[Michał Kowalczuk <michal@xxxxxxxxxxxx>]

Hello,
what do you think about implementing new options for authentication and
authorisation (OPTION_AAAAUTH, OPTION_KEYGEN and new format of OPTION_AUTH)
from draft-ram-dhc-dhcpv6-aakey-01.txt in DHCPv6 dissector?

All values marked in draft as TBD are chosen by me. They will be compatible
with probably first implementation of these options (in Dibbler --
http://klub.com.pl/dhcpv6/). I'm working on it as my master thesis.

The patch is in attachment.

-- 
Michał Kowalczuk
http://kowalczuk.eu/

--- packet-dhcpv6.bak.c	2007-09-27 09:51:17.000000000 +0200
+++ packet-dhcpv6.c	2007-09-27 18:20:17.000000000 +0200
@@ -5,6 +5,7 @@
  * IItom Tsutomu MIENO <iitom@xxxxxxxxxx>
  * SHIRASAKI Yasuhiro <yasuhiro@xxxxxxxxxxx>
  * Tony Lindstrom <tony.lindstrom@xxxxxxxxxxxx>
+ * Michal Kowalczuk <michal@xxxxxxxxxxxx>
  *
  * $Id: packet-dhcpv6.c 21740 2007-05-10 10:56:36Z martinm $
  *
@@ -17,6 +18,7 @@
  * draft-ietf-dhc-dhcpv6-opt-timeconfig-03.txt
  * draft-ietf-dhc-dhcpv6-opt-fqdn-00.txt
  * draft-ietf-dhc-dhcpv6-opt-lifetime-00.txt
+ * draft-ram-dhc-dhcpv6-aakey-01.txt (as implemented in Dibbler)
  *
  * Note that protocol constants are still subject to change, based on IANA
  * assignment decisions.
@@ -121,6 +123,8 @@
 #define OPTION_MIP6_HA		165
 #define OPTION_MIP6_HOA		166
 #define OPTION_NAI		167
+#define OPTION_AAAAUTH		240
+#define OPTION_KEYGEN		241
 
 #define	DUID_LLT		1
 #define	DUID_EN			2
@@ -186,6 +190,8 @@
 	{ OPTION_MIP6_HA,	"Mobile IPv6 Home Agent" },
 	{ OPTION_MIP6_HOA,	"Mobile IPv6 Home Address" },
 	{ OPTION_NAI,		"Network Access Identifier" },
+	{ OPTION_AAAAUTH,	"Client-AAA Authentication" },
+	{ OPTION_KEYGEN,	"Key Generation" },
 	{ 0,	NULL }
 };
 
@@ -536,24 +542,21 @@
           } 
 	  break;
 	case OPTION_AUTH:
-	  if (optlen < 11) {
+	  if (optlen < 13) {
 	    proto_tree_add_text(subtree, tvb, off,
 				optlen, "AUTH: malformed option");
 	    break;
 	  }
 	  proto_tree_add_text(subtree, tvb, off, 1,
-			      "Protocol: %d",
-			      (guint32)tvb_get_guint8(tvb, off));
-	  proto_tree_add_text(subtree, tvb, off+1, 1,
-			      "Algorithm: %d",
-			      (guint32)tvb_get_guint8(tvb, off+1));
-	  proto_tree_add_text(subtree, tvb, off+2, 1,
 			      "RDM: %d",
-			      (guint32)tvb_get_guint8(tvb, off+2));
-	  proto_tree_add_text(subtree, tvb, off+3, 8,
-			      "Replay Detection");
-	  if (optlen != 11)
-		proto_tree_add_text(subtree, tvb, off+11, optlen-11,
+			      (guint8)tvb_get_guint8(tvb, off));
+	  proto_tree_add_text(subtree, tvb, off+1, 8,
+			      "Replay detection");
+	  proto_tree_add_text(subtree, tvb, off+9, 4,
+			      "client-server SPI: 0x%8.8x",
+			      (guint32)tvb_get_ntohl(tvb, off+9));
+	  if (optlen != 13)
+		proto_tree_add_text(subtree, tvb, off+13, optlen-13,
 							"Authentication Information");
 	  break;
 	case OPTION_UNICAST:
@@ -839,6 +842,39 @@
 		proto_tree_add_text(subtree, tvb, off, optlen,
 			"NAI : %s", tvb_get_ptr(tvb, off, optlen - 2));
 		break;
+	case OPTION_AAAAUTH:
+	  if (optlen < 5) {
+	    proto_tree_add_text(subtree, tvb, off,
+				optlen, "AAAAUTH: malformed option");
+	    break;
+	  }
+	  proto_tree_add_text(subtree, tvb, off, 4,
+			      "AAA SPI: 0x%8.8x",
+			      (guint32)tvb_get_ntohl(tvb, off));
+	  proto_tree_add_text(subtree, tvb, off+4, optlen-4,
+			      "authentication information");
+	  break;
+	case OPTION_KEYGEN:
+	  if (optlen < 30) {
+	    proto_tree_add_text(subtree, tvb, off,
+				optlen, "KEYGEN: malformed option");
+	    break;
+	  }
+	  proto_tree_add_text(subtree, tvb, off, 4,
+			      "client-server SPI: 0x%8.8x",
+			      (guint32)tvb_get_ntohl(tvb, off));
+	  proto_tree_add_text(subtree, tvb, off+4, 4,
+			      "Lifetime: %ld",
+			      (guint32)tvb_get_ntohl(tvb, off+4));
+	  proto_tree_add_text(subtree, tvb, off+8, 4,
+			      "AAA SPI: 0x%8.8x",
+			      (guint32)tvb_get_ntohl(tvb, off+8));
+	  proto_tree_add_text(subtree, tvb, off+12, 2,
+			      "Algorithm Identifier: %hd",
+			      (guint16)tvb_get_ntohs(tvb, off+12));
+	  proto_tree_add_text(subtree, tvb, off+14, optlen-14,
+			      "Key Generation Nonce");
+	  break;
 	}
 
 	return 4 + optlen;