search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / epan / dissectors / packet-pktc.c
blobae86ad2b26b89ba201596d4e0178fb775a74de88
1 /* packet-pktc.c
2 * Routines for PacketCable (PKTC) Kerberized Key Management and
3 * PacketCable (PKTC) MTA FQDN packet disassembly
4 *
5 * References:
6 * [1] PacketCable 1.0 Security Specification, PKT-SP-SEC-I11-040730, July 30,
7 * 2004, Cable Television Laboratories, Inc., http://www.PacketCable.com/
8 *
9 * Ronnie Sahlberg 2004
10 * Thomas Anders 2004
11 *
12 * $Id$
13 *
14 * Wireshark - Network traffic analyzer
15 * By Gerald Combs <gerald@wireshark.org>
16 * Copyright 1998 Gerald Combs
17 *
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version 2
21 * of the License, or (at your option) any later version.
22 *
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
27 *
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 */
32
33 #include "config.h"
34
35 #include <epan/packet.h>
36 #include <epan/exceptions.h>
37 #include <epan/to_str.h>
38 #include <epan/asn1.h>
39 #include "packet-pktc.h"
40 #include "packet-kerberos.h"
41 #include "packet-snmp.h"
42
43 #define PKTC_PORT 1293
44 #define PKTC_MTAFQDN_PORT 2246
45
46 static int proto_pktc = -1;
47 static gint hf_pktc_app_spec_data = -1;
48 static gint hf_pktc_list_of_ciphersuites = -1;
49 static gint hf_pktc_list_of_ciphersuites_len = -1;
50 static gint hf_pktc_kmmid = -1;
51 static gint hf_pktc_doi = -1;
52 static gint hf_pktc_version_major = -1;
53 static gint hf_pktc_version_minor = -1;
54 static gint hf_pktc_server_nonce = -1;
55 static gint hf_pktc_server_principal = -1;
56 static gint hf_pktc_timestamp = -1;
57 static gint hf_pktc_snmpEngineID_len = -1;
58 static gint hf_pktc_snmpEngineID = -1;
59 static gint hf_pktc_snmpEngineBoots = -1;
60 static gint hf_pktc_snmpEngineTime = -1;
61 static gint hf_pktc_usmUserName_len = -1;
62 static gint hf_pktc_usmUserName = -1;
63 static gint hf_pktc_ipsec_spi = -1;
64 static gint hf_pktc_snmpAuthenticationAlgorithm = -1;
65 static gint hf_pktc_snmpEncryptionTransformID = -1;
66 static gint hf_pktc_ipsecAuthenticationAlgorithm = -1;
67 static gint hf_pktc_ipsecEncryptionTransformID = -1;
68 static gint hf_pktc_reestablish_flag = -1;
69 static gint hf_pktc_ack_required_flag = -1;
70 static gint hf_pktc_sha1_hmac = -1;
71 static gint hf_pktc_sec_param_lifetime = -1;
72 static gint hf_pktc_grace_period = -1;
73
74 static gint hf_pktc_mtafqdn_msgtype = -1;
75 static gint hf_pktc_mtafqdn_enterprise = -1;
76 static gint hf_pktc_mtafqdn_version = -1;
77 static gint hf_pktc_mtafqdn_mac = -1;
78 static gint hf_pktc_mtafqdn_pub_key_hash = -1;
79 static gint hf_pktc_mtafqdn_manu_cert_revoked = -1;
80 static gint hf_pktc_mtafqdn_fqdn = -1;
81 static gint hf_pktc_mtafqdn_ip = -1;
82
83 static gint ett_pktc = -1;
84 static gint ett_pktc_app_spec_data = -1;
85 static gint ett_pktc_list_of_ciphersuites = -1;
86 static gint ett_pktc_engineid = -1;
87
88 static gint ett_pktc_mtafqdn = -1;
89
90 #define KMMID_WAKEUP 0x01
91 #define KMMID_AP_REQUEST 0x02
92 #define KMMID_AP_REPLY 0x03
93 #define KMMID_SEC_PARAM_REC 0x04
94 #define KMMID_REKEY 0x05
95 #define KMMID_ERROR_REPLY 0x06
96 static const value_string kmmid_types[] = {
97 { KMMID_WAKEUP , "Wake Up" },
98 { KMMID_AP_REQUEST , "AP Request" },
99 { KMMID_AP_REPLY , "AP Reply" },
100 { KMMID_SEC_PARAM_REC , "Security Parameter Recovered" },
101 { KMMID_REKEY , "Rekey" },
102 { KMMID_ERROR_REPLY , "Error Reply" },
103 { 0, NULL }
104 };
105
106 #define DOI_IPSEC 1
107 #define DOI_SNMPv3 2
108 #define SNMPv3_NULL 0x20
109 #define SNMPv3_DES 0x21
110 #define SNMPv3_HMAC_MD5 0x21
111 #define SNMPv3_HMAC_SHA1 0x22
112 #define ESP_3DES 0x03
113 #define ESP_RC5 0x04
114 #define ESP_IDEA 0x05
115 #define ESP_CAST 0x06
116 #define ESP_BLOWFISH 0x07
117 #define ESP_NULL 0x0b
118 #define ESP_AES 0x0c
119 #define HMAC_MD5_96 0x01
120 #define HMAC_SHA1_96 0x02
121
122
123 /* Domain of Interpretation */
124 static const value_string doi_types[] = {
125 { DOI_IPSEC , "IPsec" },
126 { DOI_SNMPv3 , "SNMPv3" },
127 { 0, NULL }
128 };
129
130 /* SNMPv3 ciphersuites */
131 static const value_string snmp_authentication_algorithm_vals[] = {
132 { SNMPv3_HMAC_MD5 , "HMAC-MD5" },
133 { SNMPv3_HMAC_SHA1 , "HMAC-SHA1" },
134 { 0 , NULL }
135 };
136 static const value_string snmp_transform_id_vals[] = {
137 { SNMPv3_NULL , "NULL" }, /* no encryption */
138 { SNMPv3_DES , "DES" },
139 { 0 , NULL }
140 };
141
142 /* IPsec ciphersuites */
143 static const value_string ipsec_transform_id_vals[] = {
144 { ESP_3DES , "3DES" },
145 { ESP_RC5 , "RC5" },
146 { ESP_IDEA , "IDEA" },
147 { ESP_CAST , "CAST" },
148 { ESP_BLOWFISH , "BLOWFISH" },
149 { ESP_NULL , "NULL" }, /* no encryption, RFC 2410 */
150 { ESP_AES , "AES-128" },
151 { 0 , NULL }
152 };
153
154 static const value_string ipsec_authentication_algorithm_vals[] = {
155 { HMAC_MD5_96 , "HMAC-MD5-96" }, /* RFC 2403 */
156 { HMAC_SHA1_96 , "HMAC-SHA-1-96" }, /* RFC 2404 */
157 { 0 , NULL }
158 };
159
160 /* MTA FQDN Message Types */
161 #define PKTC_MTAFQDN_REQ 0x01
162 #define PKTC_MTAFQDN_REP 0x02
163 #define PKTC_MTAFQDN_ERR 0x03
164 static const value_string pktc_mtafqdn_msgtype_vals[] = {
165 { PKTC_MTAFQDN_REQ, "MTA FQDN Request" },
166 { PKTC_MTAFQDN_REP, "MTA FQDN Reply" },
167 { PKTC_MTAFQDN_ERR, "MTA FQDN Error Reply" },
168 { 0 , NULL }
169 };
170
171 static int
172 dissect_pktc_app_specific_data(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 doi, guint8 kmmid)
173 {
174 int old_offset=offset;
175 proto_tree *tree = NULL;
176 proto_tree *engineid_tree = NULL;
177 proto_item *item = NULL;
178 proto_item *engineid_item = NULL;
179 guint8 len;
180
181 if (parent_tree) {
182 item = proto_tree_add_item(parent_tree, hf_pktc_app_spec_data, tvb, offset, -1, ENC_NA);
183 tree = proto_item_add_subtree(item, ett_pktc_app_spec_data);
184 }
185
186 switch(doi){
187 case DOI_SNMPv3:
188 switch(kmmid){
189 /* we dont distinguish between manager and agent engineid.
190 feel free to add separation for this if it is imporant enough
191 for you. */
192 case KMMID_AP_REQUEST:
193 case KMMID_AP_REPLY:
194 /* snmpEngineID Length */
195 len=tvb_get_guint8(tvb, offset);
196 proto_tree_add_uint(tree, hf_pktc_snmpEngineID_len, tvb, offset, 1, len);
197 offset+=1;
198
199 /* snmpEngineID */
200 engineid_item = proto_tree_add_item(tree, hf_pktc_snmpEngineID, tvb, offset, len, ENC_NA);
201 engineid_tree = proto_item_add_subtree(engineid_item, ett_pktc_engineid);
202 dissect_snmp_engineid(engineid_tree, tvb, offset, len);
203 offset+=len;
204
205 /* boots */
206 proto_tree_add_item(tree, hf_pktc_snmpEngineBoots, tvb, offset, 4, ENC_BIG_ENDIAN);
207 offset+=4;
208
209 /* time */
210 proto_tree_add_item(tree, hf_pktc_snmpEngineTime, tvb, offset, 4, ENC_BIG_ENDIAN);
211 offset+=4;
212
213 /* usmUserName Length */
214 len=tvb_get_guint8(tvb, offset);
215 proto_tree_add_uint(tree, hf_pktc_usmUserName_len, tvb, offset, 1, len);
216 offset+=1;
217
218 /* usmUserName */
219 proto_tree_add_item(tree, hf_pktc_usmUserName, tvb, offset, len, ENC_ASCII|ENC_NA);
220 offset+=len;
221
222 break;
223 default:
224 proto_tree_add_text(tree, tvb, offset, 1, "Unknown KMMID");
225 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
226 };
227 break;
228 case DOI_IPSEC:
229 switch(kmmid){
230 /* we dont distinguish between SPIs for inbound Security Associations
231 of the client (AP-REQ) vs. server (AP-REP, REKEY). Feel free to add
232 separation for this if it is imporant enough for you. */
233 case KMMID_AP_REQUEST:
234 case KMMID_AP_REPLY:
235 case KMMID_REKEY:
236 /* Security Parameter Index (SPI) */
237 proto_tree_add_item(tree, hf_pktc_ipsec_spi, tvb, offset, 4, ENC_BIG_ENDIAN);
238 offset+=4;
239
240 break;
241 default:
242 proto_tree_add_text(tree, tvb, offset, 1, "Unknown KMMID");
243 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
244 };
245 break;
246 default:
247 proto_tree_add_text(tree, tvb, offset, 1, "Unknown DOI");
248 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
249 }
250
251 proto_item_set_len(item, offset-old_offset);
252 return offset;
253 }
254
255 static int
256 dissect_pktc_list_of_ciphersuites(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 doi)
257 {
258 int old_offset=offset;
259 proto_tree *tree = NULL;
260 proto_item *item = NULL, *hidden_item;
261 guint8 len, i;
262
263 if (parent_tree) {
264 item = proto_tree_add_item(parent_tree, hf_pktc_list_of_ciphersuites, tvb, offset, -1, ENC_NA);
265 tree = proto_item_add_subtree(item, ett_pktc_list_of_ciphersuites);
266 }
267
268
269 /* number of ciphersuites */
270 len=tvb_get_guint8(tvb, offset);
271 if (len>0) {
272 proto_item_append_text(tree, " (%d):", len);
273 }
274 hidden_item = proto_tree_add_uint(tree, hf_pktc_list_of_ciphersuites_len, tvb, offset, 1, len);
275 PROTO_ITEM_SET_HIDDEN(hidden_item);
276 offset+=1;
277
278 switch(doi){
279 case DOI_SNMPv3:
280 for(i=0;i<len;i++){
281 /* SNMPv3 authentication algorithm */
282 proto_tree_add_item(tree, hf_pktc_snmpAuthenticationAlgorithm, tvb, offset, 1, ENC_BIG_ENDIAN);
283 proto_item_append_text(tree, " %s", val_to_str(tvb_get_guint8(tvb, offset), snmp_authentication_algorithm_vals, "%0x"));
284 offset+=1;
285
286 /* SNMPv3 encryption transform id */
287 proto_tree_add_item(tree, hf_pktc_snmpEncryptionTransformID, tvb, offset, 1, ENC_BIG_ENDIAN);
288 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_guint8(tvb, offset), snmp_transform_id_vals, "%0x"));
289 offset+=1;
290 }
291 break;
292 case DOI_IPSEC:
293 for(i=0;i<len;i++){
294 /* IPsec authentication algorithm */
295 proto_tree_add_item(tree, hf_pktc_ipsecAuthenticationAlgorithm, tvb, offset, 1, ENC_BIG_ENDIAN);
296 proto_item_append_text(tree, " %s", val_to_str(tvb_get_guint8(tvb, offset), ipsec_authentication_algorithm_vals, "%0x"));
297 offset+=1;
298
299 /* IPsec encryption transform id */
300 proto_tree_add_item(tree, hf_pktc_ipsecEncryptionTransformID, tvb, offset, 1, ENC_BIG_ENDIAN);
301 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_guint8(tvb, offset), ipsec_transform_id_vals, "%0x"));
302 offset+=1;
303 }
304 break;
305 default:
306 proto_tree_add_text(tree, tvb, offset, 1, "Unknown DOI");
307 tvb_get_guint8(tvb, 9999); /* bail out and inform user we cant dissect the packet */
308 }
309
310 proto_item_set_len(item, offset-old_offset);
311 return offset;
312 }
313
314 static int
315 dissect_pktc_wakeup(proto_tree *tree, tvbuff_t *tvb, int offset)
316 {
317 guint32 snonce;
318 guint string_len;
319
320 /* Server Nonce */
321 snonce=tvb_get_ntohl(tvb, offset);
322 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
323 offset+=4;
324
325 /* Server Kerberos Principal Identifier */
326 string_len=tvb_strsize(tvb, offset);
327 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, ENC_ASCII|ENC_NA);
328 offset+=string_len;
329
330 return offset;
331 }
332
333 static int
334 dissect_pktc_ap_request(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
335 {
336 tvbuff_t *pktc_tvb;
337 guint32 snonce;
338
339 /* AP Request kerberos blob */
340 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
341 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
342
343 /* Server Nonce */
344 snonce=tvb_get_ntohl(tvb, offset);
345 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
346 offset+=4;
347
348 /* app specific data */
349 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REQUEST);
350
351 /* list of ciphersuites */
352 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
353
354 /* re-establish flag */
355 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
356 offset+=1;
357
358 /* sha-1 hmac */
359 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
360 offset+=20;
361
362 return offset;
363 }
364
365 static int
366 dissect_pktc_ap_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
367 {
368 tvbuff_t *pktc_tvb;
369
370 /* AP Reply kerberos blob */
371 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
372 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
373
374 /* app specific data */
375 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REPLY);
376
377 /* selected ciphersuite */
378 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
379
380 /* sec param lifetime */
381 proto_tree_add_uint_format(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4,
382 tvb_get_ntohl(tvb, offset), "%s: %s",
383 proto_registrar_get_name(hf_pktc_sec_param_lifetime),
384 time_secs_to_str(tvb_get_ntohl(tvb, offset)));
385 offset+=4;
386
387 /* grace period */
388 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, ENC_BIG_ENDIAN);
389 offset+=4;
390
391 /* re-establish flag */
392 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
393 offset+=1;
394
395 /* ack required flag */
396 proto_tree_add_item(tree, hf_pktc_ack_required_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
397 offset+=1;
398
399 /* sha-1 hmac */
400 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
401 offset+=20;
402
403 return offset;
404 }
405
406 static int
407 dissect_pktc_sec_param_rec(proto_tree *tree, tvbuff_t *tvb, int offset)
408 {
409 /* sha-1 hmac of the subkey of the preceding AP-REP */
410 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
411 offset+=20;
412
413 return offset;
414 }
415
416 static int
417 dissect_pktc_rekey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 doi)
418 {
419 guint32 snonce;
420 guint string_len;
421 const guint8 *timestr;
422
423 /* Server Nonce */
424 snonce=tvb_get_ntohl(tvb, offset);
425 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
426 offset+=4;
427
428 /* Server Kerberos Principal Identifier */
429 string_len=tvb_strsize(tvb, offset);
430 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, ENC_ASCII|ENC_NA);
431 offset+=string_len;
432
433 /* Timestamp: YYMMDDhhmmssZ */
434 /* They really came up with a two-digit year in late 1990s! =8o */
435 timestr=tvb_get_ptr(tvb, offset, 13);
436 proto_tree_add_string_format_value(tree, hf_pktc_timestamp, tvb, offset, 13, timestr,
437 "%.2s-%.2s-%.2s %.2s:%.2s:%.2s",
438 timestr, timestr+2, timestr+4, timestr+6, timestr+8, timestr+10);
439 offset+=13;
440
441 /* app specific data */
442 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_REKEY);
443
444 /* list of ciphersuites */
445 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
446
447 /* sec param lifetime */
448 proto_tree_add_item(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
449 offset+=4;
450
451 /* grace period */
452 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, ENC_BIG_ENDIAN);
453 offset+=4;
454
455 /* re-establish flag */
456 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
457 offset+=1;
458
459 /* sha-1 hmac */
460 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
461 offset+=20;
462
463 return offset;
464 }
465
466 static int
467 dissect_pktc_error_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
468 {
469 tvbuff_t *pktc_tvb;
470
471 /* KRB_ERROR */
472 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
473 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, FALSE, NULL);
474
475 return offset;
476 }
477
478 static int
479 dissect_pktc_mtafqdn_krbsafeuserdata(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
480 {
481 int offset=0, string_len=0;
482 guint8 msgtype;
483 guint32 bignum;
484 nstime_t ts;
485
486 /* message type */
487 msgtype = tvb_get_guint8(tvb, offset);
488 proto_tree_add_uint(tree, hf_pktc_mtafqdn_msgtype, tvb, offset, 1, msgtype);
489 offset+=1;
490
491 col_add_str(pinfo->cinfo, COL_INFO,
492 val_to_str(msgtype, pktc_mtafqdn_msgtype_vals, "MsgType %u"));
493
494 /* enterprise */
495 proto_tree_add_uint(tree, hf_pktc_mtafqdn_enterprise, tvb, offset, 4, tvb_get_ntohl(tvb, offset));
496 offset+=4;
497
498 /* protocol version */
499 proto_tree_add_uint(tree, hf_pktc_mtafqdn_version, tvb, offset, 1, tvb_get_guint8(tvb, offset));
500 offset+=1;
501
502 switch(msgtype) {
503 case PKTC_MTAFQDN_REQ:
504 /* MTA MAC address */
505 proto_tree_add_item(tree, hf_pktc_mtafqdn_mac, tvb, offset, 6, ENC_NA);
506 offset+=6;
507
508 /* MTA pub key hash */
509 proto_tree_add_item(tree, hf_pktc_mtafqdn_pub_key_hash, tvb, offset, 20, ENC_NA);
510 offset+=20;
511
512 /* manufacturer cert revocation time */
513 bignum = tvb_get_ntohl(tvb, offset);
514 ts.secs = bignum;
515 if (bignum==0) {
516 proto_tree_add_time_format_value(tree, hf_pktc_mtafqdn_manu_cert_revoked, tvb, offset, 4,
517 &ts, "not revoked");
518 } else {
519 proto_tree_add_time(tree, hf_pktc_mtafqdn_manu_cert_revoked, tvb, offset, 4, &ts);
520 }
521 break;
522
523 case PKTC_MTAFQDN_REP:
524 /* MTA FQDN */
525 string_len = tvb_length_remaining(tvb, offset) - 4;
526 if (string_len <= 0)
527 THROW(ReportedBoundsError);
528 proto_tree_add_item(tree, hf_pktc_mtafqdn_fqdn, tvb, offset, string_len, ENC_ASCII|ENC_NA);
529 offset+=string_len;
530
531 /* MTA IP address */
532 tvb_memcpy(tvb, (guint8 *)&bignum, offset, sizeof(bignum));
533 proto_tree_add_ipv4(tree, hf_pktc_mtafqdn_ip, tvb, offset, 4, bignum);
534
535 break;
536 }
537
538 return offset;
539 }
540
541 static kerberos_callbacks cb[] = {
542 { KRB_CBTAG_SAFE_USER_DATA, dissect_pktc_mtafqdn_krbsafeuserdata },
543 { 0, NULL }
544 };
545
546 static void
547 dissect_pktc_mtafqdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
548 {
549 int offset=0;
550 proto_tree *pktc_mtafqdn_tree = NULL;
551 proto_item *item = NULL;
552 tvbuff_t *pktc_mtafqdn_tvb;
553
554 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
555
556 if (tree) {
557 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 0, ENC_NA);
558 pktc_mtafqdn_tree = proto_item_add_subtree(item, ett_pktc_mtafqdn);
559 }
560
561 col_add_fstr(pinfo->cinfo, COL_INFO, "MTA FQDN %s",
562 pinfo->srcport == pinfo->match_uint ? "Reply":"Request");
563
564 /* KRB_AP_RE[QP] */
565 pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
566 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, NULL);
567
568 /* KRB_SAFE */
569 pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
570 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, cb);
571
572 proto_item_set_len(item, offset);
573 }
574
575
576 static void
577 dissect_pktc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
578 {
579 guint8 kmmid, doi, version;
580 int offset=0;
581 proto_tree *pktc_tree = NULL;
582 proto_item *item = NULL, *hidden_item;
583
584 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
585
586 if (tree) {
587 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 3, ENC_NA);
588 pktc_tree = proto_item_add_subtree(item, ett_pktc);
589 }
590
591 /* key management message id */
592 kmmid=tvb_get_guint8(tvb, offset);
593 proto_tree_add_uint(pktc_tree, hf_pktc_kmmid, tvb, offset, 1, kmmid);
594 offset+=1;
595
596 /* domain of interpretation */
597 doi=tvb_get_guint8(tvb, offset);
598 proto_tree_add_uint(pktc_tree, hf_pktc_doi, tvb, offset, 1, doi);
599 offset+=1;
600
601 /* version */
602 version=tvb_get_guint8(tvb, offset);
603 proto_tree_add_text(pktc_tree, tvb, offset, 1, "Version: %d.%d", (version>>4)&0x0f, (version)&0x0f);
604 hidden_item = proto_tree_add_uint(pktc_tree, hf_pktc_version_major, tvb, offset, 1, (version>>4)&0x0f);
605 PROTO_ITEM_SET_HIDDEN(hidden_item);
606 hidden_item = proto_tree_add_uint(pktc_tree, hf_pktc_version_minor, tvb, offset, 1, (version)&0x0f);
607 PROTO_ITEM_SET_HIDDEN(hidden_item);
608 offset+=1;
609
610 /* fill COL_INFO */
611 col_add_str(pinfo->cinfo, COL_INFO,
612 val_to_str(kmmid, kmmid_types, "Unknown KMMID %#x"));
613 col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
614 val_to_str(doi, doi_types, "Unknown DOI %#x"));
615
616 switch(kmmid){
617 case KMMID_WAKEUP:
618 offset=dissect_pktc_wakeup(pktc_tree, tvb, offset);
619 break;
620 case KMMID_AP_REQUEST:
621 offset=dissect_pktc_ap_request(pinfo, pktc_tree, tvb, offset, doi);
622 break;
623 case KMMID_AP_REPLY:
624 offset=dissect_pktc_ap_reply(pinfo, pktc_tree, tvb, offset, doi);
625 break;
626 case KMMID_SEC_PARAM_REC:
627 offset=dissect_pktc_sec_param_rec(pktc_tree, tvb, offset);
628 break;
629 case KMMID_REKEY:
630 offset=dissect_pktc_rekey(pinfo, pktc_tree, tvb, offset, doi);
631 break;
632 case KMMID_ERROR_REPLY:
633 offset=dissect_pktc_error_reply(pinfo, pktc_tree, tvb, offset);
634 break;
635 };
636
637 proto_item_set_len(item, offset);
638 }
639
640 void
641 proto_register_pktc(void)
642 {
643 static hf_register_info hf[] = {
644 { &hf_pktc_kmmid, {
645 "Key Management Message ID", "pktc.kmmid", FT_UINT8, BASE_HEX,
646 VALS(kmmid_types), 0, NULL, HFILL }},
647 { &hf_pktc_doi, {
648 "Domain of Interpretation", "pktc.doi", FT_UINT8, BASE_DEC,
649 VALS(doi_types), 0, NULL, HFILL }},
650 { &hf_pktc_version_major, {
651 "Major version", "pktc.version.major", FT_UINT8, BASE_DEC,
652 NULL, 0, "Major version of PKTC", HFILL }},
653 { &hf_pktc_version_minor, {
654 "Minor version", "pktc.version.minor", FT_UINT8, BASE_DEC,
655 NULL, 0, "Minor version of PKTC", HFILL }},
656 { &hf_pktc_server_nonce, {
657 "Server Nonce", "pktc.server_nonce", FT_UINT32, BASE_HEX,
658 NULL, 0, "Server Nonce random number", HFILL }},
659 { &hf_pktc_server_principal, {
660 "Server Kerberos Principal Identifier", "pktc.server_principal", FT_STRING, BASE_NONE,
661 NULL, 0, NULL, HFILL }},
662 { &hf_pktc_timestamp, {
663 "Timestamp", "pktc.timestamp", FT_STRING, BASE_NONE,
664 NULL, 0, "Timestamp (UTC)", HFILL }},
665 { &hf_pktc_app_spec_data, {
666 "Application Specific Data", "pktc.asd", FT_NONE, BASE_NONE,
667 NULL, 0, "KMMID/DOI application specific data", HFILL }},
668 { &hf_pktc_list_of_ciphersuites, {
669 "List of Ciphersuites", "pktc.ciphers", FT_NONE, BASE_NONE,
670 NULL, 0, NULL, HFILL }},
671 { &hf_pktc_list_of_ciphersuites_len, {
672 "Number of Ciphersuites", "pktc.ciphers.len", FT_UINT8, BASE_DEC,
673 NULL, 0, NULL, HFILL }},
674 { &hf_pktc_snmpAuthenticationAlgorithm, {
675 "SNMPv3 Authentication Algorithm", "pktc.asd.snmp_auth_alg", FT_UINT8, BASE_HEX,
676 VALS(snmp_authentication_algorithm_vals), 0, NULL, HFILL }},
677 { &hf_pktc_snmpEncryptionTransformID, {
678 "SNMPv3 Encryption Transform ID", "pktc.asd.snmp_enc_alg", FT_UINT8, BASE_HEX,
679 VALS(snmp_transform_id_vals), 0, NULL, HFILL }},
680 { &hf_pktc_ipsecAuthenticationAlgorithm, {
681 "IPsec Authentication Algorithm", "pktc.asd.ipsec_auth_alg", FT_UINT8, BASE_HEX,
682 VALS(ipsec_authentication_algorithm_vals), 0, NULL, HFILL }},
683 { &hf_pktc_ipsecEncryptionTransformID, {
684 "IPsec Encryption Transform ID", "pktc.asd.ipsec_enc_alg", FT_UINT8, BASE_HEX,
685 VALS(ipsec_transform_id_vals), 0, NULL, HFILL }},
686 { &hf_pktc_snmpEngineID_len, {
687 "SNMPv3 Engine ID Length", "pktc.asd.snmp_engine_id.len", FT_UINT8, BASE_DEC,
688 NULL, 0, "Length of SNMPv3 Engine ID", HFILL }},
689 { &hf_pktc_snmpEngineID, {
690 "SNMPv3 Engine ID", "pktc.asd.snmp_engine_id", FT_BYTES, BASE_NONE,
691 NULL, 0, NULL, HFILL }},
692 { &hf_pktc_snmpEngineBoots, {
693 "SNMPv3 Engine Boots", "pktc.asd.snmp_engine_boots", FT_UINT32, BASE_DEC,
694 NULL, 0, NULL, HFILL }},
695 { &hf_pktc_snmpEngineTime, {
696 "SNMPv3 Engine Time", "pktc.asd.snmp_engine_time", FT_UINT32, BASE_DEC,
697 NULL, 0, "SNMPv3 Engine ID Time", HFILL }},
698 { &hf_pktc_usmUserName_len, {
699 "SNMPv3 USM User Name Length", "pktc.asd.snmp_usm_username.len", FT_UINT8, BASE_DEC,
700 NULL, 0, "Length of SNMPv3 USM User Name", HFILL }},
701 { &hf_pktc_usmUserName, {
702 "SNMPv3 USM User Name", "pktc.asd.snmp_usm_username", FT_STRING, BASE_NONE,
703 NULL, 0, NULL, HFILL }},
704 { &hf_pktc_ipsec_spi, {
705 "IPsec Security Parameter Index", "pktc.asd.ipsec_spi", FT_UINT32, BASE_HEX,
706 NULL, 0, "Security Parameter Index for inbound Security Association (IPsec)", HFILL }},
707 { &hf_pktc_reestablish_flag, {
708 "Re-establish Flag", "pktc.reestablish", FT_BOOLEAN, BASE_NONE,
709 NULL, 0x0, NULL, HFILL }},
710 { &hf_pktc_ack_required_flag, {
711 "ACK Required Flag", "pktc.ack_required", FT_BOOLEAN, BASE_NONE,
712 NULL, 0x0, NULL, HFILL }},
713 { &hf_pktc_sec_param_lifetime, {
714 "Security Parameter Lifetime", "pktc.spl", FT_UINT32, BASE_DEC,
715 NULL, 0, "Lifetime in seconds of security parameter", HFILL }},
716 { &hf_pktc_sha1_hmac, {
717 "SHA-1 HMAC", "pktc.sha1_hmac", FT_BYTES, BASE_NONE,
718 NULL, 0, NULL, HFILL }},
719 { &hf_pktc_grace_period, {
720 "Grace Period", "pktc.grace_period", FT_UINT32, BASE_DEC,
721 NULL, 0, "Grace Period in seconds", HFILL }},
722 };
723 static gint *ett[] = {
724 &ett_pktc,
725 &ett_pktc_app_spec_data,
726 &ett_pktc_list_of_ciphersuites,
727 &ett_pktc_engineid,
728 };
729
730 proto_pktc = proto_register_protocol("PacketCable", "PKTC", "pktc");
731 proto_register_field_array(proto_pktc, hf, array_length(hf));
732 proto_register_subtree_array(ett, array_length(ett));
733 }
734
735 void
736 proto_reg_handoff_pktc(void)
737 {
738 dissector_handle_t pktc_handle;
739
740 pktc_handle = create_dissector_handle(dissect_pktc, proto_pktc);
741 dissector_add_uint("udp.port", PKTC_PORT, pktc_handle);
742 }
743
744
745 void
746 proto_register_pktc_mtafqdn(void)
747 {
748 static hf_register_info hf[] = {
749 { &hf_pktc_mtafqdn_msgtype, {
750 "Message Type", "pktc.mtafqdn.msgtype", FT_UINT8, BASE_DEC,
751 VALS(pktc_mtafqdn_msgtype_vals), 0, "MTA FQDN Message Type", HFILL }},
752 { &hf_pktc_mtafqdn_enterprise, {
753 "Enterprise Number", "pktc.mtafqdn.enterprise", FT_UINT32, BASE_DEC,
754 NULL, 0, NULL, HFILL }},
755 { &hf_pktc_mtafqdn_version, {
756 "Protocol Version", "pktc.mtafqdn.version", FT_UINT8, BASE_DEC,
757 NULL, 0, "MTA FQDN Protocol Version", HFILL }},
758 /* MTA FQDN REQ */
759 { &hf_pktc_mtafqdn_mac, {
760 "MTA MAC address", "pktc.mtafqdn.mac", FT_ETHER, BASE_NONE,
761 NULL, 0, NULL, HFILL }},
762 { &hf_pktc_mtafqdn_pub_key_hash, {
763 "MTA Public Key Hash", "pktc.mtafqdn.pub_key_hash", FT_BYTES, BASE_NONE,
764 NULL, 0, "MTA Public Key Hash (SHA-1)", HFILL }},
765 { &hf_pktc_mtafqdn_manu_cert_revoked, {
766 "Manufacturer Cert Revocation Time", "pktc.mtafqdn.manu_cert_revoked", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
767 NULL, 0, "Manufacturer Cert Revocation Time (UTC) or 0 if not revoked", HFILL }},
768 /* MTA FQDN REP */
769 { &hf_pktc_mtafqdn_fqdn, {
770 "MTA FQDN", "pktc.mtafqdn.fqdn", FT_STRING, BASE_NONE,
771 NULL, 0, NULL, HFILL }},
772 { &hf_pktc_mtafqdn_ip, {
773 "MTA IP Address", "pktc.mtafqdn.ip", FT_IPv4, BASE_NONE,
774 NULL, 0, "MTA IP Address (all zeros if not supplied)", HFILL }},
775 };
776 static gint *ett[] = {
777 &ett_pktc_mtafqdn,
778 };
779
780 proto_register_field_array(proto_pktc, hf, array_length(hf));
781 proto_register_subtree_array(ett, array_length(ett));
782 }
783
784 void
785 proto_reg_handoff_pktc_mtafqdn(void)
786 {
787 dissector_handle_t pktc_mtafqdn_handle;
788
789 pktc_mtafqdn_handle = create_dissector_handle(dissect_pktc_mtafqdn, proto_pktc);
790 dissector_add_uint("udp.port", PKTC_MTAFQDN_PORT, pktc_mtafqdn_handle);
791 }