search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-openvpn.c
blob5727b7b93be49af4966e5517a388b29b6cfc0dad
1 /* packet-openvpn.c
2 * routines for openvpn packet dissasembly
3 * - http://www.openvpn.net
4 * - http://fengnet.com/book/vpns%20illustrated%20tunnels%20%20vpnsand%20ipsec/ch08lev1sec5.html
5 *
6 * Created as part of a semester project at the University of Applied Sciences Hagenberg
7 * (http://www.fh-ooe.at/en/hagenberg-campus/)
8 *
9 * Copyright (c) 2013:
10 * Hofer Manuel (manuel@mnlhfr.at)
11 * Nemeth Franz
12 * Scheipner Alexander
13 * Stiftinger Thomas
14 * Werner Sebastian
15 *
16 * SPDX-License-Identifier: GPL-2.0-or-later
17 */
18
19 #include "config.h"
20
21 #include <epan/packet.h>
22 #include <epan/prefs.h>
23 #include <epan/reassemble.h>
24 #include <epan/conversation.h>
25 #include "packet-tcp.h"
26
27 void proto_register_openvpn(void);
28 void proto_reg_handoff_openvpn(void);
29
30 #define PFNAME "openvpn"
31 #define PNAME "OpenVPN Protocol"
32 #define PSNAME "OpenVPN"
33
34 #define OPENVPN_PORT 1194
35
36 /* packet opcode and key-id are combined in one byte */
37 #define P_OPCODE_MASK 0xF8 /* packet opcode (high 5 bits) */
38 #define P_KEY_ID_MASK 0x07 /* key-id (low 3 bits) */
39 #define HMAC_KEY_LENGTH_MAX 64 /* 512 Bit HMAC is maximum */
40
41 /* Opcodes */
42 #define P_CONTROL_HARD_RESET_CLIENT_V1 1
43 #define P_CONTROL_HARD_RESET_SERVER_V1 2
44 #define P_CONTROL_SOFT_RESET_V1 3
45 #define P_CONTROL_V1 4
46 #define P_ACK_V1 5
47 #define P_DATA_V1 6
48 #define P_CONTROL_HARD_RESET_CLIENT_V2 7
49 #define P_CONTROL_HARD_RESET_SERVER_V2 8
50 #define P_DATA_V2 9
51 #define P_CONTROL_HARD_RESET_CLIENT_V3 10
52 #define P_CONTROL_WKC_V1 11
53
54 static int ett_openvpn;
55 static int ett_openvpn_data;
56 static int ett_openvpn_packetarray;
57 static int ett_openvpn_type;
58 static int ett_openvpn_wkc;
59 static int hf_openvpn_data;
60 static int hf_openvpn_wkc_data;
61 static int hf_openvpn_wkc_length;
62 static int hf_openvpn_fragment_bytes;
63 static int hf_openvpn_hmac;
64 static int hf_openvpn_keyid;
65 static int hf_openvpn_mpid;
66 static int hf_openvpn_mpid_arrayelement;
67 static int hf_openvpn_mpid_arraylength;
68 static int hf_openvpn_net_time;
69 static int hf_openvpn_opcode;
70 static int hf_openvpn_pdu_type;
71 static int hf_openvpn_pid;
72 static int hf_openvpn_plen;
73 static int hf_openvpn_rsessionid;
74 static int hf_openvpn_sessionid;
75 static int hf_openvpn_peerid;
76 static int proto_openvpn;
77
78 static dissector_handle_t openvpn_udp_handle;
79 static dissector_handle_t openvpn_tcp_handle;
80
81 static dissector_handle_t tls_handle;
82
83 /* Preferences */
84 static bool pref_long_format = true;
85 static bool pref_tls_auth;
86 static bool pref_tls_auth_override;
87 static bool pref_tls_crypt_override;
88 static unsigned tls_auth_hmac_size = 20; /* Default SHA-1 160 Bits */
89
90 static const value_string openvpn_message_types[] =
91 {
92 { P_CONTROL_HARD_RESET_CLIENT_V1, "P_CONTROL_HARD_RESET_CLIENT_V1" },
93 { P_CONTROL_HARD_RESET_SERVER_V1, "P_CONTROL_HARD_RESET_SERVER_V1" },
94 { P_CONTROL_SOFT_RESET_V1, "P_CONTROL_SOFT_RESET_V1" },
95 { P_CONTROL_V1, "P_CONTROL_V1" },
96 { P_ACK_V1, "P_ACK_V1" },
97 { P_DATA_V1, "P_DATA_V1" },
98 { P_CONTROL_HARD_RESET_CLIENT_V2, "P_CONTROL_HARD_RESET_CLIENT_V2" },
99 { P_CONTROL_HARD_RESET_SERVER_V2, "P_CONTROL_HARD_RESET_SERVER_V2" },
100 { P_DATA_V2, "P_DATA_V2" },
101 { P_CONTROL_HARD_RESET_CLIENT_V3, "P_CONTROL_HARD_RESET_CLIENT_V3" },
102 { P_CONTROL_WKC_V1, "P_CONTROL_WKC_V1" },
103 { 0, NULL }
104 };
105
106 /* everything used during the reassembly process */
107 static reassembly_table msg_reassembly_table;
108
109 static int ett_openvpn_fragment;
110 static int ett_openvpn_fragments;
111 static int hf_openvpn_fragment;
112 static int hf_openvpn_fragment_count;
113 static int hf_openvpn_fragment_error;
114 static int hf_openvpn_fragment_multiple_tails;
115 static int hf_openvpn_fragment_overlap;
116 static int hf_openvpn_fragment_overlap_conflicts;
117 static int hf_openvpn_fragment_too_long_fragment;
118 static int hf_openvpn_fragments;
119 static int hf_openvpn_reassembled_in;
120 static int hf_openvpn_reassembled_length;
121
122 static const fragment_items openvpn_frag_items = {
123 /* Fragment subtrees */
124 &ett_openvpn_fragment,
125 &ett_openvpn_fragments,
126 /* Fragment fields */
127 &hf_openvpn_fragments,
128 &hf_openvpn_fragment,
129 &hf_openvpn_fragment_overlap,
130 &hf_openvpn_fragment_overlap_conflicts,
131 &hf_openvpn_fragment_multiple_tails,
132 &hf_openvpn_fragment_too_long_fragment,
133 &hf_openvpn_fragment_error,
134 &hf_openvpn_fragment_count,
135 /* Reassembled in field */
136 &hf_openvpn_reassembled_in,
137 /* Reassembled length field */
138 &hf_openvpn_reassembled_length,
139 /* Reassembled data field */
140 NULL,
141 /* Tag */
142 "Message fragments"
143 };
144
145 /* we check the leading 4 byte of a suspected hmac for 0x00 bytes,
146 if more than 1 byte out of the 4 provided contains 0x00, the
147 hmac is considered not valid, which suggests that no tls auth is used.
148 unfortunately there is no other way to detect tls auth on the fly */
149 static bool
150 check_for_valid_hmac(uint32_t hmac)
151 {
152 int c = 0;
153 if ((hmac & 0x000000FF) == 0x00000000) {
154 c++;
155 }
156 if ((hmac & 0x0000FF00) == 0x00000000) {
157 c++;
158 }
159 if ((hmac & 0x00FF0000) == 0x00000000) {
160 c++;
161 }
162 if ((hmac & 0xFF000000) == 0x00000000) {
163 c++;
164 }
165 if (c > 1) {
166 return false;
167 } else {
168 return true;
169 }
170 }
171
172 static int
173 dissect_openvpn_msg_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *openvpn_tree, proto_tree *parent_tree, int offset)
174 {
175 bool tls_auth;
176 bool tls_crypt = false;
177 unsigned openvpn_keyid;
178 unsigned openvpn_opcode;
179 uint32_t msg_sessionid = -1;
180 uint8_t openvpn_predict_tlsauth_arraylength;
181 proto_item *ti2;
182 proto_tree *packetarray_tree, *type_tree;
183 uint32_t msg_length_remaining;
184 int wkc_offset = -1;
185
186 /* Clear out stuff in the info column */
187 col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
188 col_clear(pinfo->cinfo,COL_INFO);
189
190 /* read opcode and write to info column */
191 openvpn_opcode = tvb_get_bits8(tvb, offset*8, 5);
192 col_append_fstr(pinfo->cinfo, COL_INFO, "MessageType: %s",
193 val_to_str_const(openvpn_opcode, openvpn_message_types, "Unknown Messagetype"));
194
195
196 openvpn_keyid = tvb_get_bits8(tvb, offset*8 + 5, 3);
197 proto_item_append_text(parent_tree, ", Opcode: %s, Key ID: %d",
198 val_to_str(openvpn_opcode, openvpn_message_types, "Unknown (0x%02x)"),
199 openvpn_keyid);
200
201 ti2 = proto_tree_add_item(openvpn_tree, hf_openvpn_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN);
202 proto_item_append_text(ti2, " [opcode/key_id]");
203
204 type_tree = proto_item_add_subtree(ti2, ett_openvpn_type);
205 proto_tree_add_item(type_tree, hf_openvpn_opcode, tvb, offset, 1, ENC_BIG_ENDIAN);
206 proto_tree_add_item(type_tree, hf_openvpn_keyid, tvb, offset, 1, ENC_BIG_ENDIAN);
207 offset += 1;
208
209 if (openvpn_opcode == P_DATA_V2) {
210 proto_tree_add_item(openvpn_tree, hf_openvpn_peerid, tvb, offset, 3, ENC_BIG_ENDIAN);
211 offset += 3;
212 } else if (openvpn_opcode != P_DATA_V1) {
213 /* if we have a P_CONTROL or P_ACK packet */
214
215 /* read sessionid */
216 msg_sessionid = tvb_get_bits32(tvb, offset*8+32, 32, ENC_BIG_ENDIAN);
217 proto_tree_add_item(openvpn_tree, hf_openvpn_sessionid, tvb, offset, 8, ENC_BIG_ENDIAN);
218 offset += 8;
219
220 /* tls-auth detection (this can be overridden by preferences */
221 openvpn_predict_tlsauth_arraylength = tvb_get_uint8(tvb, offset);
222
223 /* if the first 4 bytes that would, if tls-auth is used, contain part of the hmac,
224 lack entropy, we assume no tls-auth is used */
225 if (pref_tls_auth_override == false) {
226 if ((openvpn_opcode != P_DATA_V1)
227 && (openvpn_predict_tlsauth_arraylength > 0)
228 && check_for_valid_hmac(tvb_get_ntohl(tvb, offset))) {
229 tls_auth = true;
230 } else {
231 tls_auth = false;
232 }
233 } else {
234 tls_auth = pref_tls_auth;
235 }
236
237 if (openvpn_opcode == P_CONTROL_HARD_RESET_CLIENT_V3 || openvpn_opcode == P_CONTROL_WKC_V1 || pref_tls_crypt_override == true) {
238 /* these opcodes are always tls-crypt*/
239 tls_crypt = true;
240 tls_auth = false;
241 }
242
243 if (tls_auth == true) {
244 proto_tree_add_item(openvpn_tree, hf_openvpn_hmac, tvb, offset, tls_auth_hmac_size, ENC_NA);
245 offset += tls_auth_hmac_size;
246 }
247
248 if (tls_auth == true || tls_crypt == true) {
249 if (tvb_reported_length_remaining(tvb, offset) >= 8) {
250 proto_tree_add_item(openvpn_tree, hf_openvpn_pid, tvb, offset, 4, ENC_BIG_ENDIAN);
251 offset += 4;
252
253 if (pref_long_format || tls_crypt == true) {
254 proto_tree_add_item(openvpn_tree, hf_openvpn_net_time, tvb, offset, 4, ENC_BIG_ENDIAN);
255 offset += 4;
256 }
257 }
258 if (tls_crypt == true) {
259 /* tls-crypt uses HMAC-SHA256 */
260 proto_tree_add_item(openvpn_tree, hf_openvpn_hmac, tvb, offset, 32, ENC_NA);
261 offset += 32;
262 }
263 }
264
265 if (tvb_reported_length_remaining(tvb, offset) >= 1 && tls_crypt == false) {
266 /* read P_ACK packet-id array length */
267 int pid_arraylength = tvb_get_uint8(tvb, offset);
268 int i;
269 proto_tree_add_item(openvpn_tree, hf_openvpn_mpid_arraylength, tvb, offset, 1, ENC_BIG_ENDIAN);
270 offset += 1;
271
272 if (pid_arraylength > 0) {
273
274 packetarray_tree = proto_tree_add_subtree(openvpn_tree, tvb, offset, 0, ett_openvpn_packetarray, NULL, "Packet-ID Array");
275 for (i = 0; i < pid_arraylength; i++) {
276 proto_tree_add_item(packetarray_tree, hf_openvpn_mpid_arrayelement, tvb, offset, 4, ENC_BIG_ENDIAN);
277 offset += 4;
278 }
279
280 if (tvb_reported_length_remaining(tvb, offset) >= 8) {
281 proto_tree_add_item(openvpn_tree, hf_openvpn_rsessionid, tvb, offset, 8, ENC_BIG_ENDIAN);
282 offset += 8;
283 }
284 }
285 }
286
287 /* if we have a P_CONTROL packet */
288 if (openvpn_opcode != P_ACK_V1 && tls_crypt == false) {
289 /* read Message Packet-ID */
290 if (tvb_reported_length_remaining(tvb, offset) >= 4) {
291 proto_tree_add_item(openvpn_tree, hf_openvpn_mpid, tvb, offset, 4, ENC_BIG_ENDIAN);
292 offset += 4;
293 }
294 }
295 }
296
297 /* if we have more data left, determine what to do */
298 msg_length_remaining = tvb_reported_length_remaining(tvb, offset);
299
300 if (msg_length_remaining == 0) {
301 return tvb_captured_length(tvb);
302 }
303
304 int data_len = msg_length_remaining;
305 int wkc_len = -1;
306 if ((openvpn_opcode == P_CONTROL_HARD_RESET_CLIENT_V3 || openvpn_opcode == P_CONTROL_WKC_V1)
307 && msg_length_remaining >= 2) {
308
309 wkc_len = tvb_get_ntohs(tvb, tvb_reported_length(tvb) - 2);
310 data_len = msg_length_remaining - wkc_len;
311 }
312
313 if (openvpn_opcode != P_CONTROL_V1) {
314 proto_tree *data_tree;
315 data_tree = proto_tree_add_subtree_format(openvpn_tree, tvb, offset, data_len,
316 ett_openvpn_data, NULL, "Data (%d bytes)",
317 data_len);
318
319 proto_tree_add_item(data_tree, hf_openvpn_data, tvb, offset, data_len, ENC_NA);
320
321 if (wkc_len > 0)
322 {
323 proto_tree *wkc_tree;
324 wkc_offset = tvb_reported_length(tvb) - wkc_len;
325
326 wkc_tree = proto_tree_add_subtree_format(openvpn_tree, tvb, offset, data_len,
327 ett_openvpn_wkc, NULL, "Wrapped client key (%d bytes)",
328 tvb_captured_length_remaining(tvb, wkc_offset));
329
330 proto_tree_add_item(wkc_tree, hf_openvpn_wkc_data, tvb, wkc_offset, wkc_len, ENC_NA);
331 proto_tree_add_item(wkc_tree, hf_openvpn_wkc_length, tvb, tvb_reported_length(tvb) - 2, 2, ENC_BIG_ENDIAN);
332 }
333
334 return tvb_captured_length(tvb);
335 }
336
337 /* Control message, possibly fragmented, carrying TLS. Try to reassemble. */
338
339 streaming_reassembly_info_t *streaming_reassembly_info = NULL;
340
341 conversation_t *conv = find_or_create_conversation_by_id(pinfo, CONVERSATION_OPENVPN, msg_sessionid);
342 streaming_reassembly_info = conversation_get_proto_data(conv, proto_openvpn);
343 if (!streaming_reassembly_info) {
344 streaming_reassembly_info = streaming_reassembly_info_new();
345 conversation_add_proto_data(conv, proto_openvpn, streaming_reassembly_info);
346 }
347
348 reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset,
349 msg_length_remaining, openvpn_tree, parent_tree, msg_reassembly_table,
350 streaming_reassembly_info, get_virtual_frame_num64(tvb, pinfo, offset),
351 tls_handle, parent_tree, NULL /* should it be tcpinfo if we have it? */, "OpenVPN Message",
352 &openvpn_frag_items, hf_openvpn_fragment_bytes);
353
354 return tvb_captured_length(tvb);
355 }
356
357 static unsigned
358 get_msg_length(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
359 {
360 return (unsigned)tvb_get_ntohs(tvb, offset) + 2; /* length field is at offset 0,
361 +2 to account for the length field itself */
362 }
363
364 static int
365 dissect_openvpn_msg_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
366 {
367 proto_item *ti;
368 proto_tree *openvpn_tree;
369
370 ti = proto_tree_add_item(tree, proto_openvpn, tvb, 0, -1, ENC_NA);
371 openvpn_tree = proto_item_add_subtree(ti, ett_openvpn);
372
373 proto_tree_add_item(openvpn_tree, hf_openvpn_plen, tvb, 0, 2, ENC_BIG_ENDIAN);
374
375 return dissect_openvpn_msg_common(tvb, pinfo, openvpn_tree, tree, 2);
376 }
377
378 static int
379 dissect_openvpn_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
380 {
381 tcp_dissect_pdus( tvb, pinfo, tree,
382 true, /* should data be reassembled? */
383 2, /* how much bytes do we need for get_msg_length to be successful,
384 since the length is the first thing in an openvpn packet we choose 2 */
385 get_msg_length, /* fptr for function to get the packetlength of current frame */
386 dissect_openvpn_msg_tcp, data);
387 return tvb_captured_length(tvb);
388 }
389
390 static int
391 dissect_openvpn_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
392 {
393 proto_item *ti;
394 proto_tree *openvpn_tree;
395
396 ti = proto_tree_add_item(tree, proto_openvpn, tvb, 0, -1, ENC_NA);
397 openvpn_tree = proto_item_add_subtree(ti, ett_openvpn);
398
399 return dissect_openvpn_msg_common(tvb, pinfo, openvpn_tree, tree, 0);
400 }
401
402 void
403 proto_register_openvpn(void)
404 {
405 static hf_register_info hf[] = {
406 { &hf_openvpn_plen,
407 { "Packet Length", "openvpn.plen",
408 FT_UINT16, BASE_DEC,
409 NULL, 0x0,
410 NULL, HFILL }
411 },
412 { &hf_openvpn_pdu_type,
413 { "Type", "openvpn.type",
414 FT_UINT8, BASE_HEX,
415 NULL, 0x0,
416 NULL, HFILL }
417 },
418 { &hf_openvpn_opcode,
419 { "Opcode", "openvpn.opcode",
420 FT_UINT8, BASE_HEX,
421 VALS(openvpn_message_types), P_OPCODE_MASK,
422 NULL, HFILL }
423 },
424 { &hf_openvpn_keyid,
425 { "Key ID", "openvpn.keyid",
426 FT_UINT8, BASE_DEC,
427 NULL, P_KEY_ID_MASK,
428 NULL, HFILL }
429 },
430 { &hf_openvpn_peerid,
431 { "Peer ID", "openvpn.peerid",
432 FT_UINT24, BASE_DEC,
433 NULL, 0x0,
434 NULL, HFILL }
435 },
436 { &hf_openvpn_sessionid,
437 { "Session ID", "openvpn.sessionid",
438 FT_UINT64, BASE_DEC,
439 NULL, 0x0,
440 NULL, HFILL }
441 },
442 { &hf_openvpn_hmac,
443 { "HMAC", "openvpn.hmac",
444 FT_BYTES, BASE_NONE,
445 NULL, 0x0,
446 NULL, HFILL }
447 },
448 { &hf_openvpn_pid,
449 { "Replay-Packet-ID", "openvpn.pid",
450 FT_UINT32, BASE_DEC,
451 NULL, 0x0,
452 NULL, HFILL }
453 },
454 { &hf_openvpn_net_time,
455 { "Net Time", "openvpn.net_time",
456 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
457 NULL, 0x0,
458 NULL, HFILL }
459 },
460 { &hf_openvpn_rsessionid,
461 { "Remote Session ID", "openvpn.rsessionid",
462 FT_UINT64, BASE_DEC,
463 NULL, 0x0,
464 NULL, HFILL }
465 },
466 { &hf_openvpn_mpid,
467 { "Message Packet-ID", "openvpn.mpid",
468 FT_UINT32, BASE_DEC,
469 NULL, 0x0,
470 NULL, HFILL }
471 },
472 { &hf_openvpn_mpid_arraylength,
473 { "Message Packet-ID Array Length", "openvpn.mpidarraylength",
474 FT_UINT8, BASE_DEC,
475 NULL, 0x0,
476 NULL, HFILL }
477 },
478 { &hf_openvpn_mpid_arrayelement,
479 { "Message Packet-ID Array Element", "openvpn.mpidarrayelement",
480 FT_UINT32, BASE_DEC,
481 NULL, 0x0,
482 NULL, HFILL }
483 },
484 { &hf_openvpn_data,
485 { "Data", "openvpn.data",
486 FT_BYTES, BASE_NONE,
487 NULL, 0x0,
488 NULL, HFILL }
489 },
490 { &hf_openvpn_wkc_data,
491 { "Wrapped client key", "openvpn.wkc",
492 FT_BYTES, BASE_NONE,
493 NULL, 0x0,
494 NULL, HFILL }
495 },
496 { &hf_openvpn_wkc_length,
497 { "Wrapped client key length", "openvpn.wkc_len",
498 FT_UINT16, BASE_DEC,
499 NULL, 0x0,
500 NULL, HFILL }
501 },
502 { &hf_openvpn_fragment_bytes,
503 { "Fragment bytes", "openvpn.fragment_bytes",
504 FT_BYTES, BASE_NONE,
505 NULL, 0x0,
506 NULL, HFILL }
507 },
508 { &hf_openvpn_fragments,
509 { "Message fragments", "openvpn.fragments",
510 FT_NONE, BASE_NONE,
511 NULL, 0x00,
512 NULL, HFILL }
513 },
514 { &hf_openvpn_fragment,
515 { "Message fragment", "openvpn.fragment",
516 FT_FRAMENUM, BASE_NONE,
517 NULL, 0x00,
518 NULL, HFILL }
519 },
520 { &hf_openvpn_fragment_overlap,
521 { "Message fragment overlap", "openvpn.fragment.overlap",
522 FT_BOOLEAN, BASE_NONE,
523 NULL, 0x00,
524 NULL, HFILL }
525 },
526 { &hf_openvpn_fragment_overlap_conflicts,
527 { "Message fragment overlapping with conflicting data", "openvpn.fragment.overlap.conflicts",
528 FT_BOOLEAN, BASE_NONE,
529 NULL, 0x00,
530 NULL, HFILL }
531 },
532 { &hf_openvpn_fragment_multiple_tails,
533 { "Message has multiple tail fragments", "openvpn.fragment.multiple_tails",
534 FT_BOOLEAN, BASE_NONE,
535 NULL, 0x00,
536 NULL, HFILL }
537 },
538 { &hf_openvpn_fragment_too_long_fragment,
539 { "Message fragment too long", "openvpn.fragment.too_long_fragment",
540 FT_BOOLEAN, BASE_NONE,
541 NULL, 0x00,
542 NULL, HFILL }
543 },
544 { &hf_openvpn_fragment_error,
545 { "Message defragmentation error", "openvpn.fragment.error",
546 FT_FRAMENUM, BASE_NONE,
547 NULL, 0x00,
548 NULL, HFILL }
549 },
550 { &hf_openvpn_fragment_count,
551 { "Message fragment count", "openvpn.fragment.count",
552 FT_UINT32, BASE_DEC,
553 NULL, 0x00,
554 NULL, HFILL }
555 },
556 { &hf_openvpn_reassembled_in,
557 { "Reassembled message in frame", "openvpn.reassembled.in",
558 FT_FRAMENUM, BASE_NONE,
559 NULL, 0x00,
560 NULL, HFILL }
561 },
562 { &hf_openvpn_reassembled_length,
563 {"Reassembled message length", "openvpn.reassembled.length",
564 FT_UINT32, BASE_DEC,
565 NULL, 0x00,
566 NULL, HFILL }
567 }
568 };
569
570 /* Setup protocol subtree array */
571 static int *ett[] = {
572 &ett_openvpn,
573 &ett_openvpn_type,
574 &ett_openvpn_data,
575 &ett_openvpn_wkc,
576 &ett_openvpn_packetarray,
577 &ett_openvpn_fragment,
578 &ett_openvpn_fragments
579 };
580 module_t *openvpn_module;
581
582 proto_openvpn = proto_register_protocol (
583 PNAME, /* name */
584 PSNAME, /* short name */
585 PFNAME /* abbrev */
586 );
587
588 proto_register_field_array(proto_openvpn, hf, array_length(hf));
589 proto_register_subtree_array(ett, array_length(ett));
590
591 openvpn_udp_handle = register_dissector("openvpn.udp", dissect_openvpn_udp, proto_openvpn);
592 openvpn_tcp_handle = register_dissector("openvpn.tcp", dissect_openvpn_tcp, proto_openvpn);
593
594 reassembly_table_register(&msg_reassembly_table,
595 &addresses_reassembly_table_functions);
596
597 openvpn_module = prefs_register_protocol(proto_openvpn, NULL);
598
599 prefs_register_bool_preference(openvpn_module,
600 "tls_auth_detection_override",
601 "override tls-auth detection",
602 "If tls-auth detection fails, you can choose to override detection and set tls-auth yourself",
603 &pref_tls_auth_override);
604
605 prefs_register_bool_preference(openvpn_module,
606 "tls_crypt",
607 "assume tls-crypt",
608 "Assume the connection uses tls-crypt",
609 &pref_tls_crypt_override);
610 prefs_register_bool_preference(openvpn_module,
611 "tls_auth",
612 "--tls-auth used?",
613 "If the parameter --tls-auth is used, the following preferences must also be defined.",
614 &pref_tls_auth);
615 prefs_register_uint_preference(openvpn_module,
616 "tls_auth_hmac_size",
617 "size of the HMAC header in bytes",
618 "If the parameter --tls-auth is used, a HMAC header is being inserted.\n"
619 "The default HMAC algorithm is SHA-1 which generates a 160 bit HMAC,"
620 " therefore 20 bytes should be ok.\n"
621 "The value must be between 20 (160 bits) and 64 (512 bits).",
622 10, &tls_auth_hmac_size);
623
624 prefs_register_bool_preference(openvpn_module,
625 "long_format",
626 "packet-id for replay protection includes optional time_t timestamp?",
627 "If the parameter --tls-auth is used, an additional packet-id for replay protection"
628 " is inserted after the HMAC signature."
629 " This field can either be 4 bytes or 8 bytes including an optional time_t timestamp long.\n"
630 " This option is only evaluated if tls_auth_hmac_size > 0.\n"
631 " The default value is true.",
632 &pref_long_format);
633 }
634
635 void
636 proto_reg_handoff_openvpn(void)
637 {
638 tls_handle = find_dissector_add_dependency("tls", proto_openvpn);
639 dissector_add_uint_with_preference("tcp.port", OPENVPN_PORT, openvpn_tcp_handle);
640 dissector_add_uint_with_preference("udp.port", OPENVPN_PORT, openvpn_udp_handle);
641 }
642
643 /*
644 * Editor modelines - https://www.wireshark.org/tools/modelines.html
645 *
646 * Local variables:
647 * c-basic-offset: 2
648 * tab-width: 8
649 * indent-tabs-mode: nil
650 * End:
651 *
652 * vi: set shiftwidth=2 tabstop=8 expandtab:
653 * :indentSize=2:tabSize=8:noTabs=true
654 */
Metzes wireshark repo