diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
commit | 669db206cb1f270046ad400fff7655e20c63e723 (patch) | |
tree | 4eff24a2e16c8963e497e1fc575f35e6af59bd26 /epan/dissectors/packet-ipsec.c | |
parent | ae46c27a38700af669ef907491081f09df6f6b2c (diff) |
Move dissectors to epan/dissectors directory.
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Diffstat (limited to 'epan/dissectors/packet-ipsec.c')
-rw-r--r-- | epan/dissectors/packet-ipsec.c | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c new file mode 100644 index 0000000000..5ca0ed54dd --- /dev/null +++ b/epan/dissectors/packet-ipsec.c @@ -0,0 +1,359 @@ +/* packet-ipsec.c + * Routines for IPsec/IPComp packet disassembly + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> + +#include <string.h> +#include <glib.h> +#include <epan/packet.h> +#include "packet-ipsec.h" +#include <epan/resolv.h> +#include "ipproto.h" +#include "prefs.h" + +/* Place AH payload in sub tree */ +static gboolean g_ah_payload_in_subtree = FALSE; + +static int proto_ah = -1; +static int hf_ah_spi = -1; +static int hf_ah_sequence = -1; +static int proto_esp = -1; +static int hf_esp_spi = -1; +static int hf_esp_sequence = -1; +static int proto_ipcomp = -1; +static int hf_ipcomp_flags = -1; +static int hf_ipcomp_cpi = -1; + +static gint ett_ah = -1; +static gint ett_esp = -1; +static gint ett_ipcomp = -1; + +static dissector_handle_t data_handle; + +static dissector_table_t ip_dissector_table; + +struct newah { + guint8 ah_nxt; /* Next Header */ + guint8 ah_len; /* Length of data + 1, in 32bit */ + guint16 ah_reserve; /* Reserved for future use */ + guint32 ah_spi; /* Security parameter index */ + guint32 ah_seq; /* Sequence number field */ + /* variable size, 32bit bound*/ /* Authentication data */ +}; + +struct newesp { + guint32 esp_spi; /* ESP */ + guint32 esp_seq; /* Sequence number */ + /*variable size*/ /* (IV and) Payload data */ + /*variable size*/ /* padding */ + /*8bit*/ /* pad size */ + /*8bit*/ /* next header */ + /*8bit*/ /* next header */ + /*variable size, 32bit bound*/ /* Authentication data */ +}; + +struct ipcomp { + guint8 comp_nxt; /* Next Header */ + guint8 comp_flags; /* Must be zero */ + guint16 comp_cpi; /* Compression parameter index */ +}; + +/* well-known algorithm number (in CPI), from RFC2409 */ +#define IPCOMP_OUI 1 /* vendor specific */ +#define IPCOMP_DEFLATE 2 /* RFC2394 */ +#define IPCOMP_LZS 3 /* RFC2395 */ +#define IPCOMP_MAX 4 + +static const value_string cpi2val[] = { + { IPCOMP_OUI, "OUI" }, + { IPCOMP_DEFLATE, "DEFLATE" }, + { IPCOMP_LZS, "LZS" }, + { 0, NULL }, +}; + +#ifndef offsetof +#define offsetof(type, member) ((size_t)(&((type *)0)->member)) +#endif + +static void +dissect_ah(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *next_tree; + guint8 nxt; + tvbuff_t *next_tvb; + int advance; + + advance = dissect_ah_header(tvb, pinfo, tree, &nxt, &next_tree); + next_tvb = tvb_new_subset(tvb, advance, -1, -1); + + if (g_ah_payload_in_subtree) { + col_set_writable(pinfo->cinfo, FALSE); + } + + /* do lookup with the subdissector table */ + if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, next_tree)) { + call_dissector(data_handle,next_tvb, pinfo, next_tree); + } +} + +int +dissect_ah_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + guint8 *nxt_p, proto_tree **next_tree_p) +{ + proto_tree *ah_tree; + proto_item *ti; + struct newah ah; + int advance; + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "AH"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&ah, 0, sizeof(ah)); + advance = sizeof(ah) + ((ah.ah_len - 1) << 2); + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "AH (SPI=0x%08x)", + (guint32)g_ntohl(ah.ah_spi)); + } + + if (tree) { + /* !!! specify length */ + ti = proto_tree_add_item(tree, proto_ah, tvb, 0, advance, FALSE); + ah_tree = proto_item_add_subtree(ti, ett_ah); + + proto_tree_add_text(ah_tree, tvb, + offsetof(struct newah, ah_nxt), 1, + "Next Header: %s (0x%02x)", + ipprotostr(ah.ah_nxt), ah.ah_nxt); + proto_tree_add_text(ah_tree, tvb, + offsetof(struct newah, ah_len), 1, + "Length: %u", (ah.ah_len + 2) << 2); + proto_tree_add_uint(ah_tree, hf_ah_spi, tvb, + offsetof(struct newah, ah_spi), 4, + (guint32)g_ntohl(ah.ah_spi)); + proto_tree_add_uint(ah_tree, hf_ah_sequence, tvb, + offsetof(struct newah, ah_seq), 4, + (guint32)g_ntohl(ah.ah_seq)); + proto_tree_add_text(ah_tree, tvb, + sizeof(ah), (ah.ah_len - 1) << 2, + "ICV"); + + if (next_tree_p != NULL) { + /* Decide where to place next protocol decode */ + if (g_ah_payload_in_subtree) { + *next_tree_p = ah_tree; + } + else { + *next_tree_p = tree; + } + } + } else { + if (next_tree_p != NULL) + *next_tree_p = NULL; + } + + if (nxt_p != NULL) + *nxt_p = ah.ah_nxt; + + /* start of the new header (could be a extension header) */ + return advance; +} + +static void +dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *esp_tree; + proto_item *ti; + struct newesp esp; + + /* + * load the top pane info. This should be overwritten by + * the next protocol in the stack + */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ESP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&esp, 0, sizeof(esp)); + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "ESP (SPI=0x%08x)", + (guint32)g_ntohl(esp.esp_spi)); + } + + /* + * populate a tree in the second pane with the status of the link layer + * (ie none) + */ + if(tree) { + ti = proto_tree_add_item(tree, proto_esp, tvb, 0, -1, FALSE); + esp_tree = proto_item_add_subtree(ti, ett_esp); + proto_tree_add_uint(esp_tree, hf_esp_spi, tvb, + offsetof(struct newesp, esp_spi), 4, + (guint32)g_ntohl(esp.esp_spi)); + proto_tree_add_uint(esp_tree, hf_esp_sequence, tvb, + offsetof(struct newesp, esp_seq), 4, + (guint32)g_ntohl(esp.esp_seq)); + call_dissector(data_handle, + tvb_new_subset(tvb, sizeof(struct newesp), -1, -1), + pinfo, esp_tree); + } +} + +static void +dissect_ipcomp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *ipcomp_tree; + proto_item *ti; + struct ipcomp ipcomp; + char *p; + + /* + * load the top pane info. This should be overwritten by + * the next protocol in the stack + */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPComp"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&ipcomp, 0, sizeof(ipcomp)); + + if (check_col(pinfo->cinfo, COL_INFO)) { + p = match_strval(g_ntohs(ipcomp.comp_cpi), cpi2val); + if (p == NULL) { + col_add_fstr(pinfo->cinfo, COL_INFO, "IPComp (CPI=0x%04x)", + g_ntohs(ipcomp.comp_cpi)); + } else + col_add_fstr(pinfo->cinfo, COL_INFO, "IPComp (CPI=%s)", p); + } + + /* + * populate a tree in the second pane with the status of the link layer + * (ie none) + */ + if (tree) { + ti = proto_tree_add_item(tree, proto_ipcomp, tvb, 0, -1, FALSE); + ipcomp_tree = proto_item_add_subtree(ti, ett_ipcomp); + + proto_tree_add_text(ipcomp_tree, tvb, + offsetof(struct ipcomp, comp_nxt), 1, + "Next Header: %s (0x%02x)", + ipprotostr(ipcomp.comp_nxt), ipcomp.comp_nxt); + proto_tree_add_uint(ipcomp_tree, hf_ipcomp_flags, tvb, + offsetof(struct ipcomp, comp_flags), 1, + ipcomp.comp_flags); + proto_tree_add_uint(ipcomp_tree, hf_ipcomp_cpi, tvb, + offsetof(struct ipcomp, comp_cpi), 2, + g_ntohs(ipcomp.comp_cpi)); + call_dissector(data_handle, + tvb_new_subset(tvb, sizeof(struct ipcomp), -1, -1), pinfo, + ipcomp_tree); + } +} + +void +proto_register_ipsec(void) +{ + + static hf_register_info hf_ah[] = { + { &hf_ah_spi, + { "SPI", "ah.spi", FT_UINT32, BASE_HEX, NULL, 0x0, + "", HFILL }}, + { &hf_ah_sequence, + { "Sequence", "ah.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, + "", HFILL }} + }; + + static hf_register_info hf_esp[] = { + { &hf_esp_spi, + { "SPI", "esp.spi", FT_UINT32, BASE_HEX, NULL, 0x0, + "", HFILL }}, + { &hf_esp_sequence, + { "Sequence", "esp.sequence", FT_UINT32, BASE_DEC, NULL, 0x0, + "", HFILL }} + }; + + static hf_register_info hf_ipcomp[] = { + { &hf_ipcomp_flags, + { "Flags", "ipcomp.flags", FT_UINT8, BASE_HEX, NULL, 0x0, + "", HFILL }}, + { &hf_ipcomp_cpi, + { "CPI", "ipcomp.cpi", FT_UINT16, BASE_HEX, + VALS(cpi2val), 0x0, "", HFILL }}, + }; + static gint *ett[] = { + &ett_ah, + &ett_esp, + &ett_ipcomp, + }; + + module_t *ah_module; + + proto_ah = proto_register_protocol("Authentication Header", "AH", "ah"); + proto_register_field_array(proto_ah, hf_ah, array_length(hf_ah)); + + proto_esp = proto_register_protocol("Encapsulating Security Payload", + "ESP", "esp"); + proto_register_field_array(proto_esp, hf_esp, array_length(hf_esp)); + + proto_ipcomp = proto_register_protocol("IP Payload Compression", + "IPComp", "ipcomp"); + proto_register_field_array(proto_ipcomp, hf_ipcomp, array_length(hf_ipcomp)); + + proto_register_subtree_array(ett, array_length(ett)); + + /* Register a configuration option for placement of AH payload dissection */ + ah_module = prefs_register_protocol(proto_ah, NULL); + prefs_register_bool_preference(ah_module, "place_ah_payload_in_subtree", + "Place AH payload in subtree", +"Whether the AH payload decode should be placed in a subtree", + &g_ah_payload_in_subtree); + + register_dissector("esp", dissect_esp, proto_esp); + register_dissector("ah", dissect_ah, proto_ah); +} + +void +proto_reg_handoff_ipsec(void) +{ + dissector_handle_t esp_handle, ah_handle, ipcomp_handle; + + data_handle = find_dissector("data"); + ah_handle = find_dissector("ah"); + dissector_add("ip.proto", IP_PROTO_AH, ah_handle); + esp_handle = find_dissector("esp"); + dissector_add("ip.proto", IP_PROTO_ESP, esp_handle); + ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp); + dissector_add("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle); + + ip_dissector_table = find_dissector_table("ip.proto"); +} |