Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
RFC7427 describes the Digital Signature Authentication for IKEv2. This
consists of the Signature Hash Algo Notify and a new format of the
authentication data. The Notify was already present. This patch only adds
the capability to parse the new format of the authentication data.
Change-Id: Id1949397c1a2caa9898ecf44ecd580b5417d3343
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Adding some more payload types defined in RFC6407 (Group Domain
of Interpretation).
Bug: 15693
Change-Id: I0f53c1c5eb92165e456bec63f2a85ef5eee506df
Reviewed-on: https://code.wireshark.org/review/32915
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes leaks of allocations from dissect_key_exch as detected by ASAN
while running the following tests:
test_ikev1_simultaneous
test_ikev1_unencrypted
test_text2pcap_ikev1_certs_pcap
test_ikev1_certs
Change-Id: Ifc102539efadd33d1b9d9921bcdbb35dfd31927f
Fixes: acfe071eb6 ("Add decryption support.")
Reviewed-on: https://code.wireshark.org/review/31740
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't try to (re)set parameters in a struct when its pointer
points to NULL.
Bug: 15374
Change-Id: I953e82795990fde5fce2ad6d955781b372a9e405
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31189
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ife44b225337e5c583c722ac62f711ed3ec9cf808
Reviewed-on: https://code.wireshark.org/review/30535
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No functional change, just using the correct macro for value_strings.
Other fixes: Taking the address of the first element of an array gives
the same address as the array itself. An array of a structure with a
single element is the same as the single element itself (packet-sprt.c).
Change-Id: I08bc9de49fbd1659a6700ace863e5f05144c7b3e
Reviewed-on: https://code.wireshark.org/review/29752
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Have it take a format and argument list as arguments, and have the
formatting done inside the reporting code. That way, we're not relying
on any particular wmem scope working.
If WIRESHARK_ABORT_ON_DISSECTOR_BUG is set, try to add the message to
the crash information (currently only supported in macOS), and print it
to the standard error, before crashing. We won't necessarily have a
usable crash dump to analyze, so we can't rely on that to find the cause
of the crash.
Ping-Bug: 14490
Change-Id: I2b39169c45c84f2ada31efa1d413bd28c140f8f4
Reviewed-on: https://code.wireshark.org/review/26643
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it easier to identify the simpler/common conversations
Change-Id: I7094f23e49156ee27f5f72c8e130308470f3e462
Reviewed-on: https://code.wireshark.org/review/24145
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Notify payload according to RFC 5996.
Also fixed a bug where the dissection of the previously
added support for the SIGNATURE_HASH_ALGORITHMS Notify payload would not work properly.
Change-Id: I54ffe6b0d8b52189af3dc2e879e6665739fc36a4
Reviewed-on: https://code.wireshark.org/review/23439
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In order to map arbitrary byte buffers to strings, introduce a new
"bytes_string" type. Since "bytes_to_str" is already used for other
purposes, name the generic function "bytesval_to_str" instead similar to
the name( "val_to_str").
Accept "size_t" as length parameter since this is what is returned by
the "sizeof" operator. Do not add a "try_bytesval_to_str_idx" variant
since this pattern is not needed for now. Add a variant to match the
prefix since this is currently expected by the ISAKMP dissector.
Change-Id: I6d790325e85d9fb1384330f28a8c36e2057fdf30
Reviewed-on: https://code.wireshark.org/review/20386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Idf40de8bfa76cbe4437a157fc90bd994d4b2233e
Reviewed-on: https://code.wireshark.org/review/19872
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Display also release (and build)
Change-Id: Ib97f47a0b0179712a82f0aee0ca079a05b8b590c
Reviewed-on: https://code.wireshark.org/review/19730
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add Reserved fields as defined by:
* RFC 7296 for IKEv2
* RFC 2408 for IKEv1
* draft-ietf-ipsec-isakmp-mode-cfg-05 for the IKEv1 Attributes Payload
Change-Id: I0c25de6e543aa5461650fb4cd2c103a6a3a8c392
Reviewed-on: https://code.wireshark.org/review/19480
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix the size of the Identifier field in the IKEv1 Attributes Payload.
Reference: draft-ietf-ipsec-isakmp-mode-cfg-05, section 3.2
Change-Id: I30bfde9caa6750b342f7dfbad39e63341614a45b
Reviewed-on: https://code.wireshark.org/review/19502
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Fix dissection of the IKEv2 Identification Payload.
Unlike IKEv1, it does not have Protocol and Port fields.
References:
* RFC 2407, section 4.6.2
* RFC 7296, section 3.5
Change-Id: I968e378abd49363785dd7308a4f27908c1c05a8a
Reviewed-on: https://code.wireshark.org/review/19497
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create a new subtree for each traffic selector.
Use the length field to find the next traffic selector
rather than accumulating the individual TS field sizes.
Split dissect_ts() to introduce separate offset variables.
After adding the final field, do not advance offset again
to avoid unused variable warnings.
Change-Id: I9951662c1bb3958994162b25b70b43ec1da103a7
Reviewed-on: https://code.wireshark.org/review/19440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename attribute dissecting functions and their local variables to
improve code readability, and adjust white space.
old new
------------------------------------------------------------------
dissect_rohc_supported dissect_rohc_attribute
dissect_transform_ike2_attribute dissect_ike2_transform_attribute
option attribute
optlen value_len
rohc attr_type
transform_attr_type attr_type
cfg_attr_type attr_type
rohc_tree tree
transform_attr_type_tree tree
cfg_attr_type_tree tree
sub_rohc_tree attr_tree
sub_transform_attr_type_tree attr_tree
sub_cfg_attr_type_tree attr_tree
rohc_item attr_item
transform_attr_type_item attr_item
cfg_attr_type_item attr_item
------------------------------------------------------------------
Change-Id: I135e5deb802edc575e7fddd1bb397272aac0888c
Reviewed-on: https://code.wireshark.org/review/18553
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update IKE authentication methods and config attributes.
Change-Id: I103beaf79eebaa0704424ad89f4d38a2701ae50b
Reviewed-on: https://code.wireshark.org/review/18357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove NULL check to ensure IKEv2 encrypted payloads are dissected
during first pass, which is required for EAP-TLS fragment reassembly.
Change-Id: I7fd46ee2163188c1a8dd256a43f1457441b1b95a
Reviewed-on: https://code.wireshark.org/review/18348
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Derive the dissection functions from
dissect_ike_attribute() and dissect_ipsec_attribute():
* Add dedicated header fields.
* Remove attribute types not applicable in Responder Lifetime context.
Clean up the field name "isakmp.ipsec.attr.type".
Bug: 12963
Change-Id: I486380836d915255812098be2190bcc77ec13c00
Reviewed-on: https://code.wireshark.org/review/17970
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename identifiers and change item labels to reflect their purpose:
* ISAKMP Phase 1 = IKE
* ISAKMP Phase 2 = IPsec
* IKEv2 Attribute = Transform Attribute
Remove "transform" and "type" where they do not apply.
External users of isakmp.tf.* field names, such as display filters,
have to be updated after this commit to use isakmp.ipsec.* instead.
old new
--------------------------------------------------------------------
dissect_transform_attribute() dissect_ipsec_attribute()
dissect_transform_ike_attribute() dissect_ike_attribute()
ISAKMP_ IPSEC_
hf_isakmp_tf_attr hf_isakmp_ipsec_attr
isakmp.tf. isakmp.ipsec.
transform_ike_attr_type ike_attr_type
transform_isakmp_attr_type ipsec_attr_type
transform_attr_sa_life_type attr_life_type
transform_dh_group_type dh_group
transform_attr_encap_type ipsec_attr_encap_mode
transform_attr_auth_type ipsec_attr_auth_algo
transform_attr_ecn_type ipsec_attr_ecn_tunnel
transform_attr_ext_seq_nbr_type ipsec_attr_ext_seq_nbr
transform_attr_addr_preservation_type ipsec_attr_addr_preservation
transform_attr_sa_direction_type ipsec_attr_sa_direction
transform_attr_enc_type ike_attr_enc_algo
transform_attr_hash_type ike_attr_hash_algo
transform_attr_authmeth_type ike_attr_authmeth
transform_attr_grp_type ike_attr_grp_type
Type Payload Payload
Transform IKE Attribute Type IKE Attribute
Transform Attribute Type IPsec Attribute
Transform IKE2 Attribute Type Transform Attribute
Config Attribute Type Config Attribute
ISAKMP (v1) IKEv1
ISAKMP (v2) IKEv2
--------------------------------------------------------------------
Change-Id: Ib02a0bad100f932a290cae35ea4bd75b191f797b
Reviewed-on: https://code.wireshark.org/review/17914
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d7ebc6dd46e0d6494d412653ec423b8c0fde9c8
Reviewed-on: https://code.wireshark.org/review/17203
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Equalize attribute dissecting functions:
* Convert all attribute type names to range_string.
Add "Unassigned" and "Private use" ranges while we are at it.
* Swap the order of format and type fields for config attributes.
Move common code into the new function dissect_attribute_header().
Try to keep the parameter list short:
* Group the hfindex values for attribute details into a struct.
* Merge attribute subtree types.
Add a colon in the main attribute item label for visual separation.
Skip dissection of config attributes for unknown IKE versions.
Change-Id: I6e6286f3d4cf16f3cd16a23aca540c4af72f3442
Reviewed-on: https://code.wireshark.org/review/17663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix the "Number of SPIs" field name in the Delete payload.
References: RFC 2408, RFC 7296
Change-Id: I205fb830275fc011e6605fdae53c6b9141e1628b
Reviewed-on: https://code.wireshark.org/review/17353
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Read 4 bytes from the packet instead of 1 because that is the
correct size of the DOI field.
Reference: RFC 2408
Change-Id: I5745363811bb46af307a925d688ec36cfb29984b
Reviewed-on: https://code.wireshark.org/review/17271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Problem is that not all fields of UAT are updated on change (only those
defined in UAT definition with ikev2_uat_flds, specifically pointers to
encr_spec and auth_spec in ike2_decr_data_t were set to NULL.
Fixed by re-setting pointers after update table callback was called.
Also fixed memory leaks after UAT modification.
Bug was partially resolved with change
Ibdab979b5959eb561635cbcb446e17138baca87b
https://code.wireshark.org/review/17078
which eliminated crash, but decryption still didn't work after UAT
modification (DISSECTOR BUG was displayed).
Bug: 12748
Change-Id: I8209edd8e214d62e34b641fdd2e046b9ff4c95eb
Reviewed-on: https://code.wireshark.org/review/17249
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>