Wireshark-users: Re: [Wireshark-users] Error with wireshark-0.99.5
From: j.snelders@xxxxxxxxxx
Date: Sun, 29 Jun 2008 13:26:17 +0200
> Lina wrote: > Date: Tue, 24 Jun 2008 11:45:49 +0200 > I try to install wireshark-0.99.5, following those instructions: > http://hipserver.mct.phantomworks.org/wireshark.html > (Paragraph patch instructions). In fact, I want to use the wireshark > supporting HIP packets. > make gives me the following errors: > gcc: getopt.o: No such file or directory > gcc: strerror.o: No such file or directory > gcc: strcasecmp.o: No such file or directory > gcc: strncasecmp.o: No such file or directory > gcc: mkstemp.o: No such file or directory > gcc: strptime.o: No such file or directory > make[2]: *** [wireshark] Error 1 > > I tried many things, aclocal,autoconf, make clean but still the same error with make and make install. Hi Lina I downloaded wireshark-0.99.5.tar.bz2 (ftp://ftp.uni-kl.de/pub/wireshark/src/all-versions) and wireshark-0.99.5-hip-base05.patch (http://hipserver.mct.phantomworks.org/wireshark.html). I modified this patch by replacing "ethereal-0.99.0" by "wireshark-0.99.5" (see the attachment). I have patched wireshark-0.99.5 and build Wireshark on PCLinuxOS2008. It seems to work fine, but I don't have a capture file to test it. Do you have a sample HIP capture file? Grtz Joan
# # HIP protocol patch for wireshark-0.99.5 # 3/06 draft-ietf-hip-base-05 # draft-ietf-hip-esp-02 # draft-ietf-hip-mm-03 # draft-ietf-hip-registration-01 # draft-ietf-hip-rvs-04 # # Authors: <thomas.r.henderson@xxxxxxxxxx> # <jeffrey.m.ahrenholz@xxxxxxxxxx> # *** wireshark-0.99.5/epan/dissectors/Makefile.in 2006-04-24 09:21:23.000000000 -0700 --- wireshark-0.99.5-hip/epan/dissectors/Makefile.in 2006-05-01 09:11:13.000000000 -0700 *************** *** 209,213 **** packet-h248_annex_e.lo packet-h248_q1950.lo packet-h261.lo \ packet-h263.lo packet-h450.lo packet-hci_h4.lo \ ! packet-hclnfsd.lo packet-homeplug.lo packet-hpext.lo \ packet-hpsw.lo packet-hsrp.lo packet-http.lo \ packet-hyperscsi.lo packet-iapp.lo packet-iax2.lo packet-ib.lo \ --- 209,213 ---- packet-h248_annex_e.lo packet-h248_q1950.lo packet-h261.lo \ packet-h263.lo packet-h450.lo packet-hci_h4.lo \ ! packet-hclnfsd.lo packet-homeplug.lo packet-hip.lo packet-hpext.lo \ packet-hpsw.lo packet-hsrp.lo packet-http.lo \ packet-hyperscsi.lo packet-iapp.lo packet-iax2.lo packet-ib.lo \ *************** *** 859,862 **** --- 859,863 ---- packet-h450.c \ packet-hclnfsd.c \ + packet-hip.c \ packet-hpext.c \ packet-hpsw.c \ *************** *** 1849,1852 **** --- 1850,1854 ---- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet-h450.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet-hclnfsd.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet-hip.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet-hpext.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet-hpsw.Plo@am__quote@ *** wireshark-0.99.5/epan/dissectors/Makefile.common 2006-04-17 07:46:42.000000000 -0700 --- wireshark-0.99.5-hip/epan/dissectors/Makefile.common 2006-05-01 09:10:00.000000000 -0700 *************** *** 328,331 **** --- 328,332 ---- packet-h450.c \ packet-hclnfsd.c \ + packet-hip.c \ packet-hpext.c \ packet-hpsw.c \ *** wireshark-0.99.5/epan/dissectors/register.c 2006-04-21 14:57:37.000000000 -0700 --- wireshark-0.99.5-hip/epan/dissectors/register.c 2006-05-01 09:10:00.000000000 -0700 *************** *** 247,250 **** --- 247,251 ---- {extern void proto_register_h450 (void); proto_register_h450 ();} {extern void proto_register_hclnfsd (void); proto_register_hclnfsd ();} + {extern void proto_register_hip (void); proto_register_hip ();} {extern void proto_register_hpext (void); proto_register_hpext ();} {extern void proto_register_hpsw (void); proto_register_hpsw ();} *************** *** 869,872 **** --- 870,874 ---- {extern void proto_reg_handoff_h4501 (void); proto_reg_handoff_h4501 ();} {extern void proto_reg_handoff_hclnfsd (void); proto_reg_handoff_hclnfsd ();} + {extern void proto_reg_handoff_hip (void); proto_reg_handoff_hip ();} {extern void proto_reg_handoff_hpext (void); proto_reg_handoff_hpext ();} {extern void proto_reg_handoff_hpsw (void); proto_reg_handoff_hpsw ();} *** wireshark-0.99.5/epan/ipproto.h 2006-04-17 07:46:53.000000000 -0700 --- wireshark-0.99.5-hip/epan/ipproto.h 2006-05-01 09:10:00.000000000 -0700 *************** *** 185,188 **** --- 185,189 ---- #define IP_PROTO_AX4000 173 /* AX/4000 Testblock - non IANA */ #define IP_PROTO_NCS_HEARTBEAT 224 /* Novell NCS Heartbeat - http://support.novell.com/cgi-bin/search/searchtid.cgi?/10071158.htm */ + #define IP_PROTO_HIP 253 /* Host Identity Protocol */ extern const char *ipprotostr(int proto); *** wireshark-0.99.5/epan/prefs.c 2006-04-17 07:46:53.000000000 -0700 --- wireshark-0.99.5-hip/epan/prefs.c 2006-05-01 09:10:00.000000000 -0700 *************** *** 1993,1996 **** --- 1993,2000 ---- if (strcmp(dotp, "udp_summary_in_tree") == 0) pref = find_preference(module, "summary_in_tree"); + } else if (strcmp(module->name, "hip") == 0) { + /* Handle old names for HIP preferences. */ + if (strcmp(dotp, "hip_summary_in_tree") == 0) + pref = find_preference(module, "summary_in_tree"); } else if (strcmp(module->name, "ndps") == 0) { /* Handle old names for NDPS preferences. */ *** wireshark-0.99.5/epan/dissectors/packet-hip.c 1969-12-31 16:00:00.000000000 -0800 --- wireshark-0.99.5-hip/epan/dissectors/packet-hip.c 2006-05-01 09:10:00.000000000 -0700 *************** *** 0 **** --- 1,1235 ---- + /* packet-hip.c + * Routines for HIP packet disassembly + * + * 03/2006 draft-ietf-hip-base-05, -esp-02, -mm-03, -registration-01, -rvs-04 + * 07/2005 draft-ietf-hip-base-03, -esp-00, and -mm-02 + * 03/2005 draft-ietf-hip-base-01 + * 11/2004 RSA and draft-ietf-hip-mm-00 + * 09/2004 draft-nikander-hip-mm-02 + * 07/2004 draft-ietf-hip-base-00 + * 02/2004 + * 03/2003 + * + * Jeff Ahrenholz <jeffrey.m.ahrenholz@xxxxxxxxxx> + * Thomas Henderson <thomas.r.henderson@xxxxxxxxxx> + * + * Packet dissector for Host Identity Protocol (HIP) packets. + * This tool displays the TLV structure, verifies checksums, + * and shows NULL encrypted parameters, but will not verify + * signatures or decode encrypted parameters. + * + * $Id: wireshark-0.99.5-hip-base05.patch,v 1.1 2006/05/16 21:37:14 tom_henderson Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@xxxxxxxxxxxx> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + #ifdef HAVE_CONFIG_H + # include "config.h" + #endif + + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + + #include <glib.h> + #include <epan/packet.h> + #include <epan/addr_resolv.h> + #include "ipproto.h" + #include "in_cksum.h" + #include "prefs.h" + + + #include "packet-ip.h" + #include <epan/conversation.h> + + static int proto_hip = -1; + static int hf_hip_proto = -1; + static int hf_hip_hdr_len = -1; + static int hf_hip_packet_type = -1; + static int hf_hip_version = -1; + static int hf_hip_res = -1; + static int hf_hip_controls = -1; + static int hf_hip_controls_cert = -1; + static int hf_hip_controls_anon = -1; + static int hf_hip_checksum = -1; + static int hf_hip_hit_sndr = -1; + static int hf_hip_hit_rcvr = -1; + + static int hf_hip_type = -1; + static int hf_hip_tlv_ei_res = -1; + static int hf_hip_tlv_ei_keyidx = -1; + static int hf_hip_tlv_ei_oldspi = -1; + static int hf_hip_tlv_ei_newspi = -1; + static int hf_hip_tlv_r1_res = -1; + static int hf_hip_tlv_r1count = -1; + static int hf_hip_tlv_puzzle_k = -1; + static int hf_hip_tlv_puzzle_life = -1; + static int hf_hip_tlv_puzzle_o = -1; + static int hf_hip_tlv_puzzle_i = -1; + static int hf_hip_tlv_puzzle_j = -1; + static int hf_hip_tlv_seq_updid = -1; + static int hf_hip_tlv_ack_updid = -1; + static int hf_hip_tlv_dh_group_id = -1; + static int hf_hip_tlv_dh_pub = -1; + static int hf_hip_tlv_trans_id = -1; + static int hf_hip_tlv_esp_reserved = -1; + static int hf_hip_tlv_host_id_len = -1; + static int hf_hip_tlv_host_di_type = -1; + static int hf_hip_tlv_host_di_len = -1; + static int hf_hip_tlv_host_id_hdr = -1; + static int hf_hip_tlv_host_id_hdr_flags = -1; + static int hf_hip_tlv_host_id_hdr_proto = -1; + static int hf_hip_tlv_host_id_hdr_alg = -1; + static int hf_hip_tlv_host_id_t = -1; + static int hf_hip_tlv_host_id_q = -1; + static int hf_hip_tlv_host_id_p = -1; + static int hf_hip_tlv_host_id_g = -1; + static int hf_hip_tlv_host_id_y = -1; + static int hf_hip_tlv_host_id_e_len = -1; + static int hf_hip_tlv_host_id_e = -1; + static int hf_hip_tlv_host_id_n = -1; + static int hf_hip_tlv_cert_count = -1; + static int hf_hip_tlv_cert_id = -1; + static int hf_hip_tlv_cert_type = -1; + static int hf_hip_tlv_certificate = -1; + static int hf_hip_tlv_notify_res = -1; + static int hf_hip_tlv_notify_type = -1; + static int hf_hip_tlv_notify_data = -1; + static int hf_hip_tlv_opaque_data = -1; + static int hf_hip_tlv_reg_ltmin = -1; + static int hf_hip_tlv_reg_ltmax = -1; + static int hf_hip_tlv_reg_lt = -1; + static int hf_hip_tlv_reg_type = -1; + static int hf_hip_tlv_reg_failtype = -1; + static int hf_hip_tlv_hmac = -1; + static int hf_hip_tlv_sig_alg = -1; + static int hf_hip_tlv_sig = -1; + static int hf_hip_tlv_id = -1; + static int hf_hip_tlv_enc_reserved = -1; + static int hf_hip_tlv_enc_iv = -1; + static int hf_hip_tlv_locator_traffic_type = -1; + static int hf_hip_tlv_locator_type = -1; + static int hf_hip_tlv_locator_len = -1; + static int hf_hip_tlv_locator_reserved = -1; + static int hf_hip_tlv_locator_lifetime = -1; + static int hip_transform = 0; + + static gint ett_hip = -1; + static gint ett_hip_controls = -1; + static gint ett_hip_tlv = -1; + static gint ett_hip_tlv_data = -1; + static gint ett_hip_tlv_host_id_hdr = -1; + + /* Place HIP summary in protocol tree */ + static gboolean hip_summary_in_tree = TRUE; + + /* This minimal structure used to get at the Type field*/ + struct newhip { + guint16 nextpluslen; /* Next header, plus length */ + guint8 hiptype; /* Type (what we are after) */ + guint8 hipreserved; /* Reserved (what we are after) */ + /*variable size*/ /* (IV and) Payload data */ + }; + + /* 128-bit Host Identity Tag */ + #define HIT_BITSIZE 128 + typedef unsigned char hip_hit [HIT_BITSIZE/8]; + + #define HI_ALG_DSA 3 + #define HI_ALG_RSA 5 + + /* HIP packet types */ + typedef enum { + HIP_I1=1, + HIP_R1, + HIP_I2, + HIP_R2, + CER, /* 5 - removed from draft-ietf-hip-base-03 */ + BOS=11, /* 11 - removed from draft-ietf-hip-base-01 */ + UPDATE=16, /* 16 */ + NOTIFY=17, /* 17 */ + CLOSE=18, /* 18 */ + CLOSE_ACK=19, /* 19 */ + } HIP_PACKETS; + + /* HIP TLV parameters */ + /* 03/2006 draft-ietf-hip-base-05, -esp-02, -mm-03, -registration-01, -rvs-04 */ + #define PARAM_ESP_INFO 65 + #define PARAM_R1_COUNTER 128 + #define PARAM_LOCATOR 193 + #define PARAM_PUZZLE 257 + #define PARAM_SOLUTION 321 + #define PARAM_SEQ 385 + #define PARAM_ACK 449 + #define PARAM_DIFFIE_HELLMAN 513 + #define PARAM_HIP_TRANSFORM 577 + #define PARAM_ENCRYPTED 641 + #define PARAM_HOST_ID 705 + #define PARAM_CERT 768 + #define PARAM_NOTIFY 832 + #define PARAM_ECHO_REQUEST 897 + #define PARAM_REG_INFO 930 + #define PARAM_REG_REQUEST 932 + #define PARAM_REG_RESPONSE 934 + #define PARAM_REG_FAILED 936 + #define PARAM_ECHO_RESPONSE 961 + #define PARAM_ESP_TRANSFORM 4095 + #define PARAM_TRANSFORM_LOW 2048 /* defines range for transforms */ + #define PARAM_TRANSFORM_HIGH 4095 + #define PARAM_HMAC 61505 + #define PARAM_HMAC_2 61569 + #define PARAM_HIP_SIGNATURE_2 61633 + #define PARAM_HIP_SIGNATURE 61697 + #define PARAM_ECHO_REQUEST_NOSIG 63661 + #define PARAM_ECHO_RESPONSE_NOSIG 63425 + #define PARAM_FROM 65498 + #define PARAM_RVS_HMAC 65500 + #define PARAM_VIA_RVS 65502 + #define PARAM_CRITICAL_BIT 0x0001 + + #define HIP_CONTROL_C_MASK 0x0002 + #define HIP_CONTROL_A_MASK 0x0001 + + #define HI_HDR_FLAGS_MASK 0xFFFF0000 + #define HI_HDR_PROTO_MASK 0x0000FF00 + #define HI_HDR_ALG_MASK 0x000000FF + + const value_string hi_hdr_flags_vals[] = { + { 0x0200, "key is associated with a user" }, + { 0x0201, "zone key" }, + { 0x0202, "key is associated with non-zone entity" }, + { 0x0, "Other" }, + }; + + const value_string hi_hdr_proto_vals[] = { + { 0x01, "key is used for TLS" }, + { 0x02, "key is used for email" }, + { 0x03, "key is used for DNS security" }, + { 0x04, "key is used for Oakley/IPSEC" }, + { 0xFF, "key is valid for any protocol" }, + { 0x0, NULL }, + }; + + const value_string hi_hdr_alg_vals[] = { + { 0x00, "reserved" }, + { 0x01, "RSA/MD5" }, + { 0x02, "Diffie-Hellman" }, + { 0x03, "DSA" }, + { 0x04, "elliptic curve crypto" }, + { 0x05, "RSA" }, + { 0xFF, "reserved" }, + }; + + const value_string notify_vals[] = { + { 1, "Unsupported critical parameter type" }, + { 7, "Invalid syntax" }, + { 14, "No Diffie-Hellman proposal chosen" }, + { 15, "Invalid Diffie-Hellman chosen" }, + { 16, "No HIP proposal chosen" }, + { 17, "Invalid HIP transform chosen" }, + { 18, "No ESP proposal chosen" }, + { 19, "Invalid ESP transform chosen" }, + { 24, "Authentication failed" }, + { 26, "Checksum failed" }, + { 28, "HMAC failed" }, + { 32, "Encryption failed" }, + { 40, "Invalid HIT" }, + { 42, "Blocked by policy" }, + { 44, "Server busy please retry" }, + { 46, "I2 acknowledgement" }, + { 0x0, NULL }, + }; + + typedef struct _hiphdr { + guint8 proto; /* payload protocol */ + guint8 hdr_len; /* header length */ + guint8 packet_type; /* packet type */ + guint8 res:4,version:4; /* version, reserved */ + guint16 checksum; /* checksum */ + guint16 control; /* control */ + hip_hit hit_sndr; /* Sender's Host Identity Tag */ + hip_hit hit_rcvr; /* Receiver's Host Identity Tag*/ + /* HIP parameters ... */ + } hiphdr; + + typedef struct _tlv_head + { + guint16 type; + guint16 length; + } tlv_head; + + + /* functions */ + char * hip_param(int n); + char *dh_group_id_label(int groupid); + char *transform_id_label(int transform); + char *sig_alg_label(int alg); + int dissect_hip_tlv(tvbuff_t *tvb, int offset, proto_item *ti, int type, int tlv_len); + + static dissector_handle_t data_handle; + + /**** end defs from hip.h ****/ + + /* + * Dissect the HIP packet + */ + static void + dissect_hip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + { + proto_tree *hip_tree, *hip_tlv_tree=NULL; + proto_item *ti, *ti_tlv; + hiphdr hiph; + tlv_head tlv; + int length, offset = 0; + guint16 control_h, checksum_h, computed_checksum; + guint16 tlv_type_h, tlv_length_h; /* For storing in host order */ + vec_t cksum_vec[4]; + guint32 phdr[2]; + + /* + * load the top pane info. This should be overwritten by + * the next protocol in the stack + */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "HIP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + /* Convert control and checksum to host order */ + + tvb_memcpy(tvb, (guint8 *)&hiph, 0, sizeof(hiphdr)); + control_h = g_ntohs(hiph.control); + checksum_h = g_ntohs(hiph.checksum); + + if (check_col(pinfo->cinfo, COL_INFO)) { + switch (hiph.packet_type) { + case HIP_I1: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP I1 (HIP Initiator Packet)"); + break; + case HIP_R1: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP R1 (HIP Responder Packet)"); + break; + case HIP_I2: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP I2 (Second HIP Initiator Packet)"); + break; + case HIP_R2: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP R2 (Second HIP Responder Packet)"); + break; + case UPDATE: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP UPDATE (HIP Update Packet)"); + break; + case CER: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP CER (HIP Certificate Packet)"); + break; + case BOS: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP BOS (HIP Bootstrap Packet)"); + break; + case NOTIFY: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP NOTIFY (HIP Notification Packet)"); + break; + case CLOSE: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP CLOSE (HIP Close Packet)"); + break; + case CLOSE_ACK: + col_add_fstr(pinfo->cinfo, COL_INFO, + "HIP CLOSE_ACK (HIP Close Acknowledgement Packet)"); + break; + default: + col_add_fstr(pinfo->cinfo, COL_INFO, "HIP Unknown type"); + break; + } + } + + /* + * populate a tree in the second pane with the status of the link layer + * (ie none) + */ + if(tree) { + if (hip_summary_in_tree) { + ti = proto_tree_add_protocol_format(tree, proto_hip, tvb, 0, -1, "Host Identity Protocol"); + } else { + ti = proto_tree_add_item(tree, proto_hip, tvb, 0, -1, FALSE); + } + + hip_tree = proto_item_add_subtree(ti, ett_hip); + proto_tree_add_uint(hip_tree, hf_hip_proto, tvb, offset, 1, hiph.proto); + proto_tree_add_uint(hip_tree, hf_hip_hdr_len, tvb, offset+1, 1, hiph.hdr_len); + proto_tree_add_uint(hip_tree, hf_hip_packet_type, tvb, offset+2, 1, hiph.packet_type); + proto_tree_add_uint_format(hip_tree, hf_hip_version, tvb, offset+3, 1, hiph.version, + "Version: %u, Reserved: %u", hiph.version, hiph.res); + ti = proto_tree_add_uint(hip_tree, hf_hip_controls, tvb, offset+4, 2, control_h); + if (ti) { /* HIP Controls subtree*/ + ti = proto_item_add_subtree(ti, ett_hip_controls); + proto_tree_add_boolean(ti, hf_hip_controls_cert, tvb, offset+5,1, control_h); + proto_tree_add_boolean(ti, hf_hip_controls_anon, tvb, offset+5,1, control_h); + } + + + /* Checksum - this is the same algorithm from UDP, ICMPv6 */ + if (!pinfo->fragmented) { + /* IPv4 or IPv6 addresses */ + cksum_vec[0].ptr = pinfo->src.data; + cksum_vec[0].len = pinfo->src.len; + cksum_vec[1].ptr = pinfo->dst.data; + cksum_vec[1].len = pinfo->dst.len; + /* the rest of the pseudo-header */ + if (pinfo->src.type == AT_IPv6) { + cksum_vec[2].ptr = (const guint8 *)&phdr; + phdr[0] = g_htonl(tvb_reported_length(tvb)); + phdr[1] = g_htonl(IP_PROTO_HIP); + cksum_vec[2].len = 8; + } else { + cksum_vec[2].ptr = (const guint8 *)&phdr; + phdr[0] = g_htonl((IP_PROTO_HIP<<16)+tvb_reported_length(tvb)); + cksum_vec[2].len = 4; + } + /* pointer to the HIP header (packet data) */ + cksum_vec[3].len = tvb_reported_length(tvb); + cksum_vec[3].ptr = tvb_get_ptr(tvb, 0, cksum_vec[3].len); + computed_checksum = in_cksum(cksum_vec, 4); + if (computed_checksum == 0) { + proto_tree_add_uint_format(hip_tree, hf_hip_checksum, tvb, + offset+6, 2, checksum_h, "Checksum: 0x%04x (correct)", + checksum_h); + } else { + proto_tree_add_uint_format(hip_tree, hf_hip_checksum, tvb, + offset+6, 2, checksum_h, + "Checksum: 0x%04x (incorrect, should be 0x%04x)", + checksum_h, + in_cksum_shouldbe(checksum_h, computed_checksum)); + } + } else { + proto_tree_add_uint_format(hip_tree, hf_hip_checksum, tvb, + offset+6, 2, checksum_h,"Checksum: 0x%04x (unverified)", + checksum_h); + } + offset += 8; + proto_tree_add_bytes(hip_tree, hf_hip_hit_sndr, tvb, offset, sizeof(hip_hit), hiph.hit_sndr); + offset += sizeof(hip_hit); + proto_tree_add_bytes(hip_tree, hf_hip_hit_rcvr, tvb, offset, sizeof(hip_hit), hiph.hit_rcvr); + offset += sizeof(hip_hit); + + length = (hiph.hdr_len+1)*8; + /* Begin TLV parsing */ + if (offset < length) { + ti_tlv = proto_tree_add_text(hip_tree, tvb, offset, tvb_length(tvb), "HIP Parameters"); + hip_tlv_tree = proto_item_add_subtree(ti_tlv, ett_hip_tlv); + } + /* Parse type and length in TLV */ + while (offset < length) + { + tvb_memcpy(tvb, (guint8 *)&tlv, offset, sizeof(tlv_head)); + tlv_type_h = g_ntohs(tlv.type); + tlv_length_h = g_ntohs(tlv.length); + ti_tlv = proto_tree_add_uint_format(hip_tlv_tree, hf_hip_type, tvb, + offset, 4+tlv_length_h, tlv.type, "%s (type=%u, length=%u)", + hip_param(tlv_type_h), tlv_type_h, tlv_length_h); + + /* Parse value */ + dissect_hip_tlv(tvb, offset, ti_tlv, tlv_type_h, tlv_length_h); + + offset += 11 + tlv_length_h - (tlv_length_h + 3) % 8; + } + + } + } + + void + proto_register_hip(void) + { + /* Most of this stuff is unused */ + module_t *hip_module; + static hf_register_info hf[] = { + { &hf_hip_proto, + { "Payload Protocol", "hip.proto", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_hdr_len, + { "Header Length", "hip.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_packet_type, + { "Packet Type", "hip.packet_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_version, + { "Version", "hip.version", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_res, + { "Reserved", "hip.res", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_controls, + { "HIP Controls", "hip.controls", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_controls_cert, + { "Certificate (One or more CER packets follows)", "hip.controls.c", FT_BOOLEAN, 16, NULL, HIP_CONTROL_C_MASK, "", HFILL }}, + + { &hf_hip_controls_anon, + { "Anonymous (Sender's HI is anonymous)", "hip.controls.a", FT_BOOLEAN, 16, NULL, HIP_CONTROL_A_MASK, "", HFILL }}, + + { &hf_hip_checksum, + { "Checksum", "hip.checksum", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_hit_sndr, + { "Sender's HIT", "hip.hit_sndr", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_hit_rcvr, + { "Receiver's HIT", "hip.hit_rcvr", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_type, + { "Type", "hip.type", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_r1_res, + { "Reserved", "hip.tlv.r1_res", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_r1count, + { "R1 Counter", "hip.tlv.r1count", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_puzzle_k, + { "Puzzle Difficulty K","hip.tlv_puzzle_k", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_puzzle_life, + { "Puzzle Lifetime","hip.tlv_puzzle_life", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_puzzle_o, + { "Opaque Data","hip.tlv_puzzle_o", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_puzzle_i, + { "Puzzle Random I", "hip.tlv.puzzle_i", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_puzzle_j, + { "Puzzle Solution J", "hip.tlv_puzzle_j", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_ei_res, + { "Reserved", "hip.tlv_ei_res", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_ei_keyidx, + { "Keymat Index", "hip.tlv_ei_keyidx", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_ei_oldspi, + { "Old SPI", "hip.tlv_ei_oldspi", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_ei_newspi, + { "New SPI", "hip.tlv_ei_newspi", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_seq_updid, + { "Update ID", "hip.tlv_seq_updid", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_ack_updid, + { "ACKed Peer Update ID", "hip.tlv_ack_updid", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_dh_group_id, + { "Group ID", "hip.tlv.dh_group_id", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_dh_pub, + { "Public Value", "hip.tlv.dh_pub", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_trans_id, + { "Transform ID", "hip.tlv.trans_id", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_esp_reserved, + { "Reserved", "hip.tlv.esp_reserved", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_len, + { "Host Identity Length","hip.tlv.host_id_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_di_type, + { "Domain Identifier Type","hip.tlv.host_di_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_di_len, + { "Domain Identifier Length","hip.tlv.host_di_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_hdr, + { "Host Identity flags","hip.tlv.host_id_hdr", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_hdr_flags, + { "Flags","hip.tlv.host_id_hdr_flags", FT_UINT32, BASE_HEX, VALS(hi_hdr_flags_vals), HI_HDR_FLAGS_MASK, "", HFILL }}, + + { &hf_hip_tlv_host_id_hdr_proto, + { "Protocol","hip.tlv.host_id_hdr_flags", FT_UINT32, BASE_HEX, VALS(hi_hdr_proto_vals), HI_HDR_PROTO_MASK, "", HFILL }}, + + { &hf_hip_tlv_host_id_hdr_alg, + { "Algorithm","hip.tlv.host_id_hdr_alg", FT_UINT32, BASE_HEX, VALS(hi_hdr_alg_vals), HI_HDR_ALG_MASK, "", HFILL }}, + + { &hf_hip_tlv_host_id_t, + { "Host Identity T","hip.tlv.host_id_t", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_q, + { "Host Identity Q","hip.tlv.host_id_q", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_p, + { "Host Identity P","hip.tlv.host_id_p", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_g, + { "Host Identity G","hip.tlv.host_id_g", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_y, + { "Host Identity Y (public value)", "hip.tlv.host_id_y", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_e_len, + { "RSA Host Identity e_len (exponent length)", + "hip.tlv.host_id_e_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_e, + { "RSA Host Identity e (exponent)", "hip.tlv.host_id_e", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_host_id_n, + { "RSA Host Identity n (public modulus)", "hip.tlv.host_id_n", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_cert_count, + { "Cert count","hip.tlv.cert_count", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_cert_id, + { "Cert ID","hip.tlv.cert_id", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_cert_type, + { "Cert type","hip.tlv.cert_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_certificate, + { "Certificate","hip.tlv.certificate", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_notify_res, + { "Reserved","hip.tlv.notify_res", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_notify_type, + { "Notify Message Type","hip.tlv.notify_type", FT_UINT16, BASE_DEC, VALS(notify_vals), 0xFFFF, "", HFILL }}, + + { &hf_hip_tlv_notify_data, + { "Notification Data","hip.tlv.notify_data", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_opaque_data, + { "Opaque Data","hip.tlv.opaque_data", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_reg_ltmin, + { "Minimum Registration Lifetime","hip.tlv.reg_ltmin", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_reg_ltmax, + { "Maximum Registration Lifetime","hip.tlv.reg_ltmax", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_reg_lt, + { "Registration Lifetime","hip.tlv.reg_lt", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_reg_type, + { "Registration Type","hip.tlv.reg_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_reg_failtype, + { "Registration Failure Type","hip.tlv.reg_failtype", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_hmac, + { "HMAC","hip.tlv.hmac", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_sig_alg, + { "Signature Algorithm","hip.tlv.sig_alg", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_sig, + { "Signature", "hip.tlv.sig", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_id, + { "ID", "hip.tlv.id", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_enc_reserved, + { "Reserved", "hip.tlv.enc_reserved", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_enc_iv, + { "IV", "hip.tlv.enc_iv", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_locator_traffic_type, + { "Traffic Type", "hip.tlv.locator_traffic_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_locator_type, + { "Locator Type", "hip.tlv.locator_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_locator_len, + { "Locator Length", "hip.tlv.locator_len", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_locator_reserved, + { "Reserved | P bit", "hip.tlv.locator_reserved", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_hip_tlv_locator_lifetime, + { "Locator Lifetime", "hip.tlv.locator_lifetime", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + }; + static gint *ett[] = { + &ett_hip, + &ett_hip_controls, + &ett_hip_tlv, + &ett_hip_tlv_data, + &ett_hip_tlv_host_id_hdr, + }; + + proto_hip = proto_register_protocol("Host Identity Protocol", + "HIP", "hip"); + + proto_register_field_array(proto_hip, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register configuration preferences */ + hip_module = prefs_register_protocol(proto_hip, NULL); + prefs_register_bool_preference(hip_module, "summary_in_tree", + "Show HIP summary in protocol tree", + "Whether the HIP summary line should be shown in the protocol tree", + &hip_summary_in_tree); + } + + void + proto_reg_handoff_hip(void) + { + dissector_handle_t hip_handle; + + hip_handle = create_dissector_handle(dissect_hip, proto_hip); + dissector_add("ip.proto", IP_PROTO_HIP, hip_handle); + data_handle = find_dissector("data"); + } + + char * hip_param(int n) + { + static char s[24]; + + switch (n) + { + //case 0: /* sometimes extra padding */ + // return NULL; + // break; + case PARAM_ESP_INFO: + sprintf(s, "ESP INFO"); + break; + case PARAM_R1_COUNTER: + sprintf(s, "R1 COUNTER"); + break; + case PARAM_LOCATOR: + sprintf(s, "LOCATOR"); + break; + case PARAM_PUZZLE: + sprintf(s, "PUZZLE"); + break; + case PARAM_SOLUTION: + sprintf(s, "SOLUTION"); + break; + case PARAM_SEQ: + sprintf(s, "SEQ"); + break; + case PARAM_ACK: + sprintf(s, "ACK"); + break; + case PARAM_DIFFIE_HELLMAN: + sprintf(s, "DIFFIE_HELLMAN"); + break; + case PARAM_HIP_TRANSFORM: + sprintf(s, "HIP_TRANSFORM"); + break; + case PARAM_ENCRYPTED: + sprintf(s, "ENCRYPTED"); + break; + case PARAM_HOST_ID: + sprintf(s, "HOST_ID"); + break; + case PARAM_CERT: + sprintf(s, "CERT"); + break; + case PARAM_NOTIFY: + sprintf(s, "NOTIFY"); + break; + case PARAM_ECHO_REQUEST: + sprintf(s, "ECHO_REQUEST"); + break; + case PARAM_ECHO_RESPONSE: + sprintf(s, "ECHO_RESPONSE"); + break; + case PARAM_ESP_TRANSFORM: + sprintf(s, "ESP_TRANSFORM"); + break; + case PARAM_HMAC: + sprintf(s, "HMAC"); + break; + case PARAM_HMAC_2: + sprintf(s, "HMAC_2"); + break; + case PARAM_HIP_SIGNATURE_2: + sprintf(s, "HIP_SIGNATURE_2"); + break; + case PARAM_HIP_SIGNATURE: + sprintf(s, "HIP_SIGNATURE"); + break; + case PARAM_ECHO_REQUEST_NOSIG: + sprintf(s, "ECHO_REQUEST (No sig.)"); + break; + case PARAM_ECHO_RESPONSE_NOSIG: + sprintf(s, "ECHO_RESPONSE (No sig.)"); + break; + default: + sprintf(s, "?UNKNOWN?"); + break; + } + + return s; + } + + char *dh_group_id_label(int groupid) + { + static char s[26]; + switch(groupid) + { + case 0: + sprintf(s, "Reserved"); + break; + case 1: + sprintf(s, "384-bit group"); + break; + case 2: + sprintf(s, "OAKLEY well-known group 1"); + break; + case 3: + sprintf(s, "1536-bit MODP group"); + break; + case 4: + sprintf(s, "3072-bit MODP group"); + break; + case 5: + sprintf(s, "6144-bit MODP group"); + break; + case 6: + sprintf(s, "8192-bit MODP group"); + break; + default: + sprintf(s, "UNKNOWN?"); + break; + } + return s; + + } + + char *transform_id_label(int transform) + { + static char s[32]; + switch (transform) + { + case 0: + sprintf(s, "Reserved"); + break; + case 1: + sprintf(s, "AES-CBC with HMAC-SHA1"); + break; + case 2: + sprintf(s, "3DES-CBC with HMAC-SHA1"); + break; + case 3: + sprintf(s, "3DES-CBC with HMAC-MD5"); + break; + case 4: + sprintf(s, "BLOWFISH-CBC with HMAC-SHA1"); + break; + case 5: + sprintf(s, "NULL with HMAC-SHA1"); + break; + case 6: + sprintf(s, "NULL with HMAC-MD5"); + break; + default: + sprintf(s, "UNKNOWN?"); + break; + + } + return s; + } + + char *sig_alg_label(int alg) + { + static char s[10]; + switch (alg) + { + case 0: + sprintf(s, "Reserved"); + break; + case HI_ALG_DSA: + sprintf(s, "DSA"); + break; + case HI_ALG_RSA: + sprintf(s, "RSA"); + break; + default: + sprintf(s, "UNKNOWN?"); + break; + + } + return s; + } + + + int dissect_hip_tlv(tvbuff_t *tvb, int offset, proto_item *ti, int type, int tlv_len) + { + proto_tree *t=NULL; + proto_item *ti_tlv; + guint8 data[512]; + guint8 n, algorithm, reg_type; + guint16 trans, hi_len, di_len, di_type, e_len; + guint32 reserved, hi_hdr; + int newoffset, newlen, hi_t; + + switch (type) + { + case PARAM_ESP_INFO: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_ei_res, tvb, offset+4, 2, + tvb_get_ntohs(tvb, offset+4)); + proto_tree_add_uint(t, hf_hip_tlv_ei_keyidx, tvb, offset+6, 2, + tvb_get_ntohs(tvb, offset+6)); + proto_tree_add_uint(t, hf_hip_tlv_ei_oldspi, tvb, offset+8, 4, + tvb_get_ntohl(tvb, offset+8)); + proto_tree_add_uint(t, hf_hip_tlv_ei_newspi, tvb, offset+12, 4, + tvb_get_ntohl(tvb, offset+12)); + break; + case PARAM_R1_COUNTER: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_r1_res, tvb, offset+4, 4, + tvb_get_ntohl(tvb, offset+4)); + tvb_memcpy(tvb, (guint8*)data, offset+8, 8); + proto_tree_add_bytes(t, hf_hip_tlv_r1count, tvb, offset+8, 8, data); + break; + case PARAM_LOCATOR: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + tlv_len -= 4; + newoffset = offset + 4; + while (tlv_len > 0) { + proto_tree_add_uint(t, hf_hip_tlv_locator_traffic_type, tvb, + newoffset, 1, tvb_get_guint8(tvb, newoffset)); + newoffset++; + proto_tree_add_uint(t, hf_hip_tlv_locator_type, tvb, + newoffset, 1, tvb_get_guint8(tvb, newoffset)); + newoffset++; + proto_tree_add_uint(t, hf_hip_tlv_locator_len, tvb, + newoffset, 1, tvb_get_guint8(tvb, newoffset)); + newoffset++; + reserved = tvb_get_guint8(tvb, newoffset); + proto_tree_add_uint_format(t, hf_hip_tlv_locator_reserved, tvb, + newoffset, 1, reserved, "Reserved: 0x%x %s", reserved, + (reserved >> 31) ? "(Preferred)" : ""); + newoffset++; + proto_tree_add_uint(t, hf_hip_tlv_locator_lifetime, tvb, + newoffset, 4, tvb_get_ntohl(tvb, newoffset)); + newoffset += 4; + proto_tree_add_text(t, tvb, newoffset, 16, "Address: %s", + ip6_to_str((const struct e_in6_addr*) + tvb_get_ptr(tvb, newoffset, 16))); + newoffset += 16; + tlv_len -= 32; + } + break; + case PARAM_PUZZLE: + case PARAM_SOLUTION: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_puzzle_k, tvb, offset+4, 1, + tvb_get_guint8(tvb, offset+4)); + proto_tree_add_uint(t, hf_hip_tlv_puzzle_life, tvb, offset+5, 1, + tvb_get_guint8(tvb, offset+5)); + proto_tree_add_uint(t, hf_hip_tlv_puzzle_o, tvb,offset+6, 2, + tvb_get_ntohs(tvb, offset+6)); + tvb_memcpy(tvb, (guint8*)data, offset+8, 8); + proto_tree_add_bytes(t, hf_hip_tlv_puzzle_i, tvb,offset+8, 8, data); + if (type == PARAM_SOLUTION) { /* solution also contains J */ + tvb_memcpy(tvb, (guint8*)data, offset+16, 8); + proto_tree_add_bytes(t, hf_hip_tlv_puzzle_j, tvb, offset+16, 8, + data); + } + break; + case PARAM_SEQ: /* SEQ */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_seq_updid, tvb, offset+4, 4, + tvb_get_ntohl(tvb, offset+4)); + break; + case PARAM_ACK: /* ACK */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + newoffset = offset + 4; + while (tlv_len > 0) { + proto_tree_add_uint(t, hf_hip_tlv_ack_updid, tvb, newoffset, 4, tvb_get_ntohl(tvb, newoffset)); + newoffset += 4; + tlv_len -= 4; + } + break; + case PARAM_DIFFIE_HELLMAN: /* DIFFIE_HELLMAN */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + n = tvb_get_guint8(tvb, offset+4); + proto_tree_add_uint_format(t, hf_hip_tlv_dh_group_id, tvb, offset+4, + 1, n, "%u (%s)", n, dh_group_id_label(n)); + tvb_memcpy(tvb, (guint8*)data, offset+5, tlv_len-1); + proto_tree_add_bytes(t, hf_hip_tlv_dh_pub, tvb, offset+5, tlv_len-1, + data); + break; + case PARAM_ESP_TRANSFORM: /* ESP_TRANSFORM */ + case PARAM_HIP_TRANSFORM: /* HIP_TRANSFORM */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + /* ESP transform may have E bit*/ + if (type == PARAM_ESP_TRANSFORM) { + proto_tree_add_uint(t, hf_hip_tlv_esp_reserved, tvb, + offset+4, 2, tvb_get_ntohs(tvb, offset+4)); + newoffset = offset + 6; + tlv_len -= 2; + } else { + newoffset = offset + 4; + /* check for NULL as only HIP transform */ + if (tlv_len == 2) + hip_transform = tvb_get_ntohs(tvb, newoffset); + else + hip_transform = 0; + } + while (tlv_len > 0) { + trans = tvb_get_ntohs(tvb, newoffset); + proto_tree_add_uint_format(t, hf_hip_tlv_trans_id, tvb, + newoffset, 2, trans, "%u (%s)", trans, + transform_id_label(trans)); + tlv_len -= 2; /* two bytes per transform id */ + newoffset += 2; + } + break; + case PARAM_ENCRYPTED: /* ENCRYPTED */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_enc_reserved, tvb, offset+4, 4, + tvb_get_ntohl(tvb, offset+4)); + if (hip_transform == 5) { /* null encryption, no IV */ + offset += 8; + t = proto_item_add_subtree(t, ett_hip_tlv_data); + } else { /* encrypted data */ + tvb_memcpy(tvb, (guint8*)data, offset+8, 8); + proto_tree_add_bytes(t, hf_hip_tlv_enc_iv,tvb,offset+8,8,data); + proto_tree_add_text(t, tvb, offset+16, tlv_len-12, + "Encrypted Data (%u bytes)", tlv_len-12); + break; + } + case PARAM_HOST_ID: /* HOST_ID */ + if (type != PARAM_ENCRYPTED) + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + /* hi_length, fqdn_length */ + hi_len = tvb_get_ntohs(tvb, offset+4); + di_len = tvb_get_ntohs(tvb, offset+6); + di_type = (di_len >> 12) & 0x000F; /* get 4 bits for DI type */ + di_len = di_len & 0x0FFF; /* 12 bits for DI length */ + proto_tree_add_uint(t, hf_hip_tlv_host_id_len, tvb, offset+4, 2, + hi_len); + proto_tree_add_uint(t, hf_hip_tlv_host_di_type, tvb, offset+6, 1, + di_type); + proto_tree_add_uint(t, hf_hip_tlv_host_di_len, tvb, offset+6, 2, + di_len); + /* hi_hdr - first 4 bytes are 0200ff03 (RFC 2535) + * flags 2 octets + * protocol 1 octet + * algorithm 1 octet (DSA or RSA) + */ + hi_hdr = tvb_get_ntohl(tvb, offset+8); + ti_tlv = proto_tree_add_uint(t, hf_hip_tlv_host_id_hdr, tvb, offset+8, 4, hi_hdr); + if (ti_tlv) { + ti_tlv = proto_item_add_subtree(ti_tlv,ett_hip_tlv_host_id_hdr); + proto_tree_add_uint(ti_tlv, hf_hip_tlv_host_id_hdr_flags, tvb, offset+8,2, hi_hdr); + proto_tree_add_uint(ti_tlv, hf_hip_tlv_host_id_hdr_proto, tvb, offset+10,1, hi_hdr); + proto_tree_add_uint(ti_tlv, hf_hip_tlv_host_id_hdr_alg, tvb, offset+11,1, hi_hdr); + } + algorithm = tvb_get_guint8(tvb, offset+11); + switch (algorithm) { + case HI_ALG_DSA: + /* DSA + * T 1 octet + * Q 20 octets + * P 64 + T*8 octets + * G 64 + T*8 octets + * Y 64 + T*8 octets + */ + /* hi_t */ + proto_tree_add_uint(t, hf_hip_tlv_host_id_t, tvb, offset+12, 1, + tvb_get_guint8(tvb, offset+12)); + hi_t = tvb_get_guint8(tvb, offset+12); + tvb_memcpy(tvb, (guint8*)data, offset+13, 20); + proto_tree_add_bytes(t, hf_hip_tlv_host_id_q, tvb, offset+13, + 20, data); + newoffset = offset + 33; + if (hi_t > 56) /* max 4096 bits */ + break; + newlen = 64 + (hi_t * 8); + tvb_memcpy(tvb, (guint8*)data, newoffset, newlen); + proto_tree_add_bytes(t, hf_hip_tlv_host_id_p, tvb, newoffset, + newlen, data); + newoffset += newlen; + tvb_memcpy(tvb, (guint8*)data, newoffset, newlen); + proto_tree_add_bytes(t, hf_hip_tlv_host_id_g, tvb, newoffset, + newlen, data); + newoffset += newlen; + tvb_memcpy(tvb, (guint8*)data, newoffset, newlen); + proto_tree_add_bytes(t, hf_hip_tlv_host_id_y, tvb, newoffset, + newlen, data); + break; + case HI_ALG_RSA: + /* RSA + * e_len 1 or 3 octets + * e specified by e_len + * n variable length public modulus + */ + e_len = tvb_get_guint8(tvb, offset+12); + newoffset = offset+13; + hi_len -= 5; /* subtract RDATA + e_len */ + if (e_len == 0) { /* e_len is 0 followed by 16-bit value */ + e_len = tvb_get_ntohs(tvb, offset+13); + newoffset += 2; + hi_len -= 2; + } + if (e_len > 512) { /* per, RFC 3110 < 4096 bits */ + proto_tree_add_text(t, tvb, offset+13, 2, + "<< e_len too large >>"); + break; + } + proto_tree_add_uint(t, hf_hip_tlv_host_id_e_len, tvb, offset+12, + (e_len > 255) ? 3:1, e_len); + proto_tree_add_bytes(t, hf_hip_tlv_host_id_e, tvb, newoffset, + e_len, tvb_get_ptr(tvb, newoffset, e_len)); + newoffset += e_len; + hi_len -= e_len; + if ((hi_len > 512) || (hi_len < 0)) { + proto_tree_add_text(t, tvb, newoffset, 1, + "<< Invalid HI length >>"); + break; + } + /* RSA public modulus n */ + proto_tree_add_bytes(t, hf_hip_tlv_host_id_n, tvb, newoffset, + hi_len, tvb_get_ptr(tvb,newoffset,hi_len)); + break; + default: + proto_tree_add_text(t, tvb, offset+11, 1, + "Unknown algorithm type (%d).\n", algorithm); + + break; + } + /* FQDN */ + if (di_type == 0) + break; + if (di_len > sizeof(data)) + di_len = sizeof(data) - 1; + memset(data,0,sizeof(data)); /* this null-terminates the string */ + tvb_memcpy(tvb, (guint8*)data, offset+16+hi_len, di_len); + if (di_type == 1) { + proto_tree_add_text(t, tvb, offset+16+hi_len, di_len, + "FQDN: %s", data); + } else if (di_type == 2) { + proto_tree_add_text(t, tvb, offset+16+hi_len, di_len, + "NAI: %s", data); + } + break; + case PARAM_CERT: /* CERT */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_cert_count, tvb, offset+4, 1, + tvb_get_guint8(tvb, offset+4)); + proto_tree_add_uint(t, hf_hip_tlv_cert_id, tvb, offset+5, 1, + tvb_get_guint8(tvb, offset+5)); + proto_tree_add_uint(t, hf_hip_tlv_cert_type, tvb, offset+6, 1, + tvb_get_guint8(tvb, offset+6)); + tvb_memcpy(tvb, (guint8*)data, offset+7, tlv_len-3); + proto_tree_add_bytes(t, hf_hip_tlv_certificate, tvb, offset+7, + tlv_len-3, data); + break; + case PARAM_NOTIFY: /* NOTIFY */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_uint(t, hf_hip_tlv_notify_res, tvb, offset+4, 2, + tvb_get_ntohs(tvb, offset+4)); + proto_tree_add_uint(t, hf_hip_tlv_notify_type, tvb, offset+6, 2, + tvb_get_ntohs(tvb, offset+6)); + tvb_memcpy(tvb, (guint8*)data, offset+8, tlv_len-4); + proto_tree_add_bytes(t, hf_hip_tlv_notify_data, tvb, offset+8, + tlv_len-4, data); + + break; + case PARAM_ECHO_REQUEST: /* ECHO REQUEST */ + case PARAM_ECHO_RESPONSE: /* ECHO RESPONSE */ + case PARAM_ECHO_REQUEST_NOSIG: /* ECHO REQUEST */ + case PARAM_ECHO_RESPONSE_NOSIG: /* ECHO RESPONSE */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + tvb_memcpy(tvb, (guint8*)data, offset+4, tlv_len); + proto_tree_add_bytes(t, hf_hip_tlv_opaque_data, tvb, offset+4, + tlv_len, data); + break; + case PARAM_REG_INFO: + case PARAM_REG_REQUEST: + case PARAM_REG_RESPONSE: + case PARAM_REG_FAILED: + /* min lt, max lt | lifetime | failuretype */ + if (type == PARAM_REG_INFO) { /* min lt, max lt */ + proto_tree_add_uint(t, hf_hip_tlv_reg_ltmin, tvb, offset+4, + 1, tvb_get_guint8(tvb, offset+4)); + proto_tree_add_uint(t, hf_hip_tlv_reg_ltmax, tvb, offset+5, + 1, tvb_get_guint8(tvb, offset+5)); + newoffset = 6; + } else if (type == PARAM_REG_FAILED) { /* failure type */ + proto_tree_add_uint(t, hf_hip_tlv_reg_failtype, tvb, offset+4, + 1, tvb_get_guint8(tvb, offset+4)); + newoffset = 5; + } else { /* lifetime */ + proto_tree_add_uint(t, hf_hip_tlv_reg_lt, tvb, offset+4, + 1, tvb_get_guint8(tvb, offset+4)); + newoffset = 5; + } + /* reg type 1 ... n, padding */ + while (tlv_len > 0) { + reg_type = tvb_get_guint8(tvb, newoffset); + proto_tree_add_uint(t, hf_hip_tlv_reg_type, tvb, newoffset, 1, + reg_type); + tlv_len--; /* one byte per registration type */ + newoffset++; + } + break; + case PARAM_RVS_HMAC: /* RVS HMAC */ + case PARAM_HMAC: /* HMAC */ + case PARAM_HMAC_2: /* HMAC */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + tvb_memcpy(tvb, (guint8*)data, offset+4, tlv_len); + proto_tree_add_bytes(t, hf_hip_tlv_hmac, tvb, offset+4, + tlv_len,data); + break; + case PARAM_HIP_SIGNATURE_2: /* HIP_SIGNATURE_2 */ + case PARAM_HIP_SIGNATURE: /* HIP_SIGNATURE */ + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + n = tvb_get_guint8(tvb, offset+4); + proto_tree_add_uint_format(t, hf_hip_tlv_sig_alg, tvb, offset+4, 1, + n, "%u (%s)", n, sig_alg_label(n)); + tvb_memcpy(tvb, (guint8*)data, offset+5, tlv_len-1); + proto_tree_add_bytes(t, hf_hip_tlv_sig, tvb, offset+5, tlv_len-1, + data); + break; + case PARAM_FROM: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + proto_tree_add_text(t, tvb, offset+4, 16, "Address: %s", + ip6_to_str((const struct e_in6_addr*) + tvb_get_ptr(tvb, offset+4, 16))); + break; + case PARAM_VIA_RVS: + t = proto_item_add_subtree(ti, ett_hip_tlv_data); + newoffset = offset + 4; + while (tlv_len > 0) { + proto_tree_add_text(t, tvb, newoffset, 16, "RVS Address: %s", + ip6_to_str((const struct e_in6_addr*) + tvb_get_ptr(tvb, newoffset, 16))); + tlv_len -= 16; + newoffset += 16; + } + break; + default: + break; + } + return (0); + } +
- Prev by Date: Re: [Wireshark-users] Decrypt a SSH communication ?
- Next by Date: Re: [Wireshark-users] HTTP GET /(none) ??
- Previous by thread: Re: [Wireshark-users] Error with wireshark-0.99.5
- Next by thread: [Wireshark-users] Unexpected Capture Results
- Index(es):