2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * $Id: packet-isakmp.c,v 1.53 2002/01/21 23:35:31 guy Exp $
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 # include <sys/types.h>
39 #ifdef HAVE_NETINET_IN_H
40 #include <netinet/in.h>
45 #ifdef NEED_SNPRINTF_H
46 # include "snprintf.h"
49 #include <epan/packet.h>
52 static int proto_isakmp = -1;
54 static gint ett_isakmp = -1;
55 static gint ett_isakmp_flags = -1;
56 static gint ett_isakmp_payload = -1;
58 #define UDP_PORT_ISAKMP 500
59 #define TCP_PORT_ISAKMP 500
61 #define NUM_PROTO_TYPES 5
62 #define proto2str(t) \
63 ((t < NUM_PROTO_TYPES) ? prototypestr[t] : "UNKNOWN-PROTO-TYPE")
65 static const char *prototypestr[NUM_PROTO_TYPES] = {
73 #define NUM_P1_ATT_TYPES 17
74 #define p1_atttype2str(t) \
75 ((t < NUM_P1_ATT_TYPES) ? p1_atttypestr[t] : "UNKNOWN-ATTRIBUTE-TYPE")
77 static const char *p1_atttypestr[NUM_P1_ATT_TYPES] = {
78 "UNKNOWN-ATTRIBUTE-TYPE",
79 "Encryption-Algorithm",
81 "Authentication-Method",
85 "Group-Generator-One",
86 "Group-Generator-Two",
97 #define NUM_ATT_TYPES 11
98 #define atttype2str(t) \
99 ((t < NUM_ATT_TYPES) ? atttypestr[t] : "UNKNOWN-ATTRIBUTE-TYPE")
101 static const char *atttypestr[NUM_ATT_TYPES] = {
102 "UNKNOWN-ATTRIBUTE-TYPE",
106 "Encapsulation-Mode",
107 "Authentication-Algorithm",
110 "Compress-Dictinary-Size",
111 "Compress-Private-Algorithm",
115 #define NUM_TRANS_TYPES 2
116 #define trans2str(t) \
117 ((t < NUM_TRANS_TYPES) ? transtypestr[t] : "UNKNOWN-TRANS-TYPE")
119 static const char *transtypestr[NUM_TRANS_TYPES] = {
124 #define NUM_AH_TRANS_TYPES 8
125 #define ah_trans2str(t) \
126 ((t < NUM_AH_TRANS_TYPES) ? ah_transtypestr[t] : "UNKNOWN-AH-TRANS-TYPE")
128 static const char *ah_transtypestr[NUM_AH_TRANS_TYPES] = {
139 #define NUM_ESP_TRANS_TYPES 13
140 #define esp_trans2str(t) \
141 ((t < NUM_ESP_TRANS_TYPES) ? esp_transtypestr[t] : "UNKNOWN-ESP-TRANS-TYPE")
143 static const char *esp_transtypestr[NUM_ESP_TRANS_TYPES] = {
159 #define NUM_IPCOMP_TRANS_TYPES 5
160 #define ipcomp_trans2str(t) \
161 ((t < NUM_IPCOMP_TRANS_TYPES) ? ipcomp_transtypestr[t] : "UNKNOWN-IPCOMP-TRANS-TYPE")
163 static const char *ipcomp_transtypestr[NUM_IPCOMP_TRANS_TYPES] = {
171 #define NUM_ID_TYPES 12
173 ((t < NUM_ID_TYPES) ? idtypestr[t] : "UNKNOWN-ID-TYPE")
175 static const char *idtypestr[NUM_ID_TYPES] = {
200 guint8 message_id[4];
204 struct udp_encap_hdr {
205 guint8 non_ike_marker[8];
209 static proto_tree *dissect_payload_header(tvbuff_t *, int, int, guint8,
210 guint8 *, guint16 *, proto_tree *);
212 static void dissect_sa(tvbuff_t *, int, int, proto_tree *, int);
213 static void dissect_proposal(tvbuff_t *, int, int, proto_tree *, int);
214 static void dissect_transform(tvbuff_t *, int, int, proto_tree *, int);
215 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *, int);
216 static void dissect_id(tvbuff_t *, int, int, proto_tree *, int);
217 static void dissect_cert(tvbuff_t *, int, int, proto_tree *, int);
218 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, int);
219 static void dissect_hash(tvbuff_t *, int, int, proto_tree *, int);
220 static void dissect_sig(tvbuff_t *, int, int, proto_tree *, int);
221 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *, int);
222 static void dissect_notif(tvbuff_t *, int, int, proto_tree *, int);
223 static void dissect_delete(tvbuff_t *, int, int, proto_tree *, int);
224 static void dissect_vid(tvbuff_t *, int, int, proto_tree *, int);
225 static void dissect_config(tvbuff_t *, int, int, proto_tree *, int);
227 static const char *payloadtype2str(guint8);
228 static const char *exchtype2str(guint8);
229 static const char *doitype2str(guint32);
230 static const char *msgtype2str(guint16);
231 static const char *situation2str(guint32);
232 static const char *value2str(int, guint16, guint16);
233 static const char *attrtype2str(guint8);
234 static const char *cfgattrident2str(guint16);
235 static const char *certtype2str(guint8);
237 static gboolean get_num(tvbuff_t *, int, guint16, guint32 *);
239 #define LOAD_TYPE_NONE 0 /* payload type for None */
240 #define LOAD_TYPE_PROPOSAL 2 /* payload type for Proposal */
241 #define LOAD_TYPE_TRANSFORM 3 /* payload type for Transform */
242 #define NUM_LOAD_TYPES 15
243 #define loadtype2str(t) \
244 ((t < NUM_LOAD_TYPES) ? strfuncs[t].str : "Unknown payload type")
246 static struct strfunc {
248 void (*func)(tvbuff_t *, int, int, proto_tree *, int);
249 } strfuncs[NUM_LOAD_TYPES] = {
251 {"Security Association", dissect_sa },
252 {"Proposal", dissect_proposal },
253 {"Transform", dissect_transform },
254 {"Key Exchange", dissect_key_exch },
255 {"Identification", dissect_id },
256 {"Certificate", dissect_cert },
257 {"Certificate Request", dissect_certreq },
258 {"Hash", dissect_hash },
259 {"Signature", dissect_sig },
260 {"Nonce", dissect_nonce },
261 {"Notification", dissect_notif },
262 {"Delete", dissect_delete },
263 {"Vendor ID", dissect_vid },
264 {"Attrib", dissect_config }
267 static dissector_handle_t esp_handle;
268 static dissector_handle_t ah_handle;
271 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, guint8 initial_payload,
272 int offset, int length)
274 guint8 payload, next_payload;
275 guint16 payload_length;
278 for (payload = initial_payload; length != 0; payload = next_payload) {
279 if (payload == LOAD_TYPE_NONE) {
281 * What? There's more stuff in this chunk of data, but the
282 * previous payload had a "next payload" type of None?
284 proto_tree_add_text(tree, tvb, offset, length,
286 tvb_bytes_to_str(tvb, offset, length));
289 ntree = dissect_payload_header(tvb, offset, length, payload,
290 &next_payload, &payload_length, tree);
293 if (payload_length >= 4) { /* XXX = > 4? */
294 if (payload < NUM_LOAD_TYPES) {
295 (*strfuncs[payload].func)(tvb, offset + 4, payload_length - 4, ntree,
299 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4,
304 proto_tree_add_text(ntree, tvb, offset + 4, 0,
305 "Payload (bogus, length is %u, must be at least 4)",
309 offset += payload_length;
310 length -= payload_length;
315 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
318 struct isakmp_hdr * hdr;
320 proto_tree * isakmp_tree = NULL;
321 struct udp_encap_hdr * encap_hdr;
323 static const guint8 non_ike_marker[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
326 if (check_col(pinfo->cinfo, COL_PROTOCOL))
327 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
328 if (check_col(pinfo->cinfo, COL_INFO))
329 col_clear(pinfo->cinfo, COL_INFO);
331 hdr = (struct isakmp_hdr *)tvb_get_ptr(tvb, 0, sizeof (struct isakmp_hdr));
332 len = pntohl(&hdr->length);
335 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, len, FALSE);
336 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
339 encap_hdr = (struct udp_encap_hdr *)tvb_get_ptr(tvb, 0, sizeof(struct udp_encap_hdr));
341 if (encap_hdr->non_ike_marker[0] == 0xFF) {
342 if (check_col(pinfo->cinfo, COL_INFO))
343 col_set_str(pinfo->cinfo, COL_INFO, "UDP encapsulated IPSec - NAT Keepalive");
346 if (memcmp(encap_hdr->non_ike_marker,non_ike_marker,8) == 0) {
347 if (check_col(pinfo->cinfo, COL_INFO)) {
348 if (encap_hdr->esp_SPI != 0)
349 col_set_str(pinfo->cinfo, COL_INFO, "UDP encapsulated IPSec - ESP");
351 col_set_str(pinfo->cinfo, COL_INFO, "UDP encapsulated IPSec - AH");
354 proto_tree_add_text(isakmp_tree, tvb, offset,
355 sizeof(encap_hdr->non_ike_marker),
357 offset += sizeof(encap_hdr->non_ike_marker);
359 if (encap_hdr->esp_SPI != 0) {
360 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
361 call_dissector(esp_handle, next_tvb, pinfo, tree);
364 proto_tree_add_text(isakmp_tree, tvb, offset,
365 sizeof(encap_hdr->esp_SPI),
367 offset += sizeof(encap_hdr->esp_SPI);
370 proto_tree_add_text(isakmp_tree, tvb, offset, 1,
371 "AH Envelope Version: %u",
372 tvb_get_guint8(tvb, offset) >> 4);
376 proto_tree_add_text(isakmp_tree, tvb, offset, 1,
377 "AH Envelope Header Length: %u",
378 (tvb_get_guint8(tvb, offset) & 0xF)*4);
382 proto_tree_add_text(isakmp_tree, tvb, offset, 2,
383 "AH Envelope Identification: 0x%04X",
384 tvb_get_ntohs(tvb, offset));
387 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
388 call_dissector(ah_handle, next_tvb, pinfo, tree);
393 if (check_col(pinfo->cinfo, COL_INFO))
394 col_add_str(pinfo->cinfo, COL_INFO, exchtype2str(hdr->exch_type));
397 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->icookie),
399 offset += sizeof(hdr->icookie);
401 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->rcookie),
403 offset += sizeof(hdr->rcookie);
405 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->next_payload),
406 "Next payload: %s (%u)",
407 payloadtype2str(hdr->next_payload), hdr->next_payload);
408 offset += sizeof(hdr->next_payload);
410 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->version),
412 hi_nibble(hdr->version), lo_nibble(hdr->version));
413 offset += sizeof(hdr->version);
415 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->exch_type),
416 "Exchange type: %s (%u)",
417 exchtype2str(hdr->exch_type), hdr->exch_type);
418 offset += sizeof(hdr->exch_type);
424 fti = proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->flags), "Flags");
425 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
427 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
428 decode_boolean_bitfield(hdr->flags, E_FLAG, sizeof(hdr->flags)*8,
429 "Encryption", "No encryption"));
430 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
431 decode_boolean_bitfield(hdr->flags, C_FLAG, sizeof(hdr->flags)*8,
432 "Commit", "No commit"));
433 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
434 decode_boolean_bitfield(hdr->flags, A_FLAG, sizeof(hdr->flags)*8,
435 "Authentication", "No authentication"));
436 offset += sizeof(hdr->flags);
439 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->message_id),
440 "Message ID: 0x%02x%02x%02x%02x", hdr->message_id[0],
441 hdr->message_id[1], hdr->message_id[2], hdr->message_id[3]);
442 offset += sizeof(hdr->message_id);
444 proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr->length),
446 offset += sizeof(hdr->length);
449 if (hdr->flags & E_FLAG) {
450 if (len && isakmp_tree) {
451 proto_tree_add_text(isakmp_tree, tvb, offset, len,
452 "Encrypted payload (%d byte%s)",
453 len, plurality(len, "", "s"));
456 dissect_payloads(tvb, isakmp_tree, hdr->next_payload, offset, len);
461 dissect_payload_header(tvbuff_t *tvb, int offset, int length, guint8 payload,
462 guint8 *next_payload_p, guint16 *payload_length_p, proto_tree *tree)
465 guint16 payload_length;
470 proto_tree_add_text(tree, tvb, offset, length,
471 "Not enough room in payload for all transforms");
474 next_payload = tvb_get_guint8(tvb, offset);
475 payload_length = tvb_get_ntohs(tvb, offset + 2);
477 ti = proto_tree_add_text(tree, tvb, offset, payload_length,
478 "%s payload", loadtype2str(payload));
479 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
481 proto_tree_add_text(ntree, tvb, offset, 1,
482 "Next payload: %s (%u)",
483 payloadtype2str(next_payload), next_payload);
484 proto_tree_add_text(ntree, tvb, offset+2, 2, "Length: %u", payload_length);
486 *next_payload_p = next_payload;
487 *payload_length_p = payload_length;
492 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
499 proto_tree_add_text(tree, tvb, offset, length,
500 "DOI %s (length is %u, should be >= 4)",
501 tvb_bytes_to_str(tvb, offset, length), length);
504 doi = tvb_get_ntohl(tvb, offset);
505 proto_tree_add_text(tree, tvb, offset, 4,
506 "Domain of interpretation: %s (%u)",
507 doitype2str(doi), doi);
514 proto_tree_add_text(tree, tvb, offset, length,
515 "Situation: %s (length is %u, should be >= 4)",
516 tvb_bytes_to_str(tvb, offset, length), length);
519 situation = tvb_get_ntohl(tvb, offset);
520 proto_tree_add_text(tree, tvb, offset, 4,
521 "Situation: %s (%u)",
522 situation2str(situation), situation);
526 dissect_payloads(tvb, tree, LOAD_TYPE_PROPOSAL, offset, length);
529 proto_tree_add_text(tree, tvb, offset, length,
531 tvb_bytes_to_str(tvb, offset, length));
536 dissect_proposal(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
541 guint8 num_transforms;
543 guint16 payload_length;
546 proto_tree_add_text(tree, tvb, offset, 1,
547 "Proposal number: %u", tvb_get_guint8(tvb, offset));
551 protocol_id = tvb_get_guint8(tvb, offset);
552 proto_tree_add_text(tree, tvb, offset, 1,
553 "Protocol ID: %s (%u)",
554 proto2str(protocol_id), protocol_id);
558 spi_size = tvb_get_guint8(tvb, offset);
559 proto_tree_add_text(tree, tvb, offset, 1,
560 "SPI size: %u", spi_size);
564 num_transforms = tvb_get_guint8(tvb, offset);
565 proto_tree_add_text(tree, tvb, offset, 1,
566 "Number of transforms: %u", num_transforms);
571 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: %s",
572 tvb_bytes_to_str(tvb, offset, spi_size));
577 while (num_transforms > 0) {
578 ntree = dissect_payload_header(tvb, offset, length, LOAD_TYPE_TRANSFORM,
579 &next_payload, &payload_length, tree);
582 if (length < payload_length) {
583 proto_tree_add_text(tree, tvb, offset + 4, length,
584 "Not enough room in payload for all transforms");
587 if (payload_length >= 4)
588 dissect_transform(tvb, offset + 4, payload_length - 4, ntree, protocol_id);
590 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4, "Payload");
591 offset += payload_length;
592 length -= payload_length;
598 dissect_transform(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
603 proto_tree_add_text(tree, tvb, offset, 1,
604 "Transform number: %u", tvb_get_guint8(tvb, offset));
608 transform_id = tvb_get_guint8(tvb, offset);
609 switch (protocol_id) {
611 proto_tree_add_text(tree, tvb, offset, 1,
612 "Transform ID: %u", transform_id);
615 proto_tree_add_text(tree, tvb, offset, 1,
616 "Transform ID: %s (%u)",
617 trans2str(transform_id), transform_id);
620 proto_tree_add_text(tree, tvb, offset, 1,
621 "Transform ID: %s (%u)",
622 ah_trans2str(transform_id), transform_id);
625 proto_tree_add_text(tree, tvb, offset, 1,
626 "Transform ID: %s (%u)",
627 esp_trans2str(transform_id), transform_id);
630 proto_tree_add_text(tree, tvb, offset, 1,
631 "Transform ID: %s (%u)",
632 ipcomp_trans2str(transform_id), transform_id);
641 guint16 aft = tvb_get_ntohs(tvb, offset);
642 guint16 type = aft & 0x7fff;
647 if (protocol_id == 1 && transform_id == 1) {
649 str = p1_atttype2str(type);
652 str = atttype2str(type);
656 val = tvb_get_ntohs(tvb, offset + 2);
657 proto_tree_add_text(tree, tvb, offset, 4,
660 value2str(ike_phase1, type, val), val);
665 len = tvb_get_ntohs(tvb, offset + 2);
667 if (!get_num(tvb, offset + 4, len, &val)) {
668 proto_tree_add_text(tree, tvb, offset, pack_len,
669 "%s (%u): <too big (%u bytes)>",
672 proto_tree_add_text(tree, tvb, offset, pack_len,
675 value2str(ike_phase1, type, val), val);
684 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
687 proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data");
691 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
698 id_type = tvb_get_guint8(tvb, offset);
699 proto_tree_add_text(tree, tvb, offset, 1,
700 "ID type: %s (%u)", id2str(id_type), id_type);
704 protocol_id = tvb_get_guint8(tvb, offset);
705 if (protocol_id == 0) {
706 proto_tree_add_text(tree, tvb, offset, 1,
707 "Protocol ID: Unused");
709 proto_tree_add_text(tree, tvb, offset, 1,
710 "Protocol ID: %s (%u)",
711 ipprotostr(protocol_id), protocol_id);
716 port = tvb_get_ntohs(tvb, offset);
718 proto_tree_add_text(tree, tvb, offset, 2, "Port: Unused");
720 proto_tree_add_text(tree, tvb, offset, 2, "Port: %u", port);
726 proto_tree_add_text(tree, tvb, offset, length,
727 "Identification data: %s",
728 ip_to_str(tvb_get_ptr(tvb, offset, 4)));
732 proto_tree_add_text(tree, tvb, offset, length,
733 "Identification data: %.*s", length,
734 tvb_get_ptr(tvb, offset, length));
737 proto_tree_add_text(tree, tvb, offset, length,
738 "Identification data: %s/%s",
739 ip_to_str(tvb_get_ptr(tvb, offset, 4)),
740 ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
743 proto_tree_add_text(tree, tvb, offset, length, "Identification Data");
749 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
754 cert_enc = tvb_get_guint8(tvb, offset);
755 proto_tree_add_text(tree, tvb, offset, 1,
756 "Certificate encoding: %u - %s",
757 cert_enc, certtype2str(cert_enc));
761 proto_tree_add_text(tree, tvb, offset, length, "Certificate Data");
765 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
770 cert_type = tvb_get_guint8(tvb, offset);
771 proto_tree_add_text(tree, tvb, offset, 1,
772 "Certificate type: %u - %s",
773 cert_type, certtype2str(cert_type));
777 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
781 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
784 proto_tree_add_text(tree, tvb, offset, length, "Hash Data");
788 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
791 proto_tree_add_text(tree, tvb, offset, length, "Signature Data");
795 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
798 proto_tree_add_text(tree, tvb, offset, length, "Nonce Data");
802 dissect_notif(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
810 doi = tvb_get_ntohl(tvb, offset);
811 proto_tree_add_text(tree, tvb, offset, 4,
812 "Domain of Interpretation: %s (%u)",
813 doitype2str(doi), doi);
817 protocol_id = tvb_get_guint8(tvb, offset);
818 proto_tree_add_text(tree, tvb, offset, 1,
819 "Protocol ID: %s (%u)",
820 proto2str(protocol_id), protocol_id);
824 spi_size = tvb_get_guint8(tvb, offset);
825 proto_tree_add_text(tree, tvb, offset, 1,
826 "SPI size: %u", spi_size);
830 msgtype = tvb_get_ntohs(tvb, offset);
831 proto_tree_add_text(tree, tvb, offset, 2,
832 "Message type: %s (%u)", msgtype2str(msgtype), msgtype);
837 proto_tree_add_text(tree, tvb, offset, spi_size, "Security Parameter Index");
843 proto_tree_add_text(tree, tvb, offset, length, "Notification Data");
847 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
856 doi = tvb_get_ntohl(tvb, offset);
857 proto_tree_add_text(tree, tvb, offset, 4,
858 "Domain of Interpretation: %s (%u)",
859 doitype2str(doi), doi);
863 protocol_id = tvb_get_guint8(tvb, offset);
864 proto_tree_add_text(tree, tvb, offset, 1,
865 "Protocol ID: %s (%u)",
866 proto2str(protocol_id), protocol_id);
870 spi_size = tvb_get_guint8(tvb, offset);
871 proto_tree_add_text(tree, tvb, offset, 1,
872 "SPI size: %u", spi_size);
876 num_spis = tvb_get_ntohs(tvb, offset);
877 proto_tree_add_text(tree, tvb, offset, 2,
878 "Number of SPIs: %u", num_spis);
882 for (i = 0; i < num_spis; ++i) {
883 if (length < spi_size) {
884 proto_tree_add_text(tree, tvb, offset, length,
885 "Not enough room in payload for all SPI's");
888 proto_tree_add_text(tree, tvb, offset, spi_size,
896 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
899 proto_tree_add_text(tree, tvb, offset, length, "Vendor ID");
903 dissect_config(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
908 type = tvb_get_guint8(tvb, offset);
909 proto_tree_add_text(tree, tvb, offset, 1,
910 "Type %s (%u)",attrtype2str(type),type);
915 proto_tree_add_text(tree, tvb, offset, 2,
916 "Identifier: %u", tvb_get_ntohs(tvb, offset));
921 guint16 aft = tvb_get_ntohs(tvb, offset);
922 guint16 type = aft & 0x7fff;
928 val = tvb_get_ntohs(tvb, offset + 2);
929 proto_tree_add_text(tree, tvb, offset, 4,
930 "%s (%u)", cfgattrident2str(type), val);
935 len = tvb_get_ntohs(tvb, offset + 2);
937 if (!get_num(tvb, offset + 4, len, &val)) {
938 proto_tree_add_text(tree, tvb, offset, pack_len,
939 "%s: <too big (%u bytes)>",
940 cfgattrident2str(type), len);
942 proto_tree_add_text(tree, tvb, offset, 4,
943 "%s (%ue)", cfgattrident2str(type),
953 payloadtype2str(guint8 type) {
955 if (type < NUM_LOAD_TYPES) return strfuncs[type].str;
956 if (type < 128) return "RESERVED";
957 if (type < 256) return "Private USE";
959 return "Huh? You should never see this! Shame on you!";
963 exchtype2str(guint8 type) {
965 #define NUM_EXCHSTRS 7
966 static const char * exchstrs[NUM_EXCHSTRS] = {
969 "Identity Protection (Main Mode)",
970 "Authentication Only",
973 "Transaction (Config Mode)"
976 if (type < NUM_EXCHSTRS) return exchstrs[type];
977 if (type < 32) return "ISAKMP Future Use";
982 return "New Group Mode";
984 if (type < 240) return "DOI Specific Use";
985 if (type < 256) return "Private Use";
987 return "Huh? You should never see this! Shame on you!";
991 doitype2str(guint32 type) {
992 if (type == 1) return "IPSEC";
993 return "Unknown DOI Type";
997 msgtype2str(guint16 type) {
999 #define NUM_PREDEFINED 31
1000 static const char *msgs[NUM_PREDEFINED] = {
1002 "INVALID-PAYLOAD-TYPE",
1003 "DOI-NOT-SUPPORTED",
1004 "SITUATION-NOT-SUPPORTED",
1006 "INVALID-MAJOR-VERSION",
1007 "INVALID-MINOR-VERSION",
1008 "INVALID-EXCHANGE-TYPE",
1010 "INVALID-MESSAGE-ID",
1011 "INVALID-PROTOCOL-ID",
1013 "INVALID-TRANSFORM-ID",
1014 "ATTRIBUTES-NOT-SUPPORTED",
1015 "NO-PROPOSAL-CHOSEN",
1016 "BAD-PROPOSAL-SYNTAX",
1017 "PAYLOAD-MALFORMED",
1018 "INVALID-KEY-INFORMATION",
1019 "INVALID-ID-INFORMATION",
1020 "INVALID-CERT-ENCODING",
1021 "INVALID-CERTIFICATE",
1022 "CERT-TYPE-UNSUPPORTED",
1023 "INVALID-CERT-AUTHORITY",
1024 "INVALID-HASH-INFORMATION",
1025 "AUTHENTICATION-FAILED",
1026 "INVALID-SIGNATURE",
1027 "ADDRESS-NOTIFICATION",
1028 "NOTIFY-SA-LIFETIME",
1029 "CERTIFICATE-UNAVAILABLE",
1030 "UNSUPPORTED-EXCHANGE-TYPE",
1031 "UNEQUAL-PAYLOAD-LENGTHS"
1034 if (type < NUM_PREDEFINED) return msgs[type];
1035 if (type < 8192) return "RESERVED (Future Use)";
1036 if (type < 16384) return "Private Use";
1037 if (type < 16385) return "CONNECTED";
1038 if (type < 24576) return "RESERVED (Future Use) - status";
1039 if (type < 24577) return "RESPONDER-LIFETIME";
1040 if (type < 24578) return "REPLAY-STATUS";
1041 if (type < 24579) return "INITIAL-CONTACT";
1042 if (type < 32768) return "DOI-specific codes";
1043 if (type < 40960) return "Private Use - status";
1044 if (type < 65535) return "RESERVED (Future Use) - status (2)";
1046 return "Huh? You should never see this! Shame on you!";
1050 situation2str(guint32 type) {
1052 #define SIT_MSG_NUM 1024
1053 #define SIT_IDENTITY 0x01
1054 #define SIT_SECRECY 0x02
1055 #define SIT_INTEGRITY 0x04
1057 static char msg[SIT_MSG_NUM];
1062 if (type & SIT_IDENTITY) {
1063 ret = snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
1065 /* Some versions of snprintf return -1 if they'd truncate the output. */
1071 if (type & SIT_SECRECY) {
1072 if (n >= SIT_MSG_NUM) {
1076 ret = snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
1078 /* Some versions of snprintf return -1 if they'd truncate the output. */
1084 if (type & SIT_INTEGRITY) {
1085 if (n >= SIT_MSG_NUM) {
1089 ret = snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
1091 /* Some versions of snprintf return -1 if they'd truncate the output. */
1102 value2str(int ike_p1, guint16 att_type, guint16 value) {
1104 if (value == 0) return "RESERVED";
1110 case 1: return "Seconds";
1111 case 2: return "Kilobytes";
1112 default: return "UNKNOWN-SA-VALUE";
1115 return "Duration-Value";
1117 return "Group-Value";
1120 case 1: return "Tunnel";
1121 case 2: return "Transport";
1122 case 61440: return "Check Point IPSec UDP Encapsulation";
1123 case 61443: return "UDP-Encapsulated-Tunnel (draft)";
1124 case 61444: return "UDP-Encapsulated-Transport (draft)";
1125 default: return "UNKNOWN-ENCAPSULATION-VALUE";
1129 case 1: return "HMAC-MD5";
1130 case 2: return "HMAC-SHA";
1131 case 3: return "DES-MAC";
1132 case 4: return "KPDK";
1133 case 5: return "HMAC-SHA2-256";
1134 case 6: return "HMAC-SHA2-384";
1135 case 7: return "HMAC-SHA2-512";
1136 default: return "UNKNOWN-AUTHENTICATION-VALUE";
1139 return "Key-Length";
1141 return "Key-Rounds";
1144 default: return "UNKNOWN-ATTRIBUTE-TYPE";
1151 case 1: return "DES-CBC";
1152 case 2: return "IDEA-CBC";
1153 case 3: return "BLOWFISH-CBC";
1154 case 4: return "RC5-R16-B64-CBC";
1155 case 5: return "3DES-CBC";
1156 case 6: return "CAST-CBC";
1157 case 7: return "AES-CBC";
1158 default: return "UNKNOWN-ENCRYPTION-ALG";
1162 case 1: return "MD5";
1163 case 2: return "SHA";
1164 case 3: return "TIGER";
1165 case 4: return "SHA2-256";
1166 case 5: return "SHA2-384";
1167 case 6: return "SHA2-512";
1168 default: return "UNKNOWN-HASH-ALG";
1172 case 1: return "PSK";
1173 case 2: return "DSS-SIG";
1174 case 3: return "RSA-SIG";
1175 case 4: return "RSA-ENC";
1176 case 5: return "RSA-Revised-ENC";
1177 case 64221: return "HybridInitRSA";
1178 case 64222: return "HybridRespRSA";
1179 case 64223: return "HybridInitDSS";
1180 case 64224: return "HybridRespDSS";
1181 case 65001: return "XAUTHInitPreShared";
1182 case 65002: return "XAUTHRespPreShared";
1183 case 65003: return "XAUTHInitDSS";
1184 case 65004: return "XAUTHRespDSS";
1185 case 65005: return "XAUTHInitRSA";
1186 case 65006: return "XAUTHRespRSA";
1187 case 65007: return "XAUTHInitRSAEncryption";
1188 case 65008: return "XAUTHRespRSAEncryption";
1189 case 65009: return "XAUTHInitRSARevisedEncryption";
1190 case 65010: return "XAUTHRespRSARevisedEncryption";
1191 default: return "UNKNOWN-AUTH-METHOD";
1200 return "Group-Value";
1203 case 1: return "MODP";
1204 case 2: return "ECP";
1205 case 3: return "EC2N";
1206 default: return "UNKNOWN-GROUPT-TYPE";
1210 case 1: return "Seconds";
1211 case 2: return "Kilobytes";
1212 default: return "UNKNOWN-SA-VALUE";
1215 return "Duration-Value";
1219 return "Key-Length";
1221 return "Field-Size";
1222 default: return "UNKNOWN-ATTRIBUTE-TYPE";
1228 attrtype2str(guint8 type) {
1230 case 0: return "Reserved";
1231 case 1: return "ISAKMP_CFG_REQUEST";
1232 case 2: return "ISAKMP_CFG_REPLY";
1233 case 3: return "ISAKMP_CFG_SET";
1234 case 4: return "ISAKMP_CFG_ACK";
1237 return "Future use";
1238 return "Private use";
1242 cfgattrident2str(guint16 ident) {
1243 #define NUM_ATTR_DEFINED 12
1244 static const char *msgs[NUM_PREDEFINED] = {
1246 "INTERNAL_IP4_ADDRESS",
1247 "INTERNAL_IP4_NETMASK",
1249 "INTERNAL_IP4_NBNS",
1250 "INTERNAL_ADDRESS_EXPIREY",
1251 "INTERNAL_IP4_DHCP",
1252 "APPLICATION_VERSION"
1253 "INTERNAL_IP6_ADDRESS",
1254 "INTERNAL_IP6_NETMASK",
1256 "INTERNAL_IP6_NBNS",
1257 "INTERNAL_IP6_DHCP",
1259 if(ident < NUM_ATTR_DEFINED)
1262 return "Future use";
1264 case 16520: return "XAUTH_TYPE";
1265 case 16521: return "XAUTH_USER_NAME";
1266 case 16522: return "XAUTH_USER_PASSWORD";
1267 case 16523: return "XAUTH_PASSCODE";
1268 case 16524: return "XAUTH_MESSAGE";
1269 case 16525: return "XAUTH_CHALLANGE";
1270 case 16526: return "XAUTH_DOMAIN";
1271 case 16527: return "XAUTH_STATUS";
1272 case 16528: return "XAUTH_NEXT_PIN";
1273 case 16529: return "XAUTH_ANSWER";
1274 default: return "Private use";
1279 certtype2str(guint8 type) {
1280 #define NUM_CERTTYPE 11
1281 static const char *msgs[NUM_CERTTYPE] = {
1283 "PKCS #7 wrapped X.509 certificate",
1286 "X.509 Certificate - Signature",
1287 "X.509 Certificate - Key Exchange",
1289 "Certificate Revocation List (CRL)",
1290 "Authority Revocation List (ARL)",
1292 "X.509 Certificate - Attribute",
1294 if(type > NUM_CERTTYPE)
1300 get_num(tvbuff_t *tvb, int offset, guint16 len, guint32 *num_p) {
1304 *num_p = tvb_get_guint8(tvb, offset);
1307 *num_p = tvb_get_ntohs(tvb, offset);
1310 *num_p = tvb_get_ntoh24(tvb, offset);
1313 *num_p = tvb_get_ntohl(tvb, offset);
1323 proto_register_isakmp(void)
1325 /* static hf_register_info hf[] = {
1327 { "Name", "isakmp.abbreviation", TYPE, VALS_POINTER }},
1329 static gint *ett[] = {
1332 &ett_isakmp_payload,
1335 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
1336 "ISAKMP", "isakmp");
1337 /* proto_register_field_array(proto_isakmp, hf, array_length(hf));*/
1338 proto_register_subtree_array(ett, array_length(ett));
1342 proto_reg_handoff_isakmp(void)
1344 dissector_handle_t isakmp_handle;
1347 * Get handle for the AH & ESP dissectors.
1349 esp_handle = find_dissector("esp");
1350 ah_handle = find_dissector("ah");
1352 isakmp_handle = create_dissector_handle(dissect_isakmp, proto_isakmp);
1353 dissector_add("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
1354 dissector_add("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);
git.samba.org / obnox / wireshark / wip.git / blob