establish flag */
455 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, FALSE);
459 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, FALSE);
466 dissect_pktc_error_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
471 pktc_tvb = tvb_new_subset(tvb, offset, -1, -1);
472 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
478 dissect_pktc_mtafqdn_krbsafeuserdata(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
480 int offset=0, string_len=0;
486 msgtype = tvb_get_guint8(tvb, offset);
487 proto_tree_add_uint(tree, hf_pktc_mtafqdn_msgtype, tvb, offset, 1, msgtype);
490 if (check_col(pinfo->cinfo, COL_INFO))
491 col_set_str(pinfo->cinfo, COL_INFO,
492 val_to_str(msgtype, pktc_mtafqdn_msgtype_vals, "MsgType %u"));
495 proto_tree_add_uint(tree, hf_pktc_mtafqdn_enterprise, tvb, offset, 4, tvb_get_ntohl(tvb, offset));
498 /* protocol version */
499 proto_tree_add_uint(tree, hf_pktc_mtafqdn_version, tvb, offset, 1, tvb_get_guint8(tvb, offset));
503 case PKTC_MTAFQDN_REQ:
504 /* MTA MAC address */
505 proto_tree_add_ether(tree, hf_pktc_mtafqdn_mac, tvb, offset, 6, tvb_get_ptr(tvb, offset, 6));
508 /* MTA pub key hash */
509 proto_tree_add_item(tree, hf_pktc_mtafqdn_pub_key_hash, tvb, offset, 20, FALSE);
512 /* manufacturer cert revocation time */
513 bignum = tvb_get_ntohl(tvb, offset);
515 proto_tree_add_time_format(tree, hf_pktc_mtafqdn_manu_cert_revoked, tvb, offset, 4,
517 proto_registrar_get_name(hf_pktc_mtafqdn_manu_cert_revoked),
518 (bignum==0) ? "not revoked" : abs_time_secs_to_str(bignum));
521 case PKTC_MTAFQDN_REP:
523 string_len = tvb_length_remaining(tvb, offset) - 4;
524 proto_tree_add_item(tree, hf_pktc_mtafqdn_fqdn, tvb, offset, string_len, FALSE);
528 tvb_memcpy(tvb, (guint8 *)&bignum, offset, sizeof(bignum));
529 proto_tree_add_ipv4(tree, hf_pktc_mtafqdn_ip, tvb, offset, 4, bignum);
537 static kerberos_callbacks cb[] = {
538 { KRB_CBTAG_SAFE_USER_DATA, dissect_pktc_mtafqdn_krbsafeuserdata },
543 dissect_pktc_mtafqdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
546 proto_tree *pktc_mtafqdn_tree = NULL;
547 proto_item *item = NULL;
548 tvbuff_t *pktc_mtafqdn_tvb;
550 if (check_col(pinfo->cinfo, COL_PROTOCOL))
551 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
554 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 0, FALSE);
555 pktc_mtafqdn_tree = proto_item_add_subtree(item, ett_pktc_mtafqdn);
558 if (check_col(pinfo->cinfo, COL_INFO)) {
559 col_add_fstr(pinfo->cinfo, COL_INFO, "MTA FQDN %s",
560 pinfo->srcport == pinfo->match_port ? "Reply":"Request");
565 pktc_mtafqdn_tvb = tvb_new_subset(tvb, offset, -1, -1);
566 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, NULL);
569 pktc_mtafqdn_tvb = tvb_new_subset(tvb, offset, -1, -1);
570 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, cb);
572 proto_item_set_len(item, offset);
577 dissect_pktc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
579 guint8 kmmid, doi, version;
581 proto_tree *pktc_tree = NULL;
582 proto_item *item = NULL;
584 if (check_col(pinfo->cinfo, COL_PROTOCOL))
585 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
588 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 3, FALSE);
589 pktc_tree = proto_item_add_subtree(item, ett_pktc);
592 /* key management message id */
593 kmmid=tvb_get_guint8(tvb, offset);
594 proto_tree_add_uint(pktc_tree, hf_pktc_kmmid, tvb, offset, 1, kmmid);
597 /* domain of interpretation */
598 doi=tvb_get_guint8(tvb, offset);
599 proto_tree_add_uint(pktc_tree, hf_pktc_doi, tvb, offset, 1, doi);
603 version=tvb_get_guint8(tvb, offset);
604 proto_tree_add_text(pktc_tree, tvb, offset, 1, "Version: %d.%d", (version>>4)&0x0f, (version)&0x0f);
605 proto_tree_add_uint_hidden(pktc_tree, hf_pktc_version_major, tvb, offset, 1, (version>>4)&0x0f);
606 proto_tree_add_uint_hidden(pktc_tree, hf_pktc_version_minor, tvb, offset, 1, (version)&0x0f);
610 if (check_col(pinfo->cinfo, COL_INFO)) {
611 col_add_str(pinfo->cinfo, COL_INFO,
612 val_to_str(kmmid, kmmid_types, "Unknown KMMID %#x"));
613 col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
614 val_to_str(doi, doi_types, "Unknown DOI %#x"));
619 offset=dissect_pktc_wakeup(pktc_tree, tvb, offset);
621 case KMMID_AP_REQUEST:
622 offset=dissect_pktc_ap_request(pinfo, pktc_tree, tvb, offset, doi);
625 offset=dissect_pktc_ap_reply(pinfo, pktc_tree, tvb, offset, doi);
627 case KMMID_SEC_PARAM_REC:
628 offset=dissect_pktc_sec_param_rec(pktc_tree, tvb, offset);
631 offset=dissect_pktc_rekey(pinfo, pktc_tree, tvb, offset, doi);
633 case KMMID_ERROR_REPLY:
634 offset=dissect_pktc_error_reply(pinfo, pktc_tree, tvb, offset);
638 proto_item_set_len(item, offset);
642 proto_register_pktc(void)
644 static hf_register_info hf[] = {
646 "Key Management Message ID", "pktc.kmmid", FT_UINT8, BASE_HEX,
647 VALS(kmmid_types), 0, "Key Management Message ID", HFILL }},
649 "Domain of Interpretation", "pktc.doi", FT_UINT8, BASE_DEC,
650 VALS(doi_types), 0, "Domain of Interpretation", HFILL }},
651 { &hf_pktc_version_major, {
652 "Major version", "pktc.version.major", FT_UINT8, BASE_DEC,
653 NULL, 0, "Major version of PKTC", HFILL }},
654 { &hf_pktc_version_minor, {
655 "Minor version", "pktc.version.minor", FT_UINT8, BASE_DEC,
656 NULL, 0, "Minor version of PKTC", HFILL }},
657 { &hf_pktc_server_nonce, {
658 "Server Nonce", "pktc.server_nonce", FT_UINT32, BASE_HEX,
659 NULL, 0, "Server Nonce random number", HFILL }},
660 { &hf_pktc_server_principal, {
661 "Server Kerberos Principal Identifier", "pktc.server_principal", FT_STRING, BASE_DEC,
662 NULL, 0, "Server Kerberos Principal Identifier", HFILL }},
663 { &hf_pktc_timestamp, {
664 "Timestamp", "pktc.timestamp", FT_STRING, BASE_NONE,
665 NULL, 0, "Timestamp (UTC)", HFILL }},
666 { &hf_pktc_app_spec_data, {
667 "Application Specific Data", "pktc.asd", FT_NONE, BASE_HEX,
668 NULL, 0, "KMMID/DOI application specific data", HFILL }},
669 { &hf_pktc_list_of_ciphersuites, {
670 "List of Ciphersuites", "pktc.ciphers", FT_NONE, BASE_HEX,
671 NULL, 0, "List of Ciphersuites", HFILL }},
672 { &hf_pktc_list_of_ciphersuites_len, {
673 "Number of Ciphersuites", "pktc.ciphers.len", FT_UINT8, BASE_DEC,
674 NULL, 0, "Number of Ciphersuites", HFILL }},
675 { &hf_pktc_snmpAuthenticationAlgorithm, {
676 "SNMPv3 Authentication Algorithm", "pktc.asd.snmp_auth_alg", FT_UINT8, BASE_HEX,
677 VALS(snmp_authentication_algorithm_vals), 0, "SNMPv3 Authentication Algorithm", HFILL }},
678 { &hf_pktc_snmpEncryptionTransformID, {
679 "SNMPv3 Encryption Transform ID", "pktc.asd.snmp_enc_alg", FT_UINT8, BASE_HEX,
680 VALS(snmp_transform_id_vals), 0, "SNMPv3 Encryption Transform ID", HFILL }},
681 { &hf_pktc_ipsecAuthenticationAlgorithm, {
682 "IPsec Authentication Algorithm", "pktc.asd.ipsec_auth_alg", FT_UINT8, BASE_HEX,
683 VALS(ipsec_authentication_algorithm_vals), 0, "IPsec Authentication Algorithm", HFILL }},
684 { &hf_pktc_ipsecEncryptionTransformID, {
685 "IPsec Encryption Transform ID", "pktc.asd.ipsec_enc_alg", FT_UINT8, BASE_HEX,
686 VALS(ipsec_transform_id_vals), 0, "IPsec Encryption Transform ID", HFILL }},
687 { &hf_pktc_snmpEngineID_len, {
688 "SNMPv3 Engine ID Length", "pktc.asd.snmp_engine_id.len", FT_UINT8, BASE_DEC,
689 NULL, 0, "Length of SNMPv3 Engine ID", HFILL }},
690 { &hf_pktc_snmpEngineID, {
691 "SNMPv3 Engine ID", "pktc.asd.snmp_engine_id", FT_BYTES, BASE_HEX,
692 NULL, 0, "SNMPv3 Engine ID", HFILL }},
693 { &hf_pktc_snmpEngineBoots, {
694 "SNMPv3 Engine Boots", "pktc.asd.snmp_engine_boots", FT_UINT32, BASE_DEC,
695 NULL, 0, "SNMPv3 Engine Boots", HFILL }},
696 { &hf_pktc_snmpEngineTime, {
697 "SNMPv3 Engine Time", "pktc.asd.snmp_engine_time", FT_UINT32, BASE_DEC,
698 NULL, 0, "SNMPv3 Engine ID Time", HFILL }},
699 { &hf_pktc_usmUserName_len, {
700 "SNMPv3 USM User Name Length", "pktc.asd.snmp_usm_username.len", FT_UINT8, BASE_DEC,
701 NULL, 0, "Length of SNMPv3 USM User Name", HFILL }},
702 { &hf_pktc_usmUserName, {
703 "SNMPv3 USM User Name", "pktc.asd.snmp_usm_username", FT_STRING, BASE_DEC,
704 NULL, 0, "SNMPv3 USM User Name", HFILL }},
705 { &hf_pktc_ipsec_spi, {
706 "IPsec Security Parameter Index", "pktc.asd.ipsec_spi", FT_UINT32, BASE_HEX,
707 NULL, 0, "Security Parameter Index for inbound Security Association (IPsec)", HFILL }},
708 { &hf_pktc_reestablish_flag, {
709 "Re-establish Flag", "pktc.reestablish", FT_BOOLEAN, BASE_NONE,
710 NULL, 0, "Re-establish Flag", HFILL }},
711 { &hf_pktc_ack_required_flag, {
712 "ACK Required Flag", "pktc.ack_required", FT_BOOLEAN, BASE_NONE,
713 NULL, 0, "ACK Required Flag", HFILL }},
714 { &hf_pktc_sec_param_lifetime, {
715 "Security Parameter Lifetime", "pktc.spl", FT_UINT32, BASE_DEC,
716 NULL, 0, "Lifetime in seconds of security parameter", HFILL }},
717 { &hf_pktc_sha1_hmac, {
718 "SHA-1 HMAC", "pktc.sha1_hmac", FT_BYTES, BASE_HEX,
719 NULL, 0, "SHA-1 HMAC", HFILL }},
720 { &hf_pktc_grace_period, {
721 "Grace Period", "pktc.grace_period", FT_UINT32, BASE_DEC,
722 NULL, 0, "Grace Period in seconds", HFILL }},
724 static gint *ett[] = {
726 &ett_pktc_app_spec_data,
727 &ett_pktc_list_of_ciphersuites,
731 proto_pktc = proto_register_protocol("PacketCable", "PKTC", "pktc");
732 proto_register_field_array(proto_pktc, hf, array_length(hf));
733 proto_register_subtree_array(ett, array_length(ett));
737 proto_reg_handoff_pktc(void)
739 dissector_handle_t pktc_handle;
741 pktc_handle = create_dissector_handle(dissect_pktc, proto_pktc);
742 dissector_add("udp.port", PKTC_PORT, pktc_handle);
747 proto_register_pktc_mtafqdn(void)
749 static hf_register_info hf[] = {
750 { &hf_pktc_mtafqdn_msgtype, {
751 "Message Type", "pktc.mtafqdn.msgtype", FT_UINT8, BASE_DEC,
752 VALS(pktc_mtafqdn_msgtype_vals), 0, "MTA FQDN Message Type", HFILL }},
753 { &hf_pktc_mtafqdn_enterprise, {
754 "Enterprise Number", "pktc.mtafqdn.enterprise", FT_UINT32, BASE_DEC,
755 NULL, 0, "Enterprise Number", HFILL }},
756 { &hf_pktc_mtafqdn_version, {
757 "Protocol Version", "pktc.mtafqdn.version", FT_UINT8, BASE_DEC,
758 NULL, 0, "MTA FQDN Protocol Version", HFILL }},
760 { &hf_pktc_mtafqdn_mac, {
761 "MTA MAC address", "pktc.mtafqdn.mac", FT_ETHER, BASE_NONE,
762 NULL, 0, "MTA MAC address", HFILL }},
763 { &hf_pktc_mtafqdn_pub_key_hash, {
764 "MTA Public Key Hash", "pktc.mtafqdn.pub_key_hash", FT_BYTES, BASE_HEX,
765 NULL, 0, "MTA Public Key Hash (SHA-1)", HFILL }},
766 { &hf_pktc_mtafqdn_manu_cert_revoked, {
767 "Manufacturer Cert Revocation Time", "pktc.mtafqdn.manu_cert_revoked", FT_ABSOLUTE_TIME, BASE_NONE,
768 NULL, 0, "Manufacturer Cert Revocation Time (UTC) or 0 if not revoked", HFILL }},
770 { &hf_pktc_mtafqdn_fqdn, {
771 "MTA FQDN", "pktc.mtafqdn.fqdn", FT_STRING, BASE_NONE,
772 NULL, 0, "MTA FQDN", HFILL }},
773 { &hf_pktc_mtafqdn_ip, {
774 "MTA IP Address", "pktc.mtafqdn.ip", FT_IPv4, BASE_NONE,
775 NULL, 0, "MTA IP Address (all zeros if not supplied)", HFILL }},
777 static gint *ett[] = {
781 proto_register_field_array(proto_pktc, hf, array_length(hf));
782 proto_register_subtree_array(ett, array_length(ett));
786 proto_reg_handoff_pktc_mtafqdn(void)
788 dissector_handle_t pktc_mtafqdn_handle;
790 pktc_mtafqdn_handle = create_dissector_handle(dissect_pktc_mtafqdn, proto_pktc);
791 dissector_add("udp.port", PKTC_MTAFQDN_PORT, pktc_mtafqdn_handle);