search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-openvpn.c
blobe5d80c990f607f72e5553c581ba3e6c4e8b334b2
1 /* packet-openvpn.c
2 * routines for openvpn packet dissasembly
3 * - http://www.openvpn.net
4 * - http://fengnet.com/book/vpns%20illustrated%20tunnels%20%20vpnsand%20ipsec/ch08lev1sec5.html
5 *
6 * Created as part of a semester project at the University of Applied Sciences Hagenberg
7 * (http://www.fh-ooe.at/en/hagenberg-campus/)
8 *
9 * Copyright (c) 2013:
10 * Hofer Manuel (manuel@mnlhfr.at)
11 * Nemeth Franz
12 * Scheipner Alexander
13 * Stiftinger Thomas
14 * Werner Sebastian
15 *
16 * $Id$
17 *
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version 2
21 * of the License, or (at your option) any later version.
22 *
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
27 *
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 */
32
33 #include "config.h"
34
35 #include <epan/packet.h>
36 #include <epan/prefs.h>
37 #include <epan/reassemble.h>
38 #include <epan/wmem/wmem.h>
39 #include <epan/dissectors/packet-tcp.h>
40 #include <epan/ipproto.h>
41
42 #define PFNAME "openvpn"
43 #define PNAME "OpenVPN Protocol"
44 #define PSNAME "OpenVPN"
45
46 #define OPENVPN_PORT 1194
47
48 /* packet opcode and key-id are combined in one byte */
49 #define P_OPCODE_MASK 0xF8 /* packet opcode (high 5 bits) */
50 #define P_KEY_ID_MASK 0x07 /* key-id (low 3 bits) */
51 #define HMAC_KEY_LENGTH_MAX 64 /* 512 Bit HMAC is maximum */
52
53 /* Opcodes */
54 #define P_CONTROL_HARD_RESET_CLIENT_V1 1
55 #define P_CONTROL_HARD_RESET_SERVER_V1 2
56 #define P_CONTROL_SOFT_RESET_V1 3
57 #define P_CONTROL_V1 4
58 #define P_ACK_V1 5
59 #define P_DATA_V1 6
60 #define P_CONTROL_HARD_RESET_CLIENT_V2 7
61 #define P_CONTROL_HARD_RESET_SERVER_V2 8
62
63 static gint ett_openvpn = -1;
64 static gint ett_openvpn_data = -1;
65 static gint ett_openvpn_packetarray = -1;
66 static gint ett_openvpn_type = -1;
67 static gint hf_openvpn_data = -1;
68 static gint hf_openvpn_fragment_bytes = -1;
69 static gint hf_openvpn_hmac = -1;
70 static gint hf_openvpn_keyid = -1;
71 static gint hf_openvpn_mpid = -1;
72 static gint hf_openvpn_mpid_arrayelement = -1;
73 static gint hf_openvpn_mpid_arraylength = -1;
74 static gint hf_openvpn_net_time = -1;
75 static gint hf_openvpn_opcode = -1;
76 static gint hf_openvpn_pdu_type = -1;
77 static gint hf_openvpn_pid = -1;
78 static gint hf_openvpn_plen = -1;
79 static gint hf_openvpn_rsessionid = -1;
80 static gint hf_openvpn_sessionid = -1;
81 static gint proto_openvpn = -1;
82
83 static dissector_handle_t openvpn_udp_handle;
84 static dissector_handle_t openvpn_tcp_handle;
85
86 static dissector_handle_t ssl_handle;
87
88 /* Preferences */
89 static gboolean pref_long_format = TRUE;
90 static gboolean pref_tls_auth = FALSE;
91 static gboolean pref_tls_auth_override = FALSE;
92 static guint pref_tcp_port = OPENVPN_PORT;
93 static guint pref_udp_port = OPENVPN_PORT;
94 static guint tls_auth_hmac_size = 20; /* Default SHA-1 160 Bits */
95
96 void proto_reg_handoff_openvpn(void); /* forward declaration for use in preferences registration */
97
98 static const value_string openvpn_message_types[] =
99 {
100 { P_CONTROL_HARD_RESET_CLIENT_V1, "P_CONTROL_HARD_RESET_CLIENT_V1" },
101 { P_CONTROL_HARD_RESET_SERVER_V1, "P_CONTROL_HARD_RESET_SERVER_V1" },
102 { P_CONTROL_SOFT_RESET_V1, "P_CONTROL_SOFT_RESET_V1" },
103 { P_CONTROL_V1, "P_CONTROL_V1" },
104 { P_ACK_V1, "P_ACK_V1" },
105 { P_DATA_V1, "P_DATA_V1" },
106 { P_CONTROL_HARD_RESET_CLIENT_V2, "P_CONTROL_HARD_RESET_CLIENT_V2" },
107 { P_CONTROL_HARD_RESET_SERVER_V2, "P_CONTROL_HARD_RESET_SERVER_V2" },
108 { 0, NULL }
109 };
110
111 /* everything used during the reassembly process */
112 static reassembly_table msg_reassembly_table;
113
114 static gint ett_openvpn_fragment = -1;
115 static gint ett_openvpn_fragments = -1;
116 static gint hf_openvpn_fragment = -1;
117 static gint hf_openvpn_fragment_count = -1;
118 static gint hf_openvpn_fragment_error = -1;
119 static gint hf_openvpn_fragment_multiple_tails = -1;
120 static gint hf_openvpn_fragment_overlap = -1;
121 static gint hf_openvpn_fragment_overlap_conflicts = -1;
122 static gint hf_openvpn_fragment_too_long_fragment = -1;
123 static gint hf_openvpn_fragments = -1;
124 static gint hf_openvpn_reassembled_in = -1;
125 static gint hf_openvpn_reassembled_length = -1;
126
127 static const fragment_items openvpn_frag_items = {
128 /* Fragment subtrees */
129 &ett_openvpn_fragment,
130 &ett_openvpn_fragments,
131 /* Fragment fields */
132 &hf_openvpn_fragments,
133 &hf_openvpn_fragment,
134 &hf_openvpn_fragment_overlap,
135 &hf_openvpn_fragment_overlap_conflicts,
136 &hf_openvpn_fragment_multiple_tails,
137 &hf_openvpn_fragment_too_long_fragment,
138 &hf_openvpn_fragment_error,
139 &hf_openvpn_fragment_count,
140 /* Reassembled in field */
141 &hf_openvpn_reassembled_in,
142 /* Reassembled length field */
143 &hf_openvpn_reassembled_length,
144 /* Reassembled data field */
145 NULL,
146 /* Tag */
147 "Message fragments"
148 };
149
150 static void
151 openvpn_reassemble_init(void)
152 {
153 reassembly_table_init(&msg_reassembly_table,
154 &addresses_reassembly_table_functions);
155 }
156
157 /* we check the leading 4 byte of a suspected hmac for 0x00 bytes,
158 if more than 1 byte out of the 4 provided contains 0x00, the
159 hmac is considered not valid, which suggests that no tls auth is used.
160 unfortunatly there is no other way to detect tls auth on the fly */
161 static gboolean
162 check_for_valid_hmac(guint32 hmac)
163 {
164 gint c = 0;
165 if ((hmac & 0x000000FF) == 0x00000000) {
166 c++;
167 }
168 if ((hmac & 0x0000FF00) == 0x00000000) {
169 c++;
170 }
171 if ((hmac & 0x00FF0000) == 0x00000000) {
172 c++;
173 }
174 if ((hmac & 0xFF000000) == 0x00000000) {
175 c++;
176 }
177 if (c > 1) {
178 return FALSE;
179 } else {
180 return TRUE;
181 }
182 }
183
184 static int
185 dissect_openvpn_msg_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *openvpn_tree, proto_tree *parent_tree, gint offset)
186 {
187 gboolean tls_auth;
188 guint openvpn_keyid;
189 guint openvpn_opcode;
190 guint32 msg_mpid = -1;
191 guint32 msg_sessionid = -1;
192 guint8 openvpn_predict_tlsauth_arraylength;
193 proto_item *ti2, *ti3;
194 proto_tree *packetarray_tree, *type_tree;
195 guint32 msg_length_remaining;
196 gboolean msg_lastframe;
197 fragment_head *frag_msg;
198 tvbuff_t *new_tvb;
199 gboolean save_fragmented;
200
201 /* Clear out stuff in the info column */
202 col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
203 col_clear(pinfo->cinfo,COL_INFO);
204
205 /* read opcode and write to info column */
206 openvpn_opcode = tvb_get_bits8(tvb, offset*8, 5);
207 col_append_fstr(pinfo->cinfo, COL_INFO, "MessageType: %s",
208 val_to_str_const(openvpn_opcode, openvpn_message_types, "Unknown Messagetype"));
209
210
211 openvpn_keyid = tvb_get_bits8(tvb, offset*8 + 5, 3);
212 proto_item_append_text(parent_tree, ", Opcode: %s, Key ID: %d",
213 val_to_str(openvpn_opcode, openvpn_message_types, "Unknown (0x%02x)"),
214 openvpn_keyid);
215
216 ti2 = proto_tree_add_item(openvpn_tree, hf_openvpn_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN);
217 proto_item_append_text(ti2, " [opcode/key_id]");
218
219 type_tree = proto_item_add_subtree(ti2, ett_openvpn_type);
220 proto_tree_add_item(type_tree, hf_openvpn_opcode, tvb, offset, 1, ENC_BIG_ENDIAN);
221 proto_tree_add_item(type_tree, hf_openvpn_keyid, tvb, offset, 1, ENC_BIG_ENDIAN);
222 offset += 1;
223
224 /* if we have a P_CONTROL or P_ACK packet */
225 if (openvpn_opcode != P_DATA_V1) {
226 /* read sessionid */
227 msg_sessionid = tvb_get_bits32(tvb, offset*8+32, 32, ENC_BIG_ENDIAN);
228 proto_tree_add_item(openvpn_tree, hf_openvpn_sessionid, tvb, offset, 8, ENC_BIG_ENDIAN);
229 offset += 8;
230
231 /* tls-auth detection (this can be overridden by preferences */
232 openvpn_predict_tlsauth_arraylength = tvb_get_guint8(tvb, offset);
233 /* if the first 4 bytes that would, if tls-auth is used, contain part of the hmac,
234 lack entropy, we asume no tls-auth is used */
235 if (pref_tls_auth_override == FALSE) {
236 if ((openvpn_opcode != P_DATA_V1)
237 && (openvpn_predict_tlsauth_arraylength > 0)
238 && check_for_valid_hmac(tvb_get_ntohl(tvb, offset))) {
239 tls_auth = TRUE;
240 } else {
241 tls_auth = FALSE;
242 }
243 } else {
244 tls_auth = pref_tls_auth;
245 }
246
247 if (tls_auth == TRUE) {
248 proto_tree_add_item(openvpn_tree, hf_openvpn_hmac, tvb, offset, tls_auth_hmac_size, ENC_NA);
249 offset += tls_auth_hmac_size;
250
251 if (tvb_length_remaining(tvb, offset) >= 8) {
252 proto_tree_add_item(openvpn_tree, hf_openvpn_pid, tvb, offset, 4, ENC_BIG_ENDIAN);
253 offset += 4;
254
255 if (pref_long_format) {
256 proto_tree_add_item(openvpn_tree, hf_openvpn_net_time, tvb, offset, 4, ENC_BIG_ENDIAN);
257 offset += 4;
258 }
259 }
260 }
261
262 if (tvb_length_remaining(tvb, offset) >= 1) {
263 /* read P_ACK packet-id array length */
264 gint pid_arraylength = tvb_get_guint8(tvb, offset);
265 gint i;
266 proto_tree_add_item(openvpn_tree, hf_openvpn_mpid_arraylength, tvb, offset, 1, ENC_BIG_ENDIAN);
267 offset += 1;
268
269 if (pid_arraylength > 0) {
270
271 ti3 = proto_tree_add_text(openvpn_tree, tvb, offset, 0, "Packet-ID Array");
272 packetarray_tree = proto_item_add_subtree(ti3, ett_openvpn_packetarray);
273 for (i = 0; i < pid_arraylength; i++) {
274 proto_tree_add_item(packetarray_tree, hf_openvpn_mpid_arrayelement, tvb, offset, 4, ENC_BIG_ENDIAN);
275 offset += 4;
276 }
277
278 if (tvb_length_remaining(tvb, offset) >= 8) {
279 proto_tree_add_item(openvpn_tree, hf_openvpn_rsessionid, tvb, offset, 8, ENC_BIG_ENDIAN);
280 offset += 8;
281 }
282 }
283 }
284
285 /* if we have a P_CONTROL packet */
286 if (openvpn_opcode != P_ACK_V1) {
287 /* read Message Packet-ID */
288 if (tvb_length_remaining(tvb, offset) >= 4) {
289 msg_mpid = tvb_get_bits32(tvb, offset*8, 32, ENC_BIG_ENDIAN);
290 proto_tree_add_item(openvpn_tree, hf_openvpn_mpid, tvb, offset, 4, ENC_BIG_ENDIAN);
291 offset += 4;
292 }
293 }
294 }
295
296 /* if we have more data left, determine what to do */
297 msg_length_remaining = tvb_length_remaining(tvb, offset);
298
299 if (msg_length_remaining == 0) {
300 return tvb_length(tvb);
301 }
302
303 if (openvpn_opcode != P_CONTROL_V1) {
304 proto_tree *data_tree;
305 ti2 = proto_tree_add_text(openvpn_tree, tvb, offset, -1, "Data (%d bytes)",
306 tvb_length_remaining(tvb, offset));
307
308 data_tree = proto_item_add_subtree(ti2, ett_openvpn_data);
309 proto_tree_add_item(data_tree, hf_openvpn_data, tvb, offset, -1, ENC_NA);
310 return tvb_length(tvb);
311 }
312
313 /* Try to reassemble */
314
315 /* an ordinary openvpn control packet contains 100 bytes only if it is part of a
316 fragmented message and is not the last fragment of the current transmission.
317 Note that the tvb contains exactly one openvpn PDU:
318 UDP: by definition;
319 TCP: because of the use of tcp_dissect_pdus().
320 */
321 if (msg_length_remaining == 100) {
322 msg_lastframe = FALSE;
323 } else {
324 msg_lastframe = TRUE;
325 }
326
327 save_fragmented = pinfo->fragmented;
328 pinfo->fragmented = TRUE;
329
330 frag_msg = fragment_add_seq_next(
331 &msg_reassembly_table,
332 tvb,
333 offset,
334 pinfo,
335 msg_sessionid, /* ID for fragments belonging together */
336 NULL,
337 msg_length_remaining, /* fragment length - to the end */
338 !(msg_lastframe)); /* More fragments ? */
339
340 /* show "data" fragment on tree unless "reassembled" message has just one part. */
341 /* i.e., show if ("not reassembled") or ("reassembled" and "has multiple fragments") */
342 if ((frag_msg == NULL) || (frag_msg->next != NULL)) {
343 proto_tree *data_tree;
344 ti2 = proto_tree_add_text(openvpn_tree, tvb, offset, -1, "Message fragment (%d bytes)",
345 tvb_length_remaining(tvb, offset));
346
347 data_tree = proto_item_add_subtree(ti2, ett_openvpn_data);
348 proto_tree_add_item(data_tree, hf_openvpn_fragment_bytes, tvb, offset, -1, ENC_NA);
349 }
350
351 new_tvb = NULL;
352 if (frag_msg) {
353 if (msg_lastframe) { /* Reassembled */
354 new_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled Message",
355 frag_msg, &openvpn_frag_items, NULL, openvpn_tree);
356 if (frag_msg->next != NULL) { /* multiple frags ? */
357 col_append_str(pinfo->cinfo, COL_INFO, " (Message Reassembled "); /* overwritten by next dissector */
358 }
359
360 } else { /* Not last packet of reassembled Short Message */
361 col_append_fstr(pinfo->cinfo, COL_INFO, " (Message fragment %d) ", msg_mpid);
362 if (pinfo->fd->num != frag_msg->reassembled_in) {
363 /* Add a "Reassembled in" link if not reassembled in this frame */
364 proto_tree_add_uint(openvpn_tree, hf_openvpn_reassembled_in,
365 tvb, 0, 0, frag_msg->reassembled_in);
366 }
367 }
368 } /* if (frag_msg) */
369
370 pinfo->fragmented = save_fragmented;
371
372 /* Now see if we need to call subdissector.
373 new_tvb is non-null if we "reassembled* a message (even just one fragment) */
374
375 if (new_tvb) {
376 /* call SSL/TLS dissector if we just processed the last fragment */
377 call_dissector(ssl_handle, new_tvb, pinfo, parent_tree);
378 }
379
380 return tvb_length(tvb);
381 }
382
383 static guint
384 get_msg_length(packet_info *pinfo _U_, tvbuff_t *tvb, gint offset)
385 {
386 return (guint)tvb_get_ntohs(tvb, offset) + 2; /* length field is at offset 0,
387 +2 to account for the length field itself */
388 }
389
390 static int
391 dissect_openvpn_msg_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
392 {
393 proto_item *ti;
394 proto_tree *openvpn_tree;
395
396 ti = proto_tree_add_item(tree, proto_openvpn, tvb, 0, -1, ENC_NA);
397 openvpn_tree = proto_item_add_subtree(ti, ett_openvpn);
398
399 proto_tree_add_item(openvpn_tree, hf_openvpn_plen, tvb, 0, 2, ENC_BIG_ENDIAN);
400
401 return dissect_openvpn_msg_common(tvb, pinfo, openvpn_tree, tree, 2);
402 }
403
404 static int
405 dissect_openvpn_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
406 {
407 tcp_dissect_pdus( tvb, pinfo, tree,
408 TRUE, /* should data be reassembled? */
409 2, /* how much bytes do we need for get_msg_length to be successful,
410 since the length is the first thing in an openvpn packet we choose 2 */
411 get_msg_length, /* fptr for function to get the packetlength of current frame */
412 dissect_openvpn_msg_tcp, data);
413 return tvb_length(tvb);
414 }
415
416 static int
417 dissect_openvpn_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
418 {
419 proto_item *ti;
420 proto_tree *openvpn_tree;
421
422 ti = proto_tree_add_item(tree, proto_openvpn, tvb, 0, -1, ENC_NA);
423 openvpn_tree = proto_item_add_subtree(ti, ett_openvpn);
424
425 return dissect_openvpn_msg_common(tvb, pinfo, openvpn_tree, tree, 0);
426 }
427
428 void
429 proto_register_openvpn(void)
430 {
431 static hf_register_info hf[] = {
432 { &hf_openvpn_plen,
433 { "Packet Length", "openvpn.plen",
434 FT_UINT16, BASE_DEC,
435 NULL, 0x0,
436 NULL, HFILL }
437 },
438 { &hf_openvpn_pdu_type,
439 { "Type", "openvpn.type",
440 FT_UINT8, BASE_HEX,
441 NULL, 0x0,
442 NULL, HFILL }
443 },
444 { &hf_openvpn_opcode,
445 { "Opcode", "openvpn.opcode",
446 FT_UINT8, BASE_HEX,
447 VALS(openvpn_message_types), P_OPCODE_MASK,
448 NULL, HFILL }
449 },
450 { &hf_openvpn_keyid,
451 { "Key ID", "openvpn.keyid",
452 FT_UINT8, BASE_DEC,
453 NULL, P_KEY_ID_MASK,
454 NULL, HFILL }
455 },
456 { &hf_openvpn_sessionid,
457 { "Session ID", "openvpn.sessionid",
458 FT_UINT64, BASE_DEC,
459 NULL, 0x0,
460 NULL, HFILL }
461 },
462 { &hf_openvpn_hmac,
463 { "HMAC", "openvpn.hmac",
464 FT_BYTES, BASE_NONE,
465 NULL, 0x0,
466 NULL, HFILL }
467 },
468 { &hf_openvpn_pid,
469 { "Packet-ID", "openvpn.pid",
470 FT_UINT32, BASE_DEC,
471 NULL, 0x0,
472 NULL, HFILL }
473 },
474 { &hf_openvpn_net_time,
475 { "Net Time", "openvpn.net_time",
476 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
477 NULL, 0x0,
478 NULL, HFILL }
479 },
480 { &hf_openvpn_rsessionid,
481 { "Remote Session ID", "openvpn.rsessionid",
482 FT_UINT64, BASE_DEC,
483 NULL, 0x0,
484 NULL, HFILL }
485 },
486 { &hf_openvpn_mpid,
487 { "Message Packet-ID", "openvpn.mpid",
488 FT_UINT32, BASE_DEC,
489 NULL, 0x0,
490 NULL, HFILL }
491 },
492 { &hf_openvpn_mpid_arraylength,
493 { "Message Packet-ID Array Length", "openvpn.mpidarraylength",
494 FT_UINT8, BASE_DEC,
495 NULL, 0x0,
496 NULL, HFILL }
497 },
498 { &hf_openvpn_mpid_arrayelement,
499 { "Message Packet-ID Array Element", "openvpn.mpidarrayelement",
500 FT_UINT32, BASE_DEC,
501 NULL, 0x0,
502 NULL, HFILL }
503 },
504 { &hf_openvpn_data,
505 { "Data", "openvpn.data",
506 FT_BYTES, BASE_NONE,
507 NULL, 0x0,
508 NULL, HFILL }
509 },
510 { &hf_openvpn_fragment_bytes,
511 { "Fragment bytes", "openvpn.fragment_bytes",
512 FT_BYTES, BASE_NONE,
513 NULL, 0x0,
514 NULL, HFILL }
515 },
516 { &hf_openvpn_fragments,
517 { "Message fragments", "openvpn.fragments",
518 FT_NONE, BASE_NONE,
519 NULL, 0x00,
520 NULL, HFILL }
521 },
522 { &hf_openvpn_fragment,
523 { "Message fragment", "openvpn.fragment",
524 FT_FRAMENUM, BASE_NONE,
525 NULL, 0x00,
526 NULL, HFILL }
527 },
528 { &hf_openvpn_fragment_overlap,
529 { "Message fragment overlap", "openvpn.fragment.overlap",
530 FT_BOOLEAN, 0,
531 NULL, 0x00,
532 NULL, HFILL }
533 },
534 { &hf_openvpn_fragment_overlap_conflicts,
535 { "Message fragment overlapping with conflicting data", "openvpn.fragment.overlap.conflicts",
536 FT_BOOLEAN, 0,
537 NULL, 0x00,
538 NULL, HFILL }
539 },
540 { &hf_openvpn_fragment_multiple_tails,
541 { "Message has multiple tail fragments", "openvpn.fragment.multiple_tails",
542 FT_BOOLEAN, 0,
543 NULL, 0x00,
544 NULL, HFILL }
545 },
546 { &hf_openvpn_fragment_too_long_fragment,
547 { "Message fragment too long", "openvpn.fragment.too_long_fragment",
548 FT_BOOLEAN, 0,
549 NULL, 0x00,
550 NULL, HFILL }
551 },
552 { &hf_openvpn_fragment_error,
553 { "Message defragmentation error", "openvpn.fragment.error",
554 FT_FRAMENUM, BASE_NONE,
555 NULL, 0x00,
556 NULL, HFILL }
557 },
558 { &hf_openvpn_fragment_count,
559 { "Message fragment count", "openvpn.fragment.count",
560 FT_UINT32, BASE_DEC,
561 NULL, 0x00,
562 NULL, HFILL }
563 },
564 { &hf_openvpn_reassembled_in,
565 { "Reassembled message in frame", "openvpn.reassembled.in",
566 FT_FRAMENUM, BASE_NONE,
567 NULL, 0x00,
568 NULL, HFILL }
569 },
570 { &hf_openvpn_reassembled_length,
571 {"Reassembled message length", "openvpn.reassembled.length",
572 FT_UINT32, BASE_DEC,
573 NULL, 0x00,
574 NULL, HFILL }
575 }
576 };
577
578 /* Setup protocol subtree array */
579 static gint *ett[] = {
580 &ett_openvpn,
581 &ett_openvpn_type,
582 &ett_openvpn_data,
583 &ett_openvpn_packetarray,
584 &ett_openvpn_fragment,
585 &ett_openvpn_fragments
586 };
587 module_t *openvpn_module;
588
589 proto_openvpn = proto_register_protocol (
590 PNAME, /* name */
591 PSNAME, /* short name */
592 PFNAME /* abbrev */
593 );
594
595 proto_register_field_array(proto_openvpn, hf, array_length(hf));
596 proto_register_subtree_array(ett, array_length(ett));
597
598 openvpn_udp_handle = new_register_dissector("openvpn.udp", dissect_openvpn_udp, proto_openvpn);
599 openvpn_tcp_handle = new_register_dissector("openvpn.tcp", dissect_openvpn_tcp, proto_openvpn);
600
601 register_init_routine(&openvpn_reassemble_init);
602
603 openvpn_module = prefs_register_protocol(proto_openvpn, proto_reg_handoff_openvpn);
604
605 prefs_register_uint_preference(openvpn_module,
606 "tcp.port",
607 "OpenVPN TCP Port",
608 "TCP Port of the OpenVPN tunnel",
609 10, &pref_tcp_port);
610 prefs_register_uint_preference(openvpn_module,
611 "udp.port",
612 "OpenVPN UDP Port",
613 "UDP Port of the OpenVPN tunnel",
614 10, &pref_udp_port);
615 prefs_register_bool_preference(openvpn_module,
616 "tls_auth_detection_override",
617 "override tls-auth detection",
618 "If tls-auth detection fails, you can choose to override detection and set tls-auth yourself",
619 &pref_tls_auth_override);
620 prefs_register_bool_preference(openvpn_module,
621 "tls_auth",
622 "--tls-auth used?",
623 "If the parameter --tls-auth is used, the following preferences must also be defined.",
624 &pref_tls_auth);
625 prefs_register_uint_preference(openvpn_module,
626 "tls_auth_hmac_size",
627 "size of the HMAC header in bytes",
628 "If the parameter --tls-auth is used, a HMAC header is being inserted.\n"
629 "The default HMAC algorithm is SHA-1 which generates a 160 bit HMAC,"
630 " therefore 20 bytes should be ok.\n"
631 "The value must be between 20 (160 bits) and 64 (512 bits).",
632 10, &tls_auth_hmac_size);
633
634 prefs_register_bool_preference(openvpn_module,
635 "long_format",
636 "packet-id for replay protection includes optional time_t timestamp?",
637 "If the parameter --tls-auth is used, an additional packet-id for replay protection"
638 " is inserted after the HMAC signature."
639 " This field can either be 4 bytes or 8 bytes including an optional time_t timestamp long.\n"
640 " This option is only evaluated if tls_auth_hmac_size > 0.\n"
641 " The default value is TRUE.",
642 &pref_long_format);
643 }
644
645 void
646 proto_reg_handoff_openvpn(void)
647 {
648 static guint tcp_port;
649 static guint udp_port;
650 static gboolean initialized = FALSE;
651
652 if (! initialized) {
653 ssl_handle = find_dissector("ssl");
654 initialized = TRUE;
655 } else {
656 if (tcp_port > 0)
657 dissector_delete_uint("tcp.port", tcp_port, openvpn_tcp_handle);
658 if (udp_port > 0)
659 dissector_delete_uint("udp.port", udp_port, openvpn_udp_handle);
660 }
661
662 tcp_port = pref_tcp_port;
663 udp_port = pref_udp_port;
664
665 if (tcp_port > 0)
666 dissector_add_uint("tcp.port", tcp_port, openvpn_tcp_handle);
667 if (udp_port > 0)
668 dissector_add_uint("udp.port", udp_port, openvpn_udp_handle);
669 }
670
671 /*
672 * Editor modelines - http://www.wireshark.org/tools/modelines.html
673 *
674 * Local variables:
675 * c-basic-offset: 2
676 * tab-width: 8
677 * indent-tabs-mode: nil
678 * End:
679 *
680 * vi: set shiftwidth=2 tabstop=8 expandtab:
681 * :indentSize=2:tabSize=8:noTabs=true
682 */