2 * Routines for IPsec packet disassembly
4 * $Id: packet-ipsec.c,v 1.1 1999/03/29 02:21:34 gram Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 # include <sys/types.h>
36 #ifdef HAVE_NETINET_IN_H
37 # include <netinet/in.h>
45 guint8 ah_nxt; /* Next Header */
46 guint8 ah_len; /* Length of data + 1, in 32bit */
47 guint16 ah_reserve; /* Reserved for future use */
48 guint32 ah_spi; /* Security parameter index */
49 guint32 ah_seq; /* Sequence number field */
50 /* variable size, 32bit bound*/ /* Authentication data */
54 guint32 esp_spi; /* ESP */
55 guint32 esp_seq; /* Sequence number */
56 /*variable size*/ /* (IV and) Payload data */
57 /*variable size*/ /* padding */
58 /*8bit*/ /* pad size */
59 /*8bit*/ /* next header */
60 /*8bit*/ /* next header */
61 /*variable size, 32bit bound*/ /* Authentication data */
65 #define offsetof(type, member) ((size_t)(&((type *)0)->member))
69 dissect_ah(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
76 memcpy(&ah, (void *) &pd[offset], sizeof(ah));
77 advance = sizeof(ah) + ((ah.ah_len - 1) << 2);
79 if (check_col(fd, COL_PROTOCOL))
80 col_add_str(fd, COL_PROTOCOL, "AH");
81 if (check_col(fd, COL_INFO)) {
82 col_add_fstr(fd, COL_INFO, "AH (SPI=%08x)",
83 (guint32)ntohl(ah.ah_spi));
87 /* !!! specify length */
88 ti = proto_tree_add_item(tree, offset, advance, "Authentication Header");
89 ah_tree = proto_tree_new();
90 proto_item_add_subtree(ti, ah_tree, ETT_AH);
92 proto_tree_add_item(ah_tree, offset + offsetof(struct newah, ah_nxt), 1,
93 "Next Header: %d", ah.ah_nxt);
94 proto_tree_add_item(ah_tree, offset + offsetof(struct newah, ah_len), 1,
95 "Length: %d", ah.ah_len << 2);
96 proto_tree_add_item(ah_tree, offset + offsetof(struct newah, ah_spi), 4,
97 "SPI: %08x", (guint32)ntohl(ah.ah_spi));
98 proto_tree_add_item(ah_tree, offset + offsetof(struct newah, ah_seq), 4,
99 "Sequence?: %08x", (guint32)ntohl(ah.ah_seq));
100 proto_tree_add_item(ah_tree, offset + sizeof(ah), (ah.ah_len - 1) << 2,
104 /* start of the new header (could be a extension header) */
109 dissect_esp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
111 proto_tree *esp_tree;
115 memcpy(&esp, (void *) &pd[offset], sizeof(esp));
118 * load the top pane info. This should be overwritten by
119 * the next protocol in the stack
121 if (check_col(fd, COL_PROTOCOL))
122 col_add_str(fd, COL_PROTOCOL, "ESP");
123 if (check_col(fd, COL_INFO)) {
124 col_add_fstr(fd, COL_INFO, "ESP (SPI=%08x)",
125 (guint32)ntohl(esp.esp_spi));
129 * populate a tree in the second pane with the status of the link layer
133 ti = proto_tree_add_item(tree, 0, 0, "Encapsulated Security Payload");
134 esp_tree = proto_tree_new();
135 proto_item_add_subtree(ti, esp_tree, ETT_ESP);
136 proto_tree_add_item(esp_tree, offset + offsetof(struct newesp, esp_spi), 4,
137 "SPI: %08x", (guint32)ntohl(esp.esp_spi));
138 proto_tree_add_item(esp_tree, offset + offsetof(struct newesp, esp_seq), 4,
139 "Sequence?: %08x", (guint32)ntohl(esp.esp_seq));