Wireshark · Ethereal-dev: [Ethereal-dev] Patch to packet-isakmp.c

Ethereal-dev: [Ethereal-dev] Patch to packet-isakmp.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>

Date: Mon, 20 Sep 2004 18:55:53 +0300

Please find attached patch ('svn diff' output) to packet-isakmp.c,containing:1. Fix dissection of Check Point vendor ID version field. The length waswrong.2. Added dissection of payloads 130 and 131, which were used in earlyNAT-T drafts (and are still used by MS and others). They are equal topayloads 15 & 16, (NAT-D, NAT-OA), respectively.3. Added ASN.1 decoding of Certificate requests of type X.509Certificate - Signature (4)

4. Added ASN.1 decoding of ID of type ID_DER_ASN1_DN (9)

Regards,
Y.

Index: packet-isakmp.c
===================================================================
--- packet-isakmp.c	(revision 12053)
+++ packet-isakmp.c	(working copy)
@@ -41,6 +41,7 @@
 #include <epan/packet.h>
 #include <epan/ipv6-utils.h>
 #include "ipproto.h"
+#include <epan/dissectors/packet-x509if.h>
 
 #define isakmp_min(a, b)  ((a<b) ? a : b)
 
@@ -257,8 +258,6 @@
 #define LOAD_TYPE_PROPOSAL	2	/* payload type for Proposal */
 #define	LOAD_TYPE_TRANSFORM	3	/* payload type for Transform */
 #define NUM_LOAD_TYPES		17
-#define loadtype2str(t)	\
-  ((t < NUM_LOAD_TYPES) ? strfuncs[t].str : "Unknown payload type")
 
 static struct strfunc {
   const char *	str;
@@ -395,13 +394,15 @@
 /* 
 *  Seen in Netscreen. Suppose to be ASCII HeartBeat_Notify - but I don't know the rest yet. I suspect it then proceeds with
 *  8k10, which means every 8K (?), and version 1.0 of the protocol (?). I won't add it to the code, until I know what it really
-*  means. ykaul-at-netvision.net.il
+*  means. ykaul-at-bezeqint.net
 */
 static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79}; 
 
+static int hf_ike_certificate_authority = -1;
+
 static void
 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, guint8 initial_payload,
-		 int offset, int length)
+		 int offset, int length, packet_info *pinfo)
 {
   guint8 payload, next_payload;
   guint16		payload_length;
@@ -424,12 +425,16 @@
       break;
     if (payload_length >= 4) {	/* XXX = > 4? */
       if (payload < NUM_LOAD_TYPES && strfuncs[payload].func != NULL) {
-        (*strfuncs[payload].func)(tvb, offset + 4, payload_length - 4, ntree,
-				  -1);
+        (*strfuncs[payload].func)(tvb, offset + 4, payload_length - 4, ntree, (int)pinfo);
       }
       else {
-        proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4,
-            "Payload");
+	if (payload == 130)
+		dissect_nat_discovery(tvb, offset + 4, payload_length - 4, ntree, -1);
+	else
+	if (payload == 131)
+		dissect_nat_original_address(tvb, offset + 4, payload_length - 4, ntree, -1);
+	else
+        	proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4, "Payload");
       }
     }
     else {
@@ -540,7 +545,7 @@
 			len, plurality(len, "", "s"));
       }
     } else
-      dissect_payloads(tvb, isakmp_tree, hdr.next_payload, offset, len);
+      dissect_payloads(tvb, isakmp_tree, hdr.next_payload, offset, len, pinfo);
   }
 }
 
@@ -562,7 +567,7 @@
   payload_length = tvb_get_ntohs(tvb, offset + 2);
 
   ti = proto_tree_add_text(tree, tvb, offset, payload_length,
-            "%s payload", loadtype2str(payload));
+            "%s payload", payloadtype2str(payload));
   ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
 
   proto_tree_add_text(ntree, tvb, offset, 1,
@@ -576,8 +581,8 @@
 }
 
 static void
-dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
-    int unused _U_)
+dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree, 
+   int unused _U_)
 {
   guint32		doi;
   guint32		situation;
@@ -610,7 +615,7 @@
     offset += 4;
     length -= 4;
 
-    dissect_payloads(tvb, tree, LOAD_TYPE_PROPOSAL, offset, length);
+    dissect_payloads(tvb, tree, LOAD_TYPE_PROPOSAL, offset, length, (packet_info *)unused);
   } else {
     /* Unknown */
     proto_tree_add_text(tree, tvb, offset, length,
@@ -788,6 +793,7 @@
   guint8		id_type;
   guint8		protocol_id;
   guint16		port;
+	packet_info *pinfo = (packet_info *)unused;
 
   id_type = tvb_get_guint8(tvb, offset);
   proto_tree_add_text(tree, tvb, offset, 1,
@@ -833,6 +839,9 @@
 			  ip_to_str(tvb_get_ptr(tvb, offset, 4)),
 			  ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
       break;
+	case 9:
+		dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree, hf_ike_certificate_authority);
+		break;
     default:
       proto_tree_add_text(tree, tvb, offset, length, "Identification Data");
       break;
@@ -860,7 +869,7 @@
     int unused _U_)
 {
   guint8		cert_type;
-
+	packet_info *pinfo = (packet_info *)unused;
   cert_type = tvb_get_guint8(tvb, offset);
   proto_tree_add_text(tree, tvb, offset, 1,
 		      "Certificate type: %u - %s",
@@ -868,7 +877,14 @@
   offset += 1;
   length -= 1;
 
-  proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
+  if (length) {
+	if (cert_type == 4)
+		dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree, hf_ike_certificate_authority);
+	else
+		proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
+  }
+  else
+    proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority (empty)");
 }
 
 static void
@@ -1016,7 +1032,7 @@
 	}
 	offset += sizeof(CPproduct);
 	CPversion = tvb_get_ntohl(tvb, offset);
-	pt = proto_tree_add_text(ntree, tvb, offset, length, "Version: ");
+	pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPversion), "Version: ");
 	switch (CPversion) {
 		case 2: proto_item_append_text(pt, "4.1");
 			break;
@@ -1039,6 +1055,8 @@
 		default: proto_item_append_text(pt, " Unknown CP version!");
 			break;
 	}
+	offset += sizeof(CPversion);
+	proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters"); 
   }
   else
   if (memcmp(pVID, VID_CYBERGUARD, isakmp_min(VID_LEN, length)) == 0)
@@ -1312,6 +1330,10 @@
     return strfuncs[type].str;
   if (type < 128)
     return "RESERVED";
+  if (type == 130)
+	return "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 04)";
+  if (type == 131)
+	return "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 04)";
   return "Private USE";
 }
 
@@ -1691,10 +1713,11 @@
 void
 proto_register_isakmp(void)
 {
-/*  static hf_register_info hf[] = {
-    { &variable,
-    { "Name",           "isakmp.abbreviation", TYPE, VALS_POINTER }},
-  };*/
+	static hf_register_info hf[] = {
+		{ &hf_ike_certificate_authority,
+		{ "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, "Certificate Authority Distinguished Name", HFILL }
+		},
+	};
   static gint *ett[] = {
     &ett_isakmp,
     &ett_isakmp_flags,
@@ -1703,7 +1726,7 @@
 
   proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
 					       "ISAKMP", "isakmp");
-/*  proto_register_field_array(proto_isakmp, hf, array_length(hf));*/
+	proto_register_field_array(proto_isakmp, hf, array_length(hf));
   proto_register_subtree_array(ett, array_length(ett));
 
   register_dissector("isakmp", dissect_isakmp, proto_isakmp);

Follow-Ups:
- Re: [Ethereal-dev] Patch to packet-isakmp.c
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Core dump at start up - Ethereal 0.10.6
Next by Date: Re: [Ethereal-dev] proto.c:1917 Assertion failure
Previous by thread: Re: [Ethereal-dev] TALI length fix in "get_tali_pdu_len" function
Next by thread: Re: [Ethereal-dev] Patch to packet-isakmp.c
Index(es):
- Date
- Thread