Coverage Report

Created: 2025-12-27 06:52

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/wireshark/epan/dissectors/packet-ipsec-udp.c
Line
Count
Source
1
/*
2
 * Copyright (c) 2003 Markus Friedl.  All rights reserved.
3
 *
4
 * SPDX-License-Identifier: BSD-2-Clause
5
 */
6
7
#include "config.h"
8
9
#include <epan/packet.h>
10
11
void proto_register_udpencap(void);
12
void proto_reg_handoff_udpencap(void);
13
14
14
#define UDPENCAP_PORT 4500
15
16
static int proto_udpencap;
17
18
static int hf_nat_keepalive;
19
static int hf_non_esp_marker;
20
21
static int ett_udpencap;
22
23
static dissector_handle_t udpencap_handle;
24
static dissector_handle_t esp_handle;
25
static dissector_handle_t isakmp_handle;
26
27
/*
28
 * UDP Encapsulation of IPsec Packets
29
 * draft-ietf-ipsec-udp-encaps-06.txt
30
 */
31
static int
32
dissect_udpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
33
7
{
34
7
  tvbuff_t   *next_tvb;
35
7
  proto_tree *udpencap_tree;
36
7
  proto_item *ti;
37
7
  uint32_t    spi;
38
39
7
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDPENCAP");
40
7
  col_clear(pinfo->cinfo, COL_INFO);
41
42
7
  ti = proto_tree_add_item(tree, proto_udpencap, tvb, 0, -1, ENC_NA);
43
7
  udpencap_tree = proto_item_add_subtree(ti, ett_udpencap);
44
45
  /* 1 byte of 0xFF indicates NAT-keepalive */
46
7
  if ((tvb_captured_length(tvb) == 1) && (tvb_get_uint8(tvb, 0) == 0xff)) {
47
1
    col_set_str(pinfo->cinfo, COL_INFO, "NAT-keepalive");
48
1
    proto_tree_add_item(udpencap_tree, hf_nat_keepalive, tvb, 0, 1, ENC_NA);
49
6
  } else {
50
    /* SPI of zero indicates IKE traffic, otherwise it's ESP */
51
6
    spi = tvb_get_ntohl(tvb, 0);
52
6
    if (spi == 0) {
53
1
      col_set_str(pinfo->cinfo, COL_INFO, "ISAKMP");
54
1
      proto_tree_add_item(udpencap_tree, hf_non_esp_marker, tvb, 0, 4, ENC_NA);
55
1
      proto_item_set_len(ti, 4);
56
1
      next_tvb = tvb_new_subset_remaining(tvb, 4);
57
1
      call_dissector(isakmp_handle, next_tvb, pinfo, tree);
58
5
    } else {
59
5
      col_set_str(pinfo->cinfo, COL_INFO, "ESP");
60
5
      proto_item_set_len(ti, 0);
61
5
      call_dissector(esp_handle, tvb, pinfo, tree);
62
5
    }
63
6
  }
64
7
  return tvb_captured_length(tvb);
65
7
}
66
67
void
68
proto_register_udpencap(void)
69
14
{
70
14
  static hf_register_info hf[] = {
71
14
    { &hf_nat_keepalive, { "NAT-keepalive packet", "udpencap.nat_keepalive",
72
14
          FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
73
14
    { &hf_non_esp_marker, { "Non-ESP Marker", "udpencap.non_esp_marker",
74
14
          FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
75
14
  };
76
77
14
  static int *ett[] = {
78
14
    &ett_udpencap,
79
14
  };
80
81
14
  proto_udpencap = proto_register_protocol("UDP Encapsulation of IPsec Packets", "UDPENCAP", "udpencap");
82
14
  proto_register_field_array(proto_udpencap, hf, array_length(hf));
83
14
  proto_register_subtree_array(ett, array_length(ett));
84
85
14
  udpencap_handle = register_dissector("udpencap", dissect_udpencap, proto_udpencap);
86
14
}
87
88
void
89
proto_reg_handoff_udpencap(void)
90
14
{
91
92
14
  esp_handle = find_dissector_add_dependency("esp", proto_udpencap);
93
14
  isakmp_handle = find_dissector_add_dependency("isakmp", proto_udpencap);
94
95
14
  dissector_add_uint_with_preference("udp.port", UDPENCAP_PORT, udpencap_handle);
96
14
}
97
98
/*
99
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
100
 *
101
 * Local Variables:
102
 * c-basic-offset: 2
103
 * tab-width: 8
104
 * indent-tabs-mode: nil
105
 * End:
106
 *
107
 * ex: set shiftwidth=2 tabstop=8 expandtab:
108
 * :indentSize=2:tabSize=8:noTabs=true:
109
 */