/src/wireshark/epan/dissectors/packet-dof.c

Source
/* packet-dof.c
 * Routines for Distributed Object Framework (DOF) Wireshark Support
 * Copyright 2015 Bryant Eastham <bryant.eastham[AT]us.panasonic.com>
 * See https://opendof.org for more information.
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

/* INTRODUCTION
 * This very large dissector implements packet decoding for the entire
 * protocol suite of the OpenDOF Project. The OpenDOF Project
 * (https://opendof.org) is an open-source IoT platform with
 * implementations in Java, C#, and C. The protocols are documented
 * on the web site, and the IP ports referenced are registered with IANA.
 *
 * "DOF" stands for Distributed Object Framework. The protocols define
 * a complete protocol stack that can sit on top of a variety of transports.
 * The stack itself is called the DPS, or "DOF Protocol Stack". It
 * is a layered stack including a Network, Presentation, and Application
 * layer. The underlying transport can be anything, these dissectors
 * hook in to UDP and TCP. To the Wireshark user, however, this is
 * referred to as "dof" and not "dps".
 *
 * The following protocols are defined in the stack and implemented
 * here:
 *   DNP    - DOF Network Protocol (versions: 0, 1)
 *   DPP    - DOF Presentation Protocol (version: 0, 2) [1 is reserved and not supported]
 *   DAP    - DOF Application Protocols:
 *   DSP    - DOF Session Protocol (versions: 0)
 *   OAP    - Object Access Protocol (versions: 1)
 *   TEP    - Ticket Exchange Protocol (versions: 128)
 *   TRP    - Ticket Request Protocol (versions: 129)
 *   SGMP   - Secure Group Management Protocol (versions: 130)
 *   DOFSEC - DOF Security Protocols:
 *   CCM    - Chained mode
 *   TUN    - A tunneling protocol for embedding DOF in other protocols.
 */

/* VERSIONS AND NAMING
 * There are several different ways in which "versions" are used
 * throughout the dissector. First, each of the DNP and DPP layers
 * has a defined 'version'. The DOF Application Protocols are also
 * distinguished by versioning, but it is actually the registered
 * application ID that is the version. This is complicated by
 * the fact that many of the application IDs represent the same
 * version of a protocol from a capability perspective (and
 * a user perspective) with the difference being some attribute
 * of the protocol - for example the security primitives used.
 *
 * Another means of versioning is by specification document.
 * In this case the document is identified by a year and sequence,
 * with specifications and PDUs using a name and sequence.
 * Naming of fields and variables will use these identifiers
 * as they are the easiest way to tie the code to the specifications.
 *
 * The specification documents are also the easiest way (although
 * maybe not the clearest) to expose fields to the Wireshark user.
 * A consistent naming is used, which is:
 *
 *   (spec)-pdu-(seq)-(field)
 *   For example: dof-2009-1-pdu-1-value
 *
 * Variable naming includes a protocol name to provide clarity.
 *
 * This is not the clearest from a user perspective, but it
 * has the benefit of tying directly to the specifications
 * themselves and uniquely identifies each field.
 *
 * Routines that dissect are uniformly named by the PDU
 * that they dissect using the PDU specification document
 * and PDU name from that document as follows:
 *
 *   dissect_(spec)_(name)
 */

/* DISSECTOR DESIGN
 * The original work on these dissectors began over ten years ago, but
 * shared only within Panasonic. During the opening of the protocols in
 * March of 2015 the decision was made to contribute the code to the Wireshark
 * community. During this process the plugin approach was rejected and the
 * entire set made into standard dissectors, and further to that all of the
 * dissectors were merged into a single file.
 *
 * There are several types of supported dissectors that are part of the DPS family.
 * At the lowest level are the transport dissectors. The responsibility
 * of these dissectors is to determine the transport session information, pass
 * DPS packets to the DPS dissector, and properly maintain the dof_api_data
 * structure.
 *
 * The DPS dissector API comprises:
 *    1. The structure (dof_api_data) that is passed in the data field to the DPS
 *       dissector. Transport plugins must understand this.
 *    2. The dof_transport_session structure, which contains all transport
 *       information that is passed to the DPS dissector.
 *    3. The name of the DPS dissector.
 *
 * The DPS dissector API extends to dissectors that are called by the DPS dissectors.
 *
 * Finally, there is the DPS Security Mode dissectors. These dissectors are passed
 * additional security context information and it is their job to decrypt packets
 * and pass them to higher-level dissectors.
 *
 * The DOF Protocol Stack is strictly layered with minimal (and defined) state
 * exchanged between layers. This allows a fairly structured design, using
 * dissector tables at each layer. The main DPS dissector receives packets
 * from the transport hooks, and then dissects the packet layer by layer using
 * the different dissector tables. Dissectors and the DNP, DPP, and DAP layers.
 *
 * In addition to the main protocol stack with its associated protocols there are
 * additional common data elements that include extensibility. If an extension
 * is found then it will be used to dissect, otherwise the base dissector will be
 * used.
 */

/* SESSIONS
 * DOF defines sessions at many different levels, and state is always associated
 * with a session. Much of the power (and complexity) of these dissectors relates
 * to accurately tracking and maintaining context for each session, and displaying
 * context-related decode information based on the session. This includes, for
 * example, decoding encrypted data (including multicast group traffic) and
 * showing full packet information even when the packet data uses aliases or
 * other context specific data.
 *
 * Sessions are an extremely complex part of the dissectors because they occur at
 * so many different levels, and that they are temporal in nature while wireshark
 * is not. This means that all data structures that deal with sessions must deal
 * with both the level and the time of the packet.
 *
 * The levels are:
 *   1. Transport. These sessions are defined by the transport, and transport
 *      addresses. As in the transports, there is no transport information allowed
 *      at the dps level, but transport information is allowed to influence other
 *      decisions. Every dps packet must be part of a transport session. Transport
 *      sessions are usually managed as conversations in Wireshark. Each transport
 *      session is has an identifier that is defined by the DPS plugin the first
 *      time a packet in the transport session is passed to the plugin.
 *   2. DPS. These sessions are defined by DPS, and are part of the DNP definition.
 *      These sessions are also assigned a unique DPS session identifier.
 *
 *   3. Security (Optional). Security sessions always exist inside of
 *      an DPS session. Security sessions are further divided into epochs, keys, etc.
 *
 * Temporal information is always associated with packet numbers, which always increase.
 * This temporal information is used during the first pass to create sessions by
 * determining that a new packet doesn't belong to a previous session.
 *
 * During the first pass the data structures are referenced from the transport
 * session information up. The goal of the first pass is to create the most specific
 * session information and associate each packet with the appropriate session. These
 * sessions refer to more general session information.
 *
 * In order to make lookups easier, the most fine-grained sessions are assigned
 * unique identifiers. Secure sessions are always born unsecure (during security
 * negotiation). These use the same session identifiers, but the state for the
 * secure and unsecured times are separated. Once a session is secured it never
 * transitions back to unsecured.
 *
 * MEMBERSHIP
 * Each packet is sent by a member of the session. Session members have state related
 * to the session. Packets are received by either a member of the session or the
 * session itself (implying all members). This means that packet state can come
 * from:
 *   1. The sender.
 *   2. The receiver (if directed to a receiver).
 *   3. The session.
 * The identity of a member is always a combination of transport and dps information.
 * However, the state of the membership is in the context of the session, keyed by
 * the sender.
 *
 * In order to make lookups easier, each unique sender in the system is
 * assigned a unique identifier.
 */

#include <config.h>

#include <ctype.h>

#include <wsutil/wsgcrypt.h>

#include <epan/packet.h>
#include <epan/proto.h>
#include <epan/proto_data.h>
#include <epan/prefs.h>
#include <epan/conversation.h>
#include <epan/expert.h>
#include <epan/uat.h>
#include <wsutil/str_util.h>
#include <epan/tfs.h>
#include "packet-tcp.h"

/* DEFINES, STRUCTURES, AND SUPPORT METHOD DECLARATIONS
 * The following sections includes preprocessor definitions, structure definitions,
 * and method declarations for all dissectors.
 * The ordering is by DPS stack order, general first and then by protocols.
 */

/**
 * GENERAL SUPPORT STRUCTURES
 * The following structures represent state that must be maintained for
 * the dissectors to operate. They are not directly related to protocol
 * information.
 */

/**
 * This structure represents a SID, or Sender ID, in the system.
 * This is allocated as global memory, and must be freed. SIDs
 * are Object IDs, and can be displayed in hex but preferably
 * using the OID output format. Even though the OID contains
 * a length, we prefix this buffer with a length (which must
 * be less than 255 by the definition of a SID.
 * SIDs are not versioned, so they can be used universally in
 * any protocol version.
 */
typedef uint8_t *dof_2009_1_pdu_19_sid;

/**
 * This structure encapsulates an OPID, which is the combination of
 * a source identifier (SID, and OID) and a packet number. This is a separate
 * structure because some operations actually contain multiple opids, but need
 * to be placed in the appropriate data structures based on SID lookup. This
 * structure can be used as a key in different hash tables.
 */
typedef struct _dpp_opid
{
    unsigned op_sid_id;
    dof_2009_1_pdu_19_sid op_sid;
    unsigned op_cnt;
} dof_2009_1_pdu_20_opid;

/**
 * This structure contains all of the transport session information
 * related to a particular session, but not related to the packet
 * within that session. That information is separated to allow
 * reuse of the structure.
 */
typedef struct _dof_transport_session
{
    /**
     * TRANSPORT ID: This is a unique identifier for each transport,
     * used to prevent aliasing of the SENDER ID value in the
     * transport packet structure. It contains the protocol id
     * assigned by Wireshark (unique per protocol).
     */
    int transport_id;

    /**
     * For new sessions, this is left zero. The DPS dissector will
     * set this value.
     */
    uint32_t transport_session_id;

    /**
     * Timestamp of start of session.
     */
    nstime_t session_start_ts;

    /**
     * Whether negotiation is required on this session.
     */
    bool negotiation_required;

    /**
     * The frame number where negotiation was complete, or zero if not complete.
     */
    uint32_t negotiation_complete_at;

    /**
     * The time when negotiation was complete, or zero if not complete.
     */
    nstime_t negotiation_complete_at_ts;

    /**
     * Type of transport session.
     */
    bool is_streaming;  /* Inverse is 'is_datagram'. */

    /**
     * Cardinality of transport session.
     */
    bool is_2_node; /* Inverse is 'is_n_node'. */
} dof_transport_session;

typedef struct _dof_transport_packet
{
    /**
     * Source of packet (if known, default is server).
     */
    bool is_sent_by_client; /* Inverse is 'is_sent_by_server'. */

    /**
     * SENDER ID/RECEIVER ID: A unique value that identifies the unique
     * transport sender/receiver address. This number is based on only
     * the transport, and not session, information.
     */
    unsigned sender_id;
    unsigned receiver_id;
} dof_transport_packet;

/**
 * This structure maintains security state throughout an DPS session.
 * It is managed by the key exchange protocol, and becomes effective
 * at different dps packets in each communication direction. Decrypting
 * a packet requires that this structure exists.
 */
typedef struct _dof_session_key_exchange_data
{
    /**
     * The frame at which this becomes valid for initiator packets.
     */
    uint32_t i_valid;

    /**
     * The frame at which this becomes valid for responder packets.
     */
    uint32_t r_valid;

    /**
     * SECURITY MODE: The security mode for a secure session. Set
     * by the key exchange dissector.
     */
    uint32_t security_mode;

    /**
     * SECURITY MODE INITIALIZATION DATA: Determined by the key exchange
     * protocol and passed here for the reference of the security mode.
     */
    uint32_t security_mode_data_length;
    uint8_t *security_mode_data;

    /**
     * SECURITY MODE DATA: Created and managed by the security mode
     * dissector.
     */
    void *security_mode_key_data;

    /**
     * SESSION KEY: Pointer to seasonal data that holds the encryption key.
     */
    uint8_t *session_key;

    /**
     * The next security data in this session.
     */
    struct _dof_session_key_exchange_data *next;
} dof_session_key_exchange_data;

/**
 * This structure contains security keys that should be tried with
 * sessions that otherwise are not known.
 */
typedef struct _dof_session_key_data
{
    uint8_t *session_key;
} dof_session_key_data;

/**
 * This structure contains security keys for groups.
 */
typedef struct _dof_group_data
{
    uint8_t *domain;
    uint8_t domain_length;
    uint8_t *identity;
    uint8_t identity_length;
    uint8_t *kek;
} dof_group_data;

/**
 * This structure contains security keys for non-group identities.
 */
typedef struct _dof_identity_data
{
    uint8_t *domain;
    uint8_t domain_length;
    uint8_t *identity;
    uint8_t identity_length;
    uint8_t *secret;
} dof_identity_data;

/**
 * This structure exists for global security state. It exposes the
 * configuration data associated with DPS, and also is a common location
 * that learned security information is stored. Each dof_packet_data will
 * contain a pointer to this structure - there is only one for the entire
 * DPS.
 */
typedef struct _dof_security_data
{
    /* Array of session_keys. */
    dof_session_key_data *session_key;
    uint16_t session_key_count;

    /* Array of group data. */
    dof_group_data *group_data;
    uint16_t group_data_count;

    /* Array of identity data. */
    dof_identity_data *identity_data;
    uint16_t identity_data_count;

    /* Global sessions. */
    /*TODO: Figure this out */
    /* dof_session_list* sessions; */
} dof_security_data;

/**
 * This structure represents a key that is learned for a group and epoch.
 */
struct _dof_learned_group_data;
typedef struct _dof_learned_group_auth_data
{
    uint32_t epoch;
    uint8_t *kek;
    unsigned mode_length;
    uint8_t *mode;
    uint16_t security_mode;
    struct _dof_learned_group_data *parent;
    struct _dof_learned_group_auth_data *next;
} dof_learned_group_auth_data;

/**
 * This structure represents a group that is learned about.
 */
typedef struct _dof_learned_group_data
{
    uint8_t domain_length;
    uint8_t *domain;
    uint8_t group_length;
    uint8_t *group;
    uint32_t ssid;

    dof_learned_group_auth_data *keys;
    struct _dof_learned_group_data *next;
} dof_learned_group_data;

/**
 * This structure exists for each secure DPS session. This is kept in
 * addition to the normal session
 * Each packet that has state will contain a reference to one of these.
 *
 * Information in this structure is invariant for the duration of the
 * session *or* is only used during the initial pass through the packets.
 * Information that changes (for example, security parameters, keys, etc.)
 * needs to be maintained separately, although this structure is the
 * starting place for this information.
 *
 * This structure is initialized to zero.
 */
struct _dof_session_data;
typedef struct _dof_secure_session_data
{
    /**
     * SSID: Zero is typically used for streaming sessions.
     */
    uint32_t ssid;

    /**
     * DOMAIN LENGTH: The length of the security domain, greater than
     * zero for secure sessions. Set by the key exchange dissector.
     */
    uint8_t domain_length;

    /**
     * DOMAIN: The security domain itself, seasonal storage, non-null
     * for secure sessions. Set by the key exchange dissector.
     */
    uint8_t *domain;

    /**
     * SESSION SECURITY: This is a list of security data for this
     * session, created by the key exchange protocol.
     */
    dof_session_key_exchange_data *session_security_data;
    dof_session_key_exchange_data *session_security_data_last;

    /**
     * NEXT: This is the next secure session related to the parent
     * unsecure session. Protocols can define new secure sessions and
     * add them to this list. DPP then finds the correct secure session
     * for a secure packet and caches it.
     */
    struct _dof_secure_session_data *next;
    struct _dof_session_data *parent;
    uint32_t original_session_id;
    bool is_2_node;
} dof_secure_session_data;

/**
 * This structure exists for each DPS session. Secure sessions have an
 * additional data structure that includes the secure session information.
 * Each packet that has state will contain a reference to one of these.
 *
 * Information in this structure is invariant for the duration of the
 * session *or* is only used during the initial pass through the packets.
 * Information that changes (for example, security parameters, keys, etc.)
 * needs to be maintained separately, although this structure is the
 * starting place for this information.
 *
 * This structure is initialized to zero.
 */
typedef struct _dof_session_data
{
    /**
     * SESSION ID: Set when the session is created, required.
     */
    uint32_t session_id;

    /**
     * DPS ID: The type of DPS SENDER ID (in the packet data) to prevent
     * aliasing. Since DPS senders identifiers relate to DNP, this is the
     * DNP version number.
     */
    uint8_t dof_id;

    /**
     * SECURE SESSIONS: When secure sessions are created from this
     * unsecure session then they are added to this list. Each member
     * of the list must be distinguished.
     */
    dof_secure_session_data *secure_sessions;

    /**
     * Protocol-specific data.
     */
    GSList *data_list;
} dof_session_data;

/* DOF Security Structures. */
/* Return structures for different packets. */

typedef struct _dof_2008_16_security_3_1
{
    tvbuff_t *identity;
} dof_2008_16_security_3_1;

typedef struct _dof_2008_16_security_4
{
    tvbuff_t *identity;
    tvbuff_t *nonce;
} dof_2008_16_security_4;

typedef struct _dof_2008_16_security_6_1
{
    tvbuff_t *i_identity;
    tvbuff_t *i_nonce;
    uint16_t security_mode;
    uint32_t security_mode_data_length;
    uint8_t *security_mode_data;
} dof_2008_16_security_6_1;

typedef struct _dof_2008_16_security_6_2
{
    tvbuff_t *r_identity;
    tvbuff_t *r_nonce;
} dof_2008_16_security_6_2;


/**
 * This structure defines the address for Wireshark transports. There is no
 * DPS information associated here.
 */
typedef struct _ws_node
{
    address addr;
    uint32_t port;
} ws_node;

typedef struct _dof_session_list
{
    dof_session_data *session;
    struct _dof_session_list *next;
} dof_session_list;

/**
 * DOF PACKET DATA
 * This structure exists for each DOF packet. There is ABSOLUTELY NO
 * transport-specific information here, although there is a session
 * number which may relate to transport information indirectly through
 * a transport session.
 * There will be one of these for each DOF packet, even if the corresponding
 * Wireshark frame has multiple DOF packets encapsulated in it. The key
 * to this structure is the operation identifier, and there is a hash
 * lookup to go from an operation identifier to this structure.
 */
typedef struct _dof_packet_data
{
    /**
     * NON-DPS FIELDS, USED FOR WIRESHARK COMMUNICATION/PROCESSING
     * Protocol-specific data.
     */
    wmem_list_t *data_list;

    /**
     * The Wireshark frame. Note that a single frame can have multiple DPS packets.
     */
    uint32_t frame;

    /**
     * The DPS frame/packet. This number is unique in the entire trace.
     */
    uint32_t dof_frame;

    /**
     * Packet linked list for all dps packets.
     */
    struct _dof_packet_data *next;

    /**
     * DPS FIELDS
     * Indicator that the packet has already been processed. Processed packets
     * have all their fields set that can be determined. Further attempts to
     * determine NULL fields are worthless.
     */
    bool processed;

    /**
     * SUMMARY: An operation summary, displayed in the Operation History. This is seasonal
     * data, managed by the DPP dissector.
     */
    const char *summary;

    /**
     * SENDER ID/RECEIVER ID: An identifier for each unique sender/receiver according to DPS.
     * This augments the transport SENDER ID/RECEIVER ID in determining each
     * unique sender.
     */
    int sender_id;
    int receiver_id;

    /**
     * DPP INFORMATION - CACHED INFORMATION
     */
    bool is_command;    /* Inverse is 'is_response'. */
    bool is_sent_by_initiator;

    /**
     * SENDER SID ID/RECEIVER SID ID: An identifier for the sid associated with this packet's sender.
     * Zero indicates that it has not been assigned. Assigned by the DPP
     * dissector.
     */
    unsigned sender_sid_id;
    unsigned receiver_sid_id;

    /**
     * SENDER SID/RECEIVER SID: The SID of the sender/receiver, or NULL if not known.
     */
    dof_2009_1_pdu_19_sid sender_sid;
    dof_2009_1_pdu_19_sid receiver_sid;

    /**
     * Operation references.
     */
    bool has_opid;
    dof_2009_1_pdu_20_opid op;
    bool has_referenced_opid;
    dof_2009_1_pdu_20_opid ref_op;

    struct _dof_packet_data *opid_first;
    struct _dof_packet_data *opid_next;
    struct _dof_packet_data *opid_last;
    struct _dof_packet_data *opid_first_response;
    struct _dof_packet_data *opid_next_response;
    struct _dof_packet_data *opid_last_response;

    /**
     * SECURITY INFORMATION - CACHED
     */
    const char *security_session_error;
    dof_session_key_exchange_data *security_session;
    void *security_packet;
    uint8_t *decrypted_buffer;
    tvbuff_t *decrypted_tvb;
    uint16_t decrypted_offset;
    char *decrypted_buffer_error;


    /**
     * OPERATION DATA: Generic data, seasonal, owned by the application protocol dissector
     * for this packet.
     */
    void *opid_data;
} dof_packet_data;


/**
 * This structure represents globals that are passed to all dissectors.
 */
typedef struct _dof_globals
{
    uint32_t next_transport_session;
    uint32_t next_session;
    dof_packet_data *dof_packet_head;
    dof_packet_data *dof_packet_tail;
    dof_security_data *global_security;
    dof_learned_group_data *learned_group_data;
    bool decrypt_all_packets;
    bool track_operations;
    unsigned track_operations_window;
} dof_globals;

/**
 * This structure contains all information that is passed between
 * transport dissectors/plugins and the DPS dissector. It is allocated
 * by the transport plugin, and its fields are set as described here.
 */
typedef struct _dof_api_data
{
    /**
     * TRANSPORT SESSION: Set by the transport dissector, required.
     */
    dof_transport_session *transport_session;

    /**
     * TRANSPORT PACKET: Set by the transport dissector, required.
     */
    dof_transport_packet *transport_packet;

    /**
     * DPS SESSION: Set by the DPS dissector.
     */
    dof_session_data *session;

    /**
     * DPS DATA: Set by the DPS dissector.
     */
    dof_packet_data *packet;

    /**
     * DPS SECURE SESSION: Set by the DPP dissector.
     */
    dof_secure_session_data *secure_session;
} dof_api_data;

/**
 * This set of types defines the Security Mode dissector API.
 * This structure identifies the context of the dissection,
 * allowing a single structure to know what part of the packet
 * of sequence of packets it is working with.
 *
 * Structure for Security Mode of Operation dissectors.
 */
typedef enum _dof_secmode_context
{
    INITIALIZE,
    HEADER,
    TRAILER
} dof_secmode_context;

/* Seasonal, initialized to zero. */
typedef struct _dof_secmode_api_data
{
    /**
     * API VERSION: Set by the DPS dissector, required.
     * MUST BE THE FIRST FIELD.
     */
    uint8_t version;

    /**
     * CONTEXT: Set the DPS dissector, required.
     */
    dof_secmode_context context;

    /**
     * SECURITY MODE OFFSET: The packet offset from the DPP header of the security mode.
     */
    unsigned security_mode_offset;

    /**
     * API DATA: Set by the DPS dissector, required.
     */
    dof_api_data *dof_api;

    /**
     * SECURE SESSION DATA: Controlled by the caller, either associated
     * with the current packet (HEADER mode) or not (other modes).
     * Used to access session information.
     */
    dof_secure_session_data *secure_session;

    /**
     * KEY EXCHANGE: Controlled by the caller, represents the key exchange
     * for INITIALIZE mode.
     */
    dof_session_key_exchange_data *session_key_data;
} dof_secmode_api_data;

/* These should be the only non-static declarations in the file. */
void proto_register_dof(void);
void proto_reg_handoff_dof(void);

/* Dissector routines. */
static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);

static const char* dof_oid_create_standard_string(wmem_allocator_t* allocator, uint32_t bufferSize, const uint8_t *pOIDBuffer, packet_info *pinfo);
static const char* dof_iid_create_standard_string(wmem_allocator_t* allocator, uint32_t bufferSize, const uint8_t *pIIDBuffer);
static uint8_t dof_oid_create_internal(const char *oid, uint32_t *size, uint8_t *buffer);
static void dof_oid_new_standard_string(const char *data, uint32_t *rsize, uint8_t **oid);
static int read_c4(tvbuff_t *tvb, int offset, uint32_t *v, int *len);
static void validate_c4(packet_info *pinfo, proto_item *pi, uint32_t, int len);
static int read_c3(tvbuff_t *tvb, int offset, uint32_t *v, int *len);
static void validate_c3(packet_info *pinfo, proto_item *pi, uint32_t, int len);
static int read_c2(tvbuff_t *tvb, int offset, uint16_t *v, int *len);
static void validate_c2(packet_info *pinfo, proto_item *pi, uint16_t, int len);

static int dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result);
static int dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result);

#if 0 /* TODO not used yet */
static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data);
static void* dof_session_get_proto_data(dof_session_data *session, int proto);
static void dof_session_delete_proto_data(dof_session_data *session, int proto);
#endif

static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data);
static void* dof_packet_get_proto_data(dof_packet_data *packet, int proto);

/* DOF PROTOCOL STACK */
#define DOF_PROTOCOL_STACK "DOF Protocol Stack"

/**
 * PORTS
 * The following ports are registered with IANA and used to hook transport
 * dissectors into the lower-level Wireshark transport dissectors.
 *
 * Related to these ports is the usage of conversations for DOF. The goal of
 * using Wireshark conversations is to guarantee that DPS data is available for
 * any DPS packet. However, there is no assumption that Wireshark conversations
 * map in any way to DOF sessions.
 *
 * One exception to this use is in discovery of DOF servers. The DOF_MCAST_NEG_SEC_UDP_PORT
 * is watched for all traffic. A "wildcard" conversation is then created for the
 * source address, and the DPS dissector is associated with that port. In this
 * way, servers on non-standard ports will automatically be decoded using DPS.
 */
#define DOF_NEG_SEC_UDP_PORT_RANGE  "3567,5567" /* P2P + Multicast */
#define DOF_P2P_NEG_SEC_TCP_PORT    3567
/* Reserved UDP port                3568*/
#define DOF_TUN_SEC_TCP_PORT        3568
#define DOF_P2P_SEC_TCP_PORT        5567
/* Reserved UDP port                8567*/
#define DOF_TUN_NON_SEC_TCP_PORT    8567

/* This is needed to register multicast sessions with the UDP handler. */
static dissector_handle_t dof_udp_handle;

static int proto_2008_1_dof;
static int proto_2008_1_dof_tcp;
static int proto_2008_1_dof_udp;

static int hf_2008_1_dof_session;
static int hf_2008_1_dof_is_2_node;
static int hf_2008_1_dof_is_streaming;
static int hf_2008_1_dof_is_from_client;
static int hf_2008_1_dof_frame;
static int hf_2008_1_dof_session_transport;

static int ett_2008_1_dof;

/* DOF Tunnel Protocol */

/* UDP Registrations */
#define TUNNEL_PROTOCOL_STACK "DOF Tunnel Protocol Stack"
#define TUNNEL_APPLICATION_PROTOCOL "DOF Tunnel Protocol"

static dissector_table_t dof_tun_app_dissectors;

/***** TUNNEL *****/
static int proto_2012_1_tunnel;

static int ett_2012_1_tunnel;

static int hf_2012_1_tunnel_1_version;
static int hf_2012_1_tunnel_1_length;

/* DOF NETWORK PROTOCOL */
#define DNP_MAX_VERSION 1
#define DOF_NETWORK_PROTOCOL "DOF Network Protocol"

static dissector_table_t dnp_dissectors;
static dissector_table_t dnp_framing_dissectors;

static int proto_2008_1_dnp;

static int hf_2008_1_dnp_1_version;
static int hf_2008_1_dnp_1_flag;

static int ett_2008_1_dnp;
static int ett_2008_1_dnp_header;

/* DNP V0 */
static int proto_2008_1_dnp_0;

static int hf_2008_1_dnp_0_1_1_padding;
static int hf_2008_1_dnp_0_1_1_version;

/* DNP V1 */
#define DNP_V1_DEFAULT_FLAGS    (0)
static int proto_2009_9_dnp_1;

static int hf_2009_9_dnp_1_flags;
static int hf_2009_9_dnp_1_flag_length;
static int hf_2009_9_dnp_1_length;
static int hf_2009_9_dnp_1_flag_srcport;
static int hf_2009_9_dnp_1_srcport;
static int hf_2009_9_dnp_1_flag_dstport;
static int hf_2009_9_dnp_1_dstport;

static int ett_2009_9_dnp_1_flags;

static int * const bitmask_2009_9_dnp_1_flags[] = {
    &hf_2009_9_dnp_1_flag_length,
    &hf_2009_9_dnp_1_flag_srcport,
    &hf_2009_9_dnp_1_flag_dstport,
    NULL
};

/* DOF PRESENTATION PROTOCOL */
#define DOF_PRESENTATION_PROTOCOL "DOF Presentation Protocol"

static dissector_table_t dof_dpp_dissectors;

static int proto_2008_1_dpp;

static int hf_2008_1_dpp_sid_num;
static int hf_2008_1_dpp_rid_num;
static int hf_2008_1_dpp_sid_str;
static int hf_2008_1_dpp_rid_str;
static int hf_2008_1_dpp_first_command;
static int hf_2008_1_dpp_last_command;
static int hf_2008_1_dpp_first_response;
static int hf_2008_1_dpp_last_response;
static int hf_2008_1_dpp_related_frame;
static int hf_2008_1_dpp_1_version;
static int hf_2008_1_dpp_1_flag;

static int ett_2008_1_dpp;
static int ett_2008_1_dpp_1_header;

/* DPP V0 */
static int proto_2008_1_dpp_0;

static int hf_2008_1_dpp_0_1_1_version;

/* DPP V1 - RESERVED, NOT SUPPORTED */

/* DPP V2 */
#define DPP_V2_DEFAULT_FLAGS    (0)
#define DPP_V2_SEC_FLAG_E (0x80)
#define DPP_V2_SEC_FLAG_D (0x08)
#define DPP_V2_SEC_FLAG_P (0x04)
#define DPP_V2_SEC_FLAG_A (0x02)
#define DPP_V2_SEC_FLAG_S (0x01)

static int proto_2009_12_dpp;
static int proto_2009_12_dpp_common;

/* TODO: The complete on final and final flags are not covered. */
static int hf_2009_12_dpp_2_1_flags;
static int hf_2009_12_dpp_2_1_flag_security;
static int hf_2009_12_dpp_2_1_flag_opid;
static int hf_2009_12_dpp_2_1_flag_seq;
static int hf_2009_12_dpp_2_1_flag_retry;
static int hf_2009_12_dpp_2_1_flag_cmdrsp;
static int hf_2009_12_dpp_2_3_sec_flags;
static int hf_2009_12_dpp_2_3_sec_flag_secure;
static int hf_2009_12_dpp_2_3_sec_flag_rdid;
static int hf_2009_12_dpp_2_3_sec_flag_partition;
static int hf_2009_12_dpp_2_3_sec_flag_ssid;
static int hf_2009_12_dpp_2_3_sec_flag_as;
static int hf_2009_12_dpp_2_3_sec_ssid;
static int hf_2009_12_dpp_2_3_sec_rdid;
static int hf_2009_12_dpp_2_3_sec_remote_partition;
static int hf_2009_12_dpp_2_3_sec_partition;
static int hf_2009_12_dpp_2_1_opcnt;
static int hf_2009_12_dpp_2_1_seq;
static int hf_2009_12_dpp_2_1_retry;
static int hf_2009_12_dpp_2_1_delay;
static int hf_2009_12_dpp_2_14_opcode;

static int ett_2009_12_dpp_2_1_flags;
static int ett_2009_12_dpp_2_3_security;
static int ett_2009_12_dpp_2_3_sec_flags;
static int ett_2009_12_dpp_2_3_sec_remote_partition;
static int ett_2009_12_dpp_2_3_sec_partition;
static int ett_2009_12_dpp_2_opid;
static int ett_2009_12_dpp_2_opid_history;

static int ett_2009_12_dpp_common;

static const value_string strings_2009_12_dpp_opid_types[] = {
    { 0, "Not Present" },
    { 1, "SID [Sender]" },
    { 2, "SID [Receiver]" },
    { 3, "SID [Explicit]" },
    { 0, NULL }
};

#define OP_2009_12_RESPONSE_FLAG      (0x80)
#define OP_2009_12_NODE_DOWN_CMD      (0)
#define OP_2009_12_NODE_DOWN_RSP      (OP_2009_12_RESPONSE_FLAG|OP_2009_12_NODE_DOWN_CMD)
#define OP_2009_12_SOURCE_LOST_CMD    (1)
#define OP_2009_12_SOURCE_LOST_RSP    (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_LOST_CMD)
#define OP_2009_12_RENAME_CMD         (2)
#define OP_2009_12_RENAME_RSP         (OP_2009_12_RESPONSE_FLAG|OP_2009_12_RENAME_CMD)
#define OP_2009_12_PING_CMD           (3)
#define OP_2009_12_PING_RSP           (OP_2009_12_RESPONSE_FLAG|OP_2009_12_PING_CMD)
#define OP_2009_12_CANCEL_ALL_CMD     (4)
#define OP_2009_12_CANCEL_ALL_RSP     (OP_2009_12_RESPONSE_FLAG|OP_2009_12_CANCEL_ALL_CMD)
#define OP_2009_12_HEARTBEAT_CMD      (5)
#define OP_2009_12_HEARTBEAT_RSP      (OP_2009_12_RESPONSE_FLAG|OP_2009_12_HEARTBEAT_CMD)
#define OP_2009_12_QUERY_CMD          (6)
#define OP_2009_12_QUERY_RSP          (OP_2009_12_RESPONSE_FLAG|OP_2009_12_QUERY_CMD)
#define OP_2009_12_SOURCE_FOUND_CMD   (8)
#define OP_2009_12_SOURCE_FOUND_RSP   (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_FOUND_CMD)

static const value_string strings_2009_12_dpp_common_opcodes[] = {
    { OP_2009_12_NODE_DOWN_CMD, "DPP Node Down" },
    { OP_2009_12_NODE_DOWN_RSP, "DPP Node Down Response (Illegal)" },
    { OP_2009_12_SOURCE_LOST_CMD, "DPP Source Lost" },
    { OP_2009_12_SOURCE_LOST_RSP, "DPP Source Lost Response (Illegal)" },
    { OP_2009_12_SOURCE_FOUND_CMD, "DPP Source Found" },
    { OP_2009_12_SOURCE_FOUND_RSP, "DPP Source Found Response (Illegal)" },
    { OP_2009_12_RENAME_CMD, "DPP Rename" },
    { OP_2009_12_RENAME_RSP, "DPP Rename Response (Illegal)" },
    { OP_2009_12_PING_CMD, "DPP Ping" },
    { OP_2009_12_PING_RSP, "DPP Ping Response" },
    { OP_2009_12_HEARTBEAT_CMD, "DPP Heartbeat" },
    { OP_2009_12_HEARTBEAT_RSP, "DPP Heartbeat Response (Illegal)" },
    { OP_2009_12_QUERY_CMD, "DPP Query" },
    { OP_2009_12_QUERY_RSP, "DPP Query Response" },
    { OP_2009_12_CANCEL_ALL_CMD, "DPP Cancel All" },
    { OP_2009_12_CANCEL_ALL_RSP, "DPP Cancel All Response (Illegal)" },
    { 0, NULL }
};

/* DOF APPLICATION PROTOCOL */
#define DOF_APPLICATION_PROTOCOL "DOF Application Protocol"

static dissector_table_t app_dissectors;

static int proto_2008_1_app;

static int hf_2008_1_app_version;

/* DAP V0 (DSP - DOF SESSION PROTOCOL) */
/* Note that DSP is *always* appid 0 and so it violates the standard naming rule. */
static dissector_table_t dsp_option_dissectors;

static int hf_2008_1_dsp_12_opcode;
static int hf_2008_1_dsp_attribute_code;
static int hf_2008_1_dsp_attribute_data;
static int hf_2008_1_dsp_value_length;
static int hf_2008_1_dsp_value_data;

static const value_string strings_2008_1_dsp_attribute_codes[] = {
    { 0, "TEP Family" },
    { 1, "OAP Family" },
    { 2, "CCM Family" },
    { 3, "TRP Family" },
    { 255, "General" },
    { 0, NULL }
};

#define DOF_PROTOCOL_DSP 0
#define DSP_OAP_FAMILY 0x010000

static int proto_2008_1_dsp;

#define OP_2008_1_RSP                   (0x80)
#define OP_2008_1_QUERY_CMD             0
#define OP_2008_1_QUERY_RSP             (OP_2008_1_RSP|OP_2008_1_QUERY_CMD)
#define OP_2008_1_CONFIG_REQ            1
#define OP_2008_1_CONFIG_ACK            (OP_2008_1_RSP|2)
#define OP_2008_1_CONFIG_NAK            (OP_2008_1_RSP|3)
#define OP_2008_1_CONFIG_REJ            (OP_2008_1_RSP|4)
#define OP_2008_1_TERMINATE_CMD         5
#define OP_2008_1_TERMINATE_RSP         (OP_2008_1_RSP|OP_2008_1_TERMINATE_CMD)
#define OP_2008_1_OPEN_CMD              6
#define OP_2008_1_OPEN_RSP              (OP_2008_1_RSP|OP_2008_1_OPEN_CMD)
#define OP_2008_1_OPEN_SECURE_RSP       (OP_2008_1_RSP|7)

static const value_string strings_2008_1_dsp_opcodes[] = {
    { OP_2008_1_QUERY_CMD, "DSP Query" },
    { OP_2008_1_QUERY_RSP, "DSP Query Response" },
    { OP_2008_1_CONFIG_REQ, "DSP Request" },
    { OP_2008_1_CONFIG_ACK, "DSP ACK Response" },
    { OP_2008_1_CONFIG_NAK, "DSP NAK Response" },
    { OP_2008_1_CONFIG_REJ, "DSP REJ Response" },
    { OP_2008_1_TERMINATE_CMD, "DSP Terminate/Close Request" },
    { OP_2008_1_TERMINATE_RSP, "DSP Terminate/Close Response" },
    { OP_2008_1_OPEN_CMD, "DSP Open" },
    { OP_2008_1_OPEN_RSP, "DSP Open Response" },
    { OP_2008_1_OPEN_SECURE_RSP, "DSP Open Secure Response" },
    { 0, NULL }
};

#define DSP_AVP_AUTHENTICATION          0
#define DSP_AVP_APPLICATION             1

#if 0 /* not used yet */
static const value_string strings_2008_1_dsp_attributes[] = {
    { DSP_AVP_AUTHENTICATION, "Authentication Protocol" },
    { DSP_AVP_APPLICATION, "Application Protocol" },
    { 0, NULL }
};

static const value_string strings_2008_1_dsp_values[] = {
    { 1, "DOF Object Access Protocol (version 1)" },
    { 3, "DOF Ticket Exchange Protocol (version 1)" },
    { 0, NULL }
};
#endif

static int ett_2008_1_dsp_12;
static int ett_2008_1_dsp_12_options;
static int ett_2008_1_dsp_12_option;

/* DAP V1 (OAP - OBJECT ACCESS PROTOCOL V1) */
/* This is the defined protocol id for OAP. */
#define DOF_PROTOCOL_OAP_1 1
/* There are two "protocols", one hooks into DSP and the other to DOF. */
static int proto_oap_1;
static int proto_oap_1_dsp;

/* OAP DSP protocol items. */
static int hf_oap_1_dsp_option;

/* OAP protocol items. */
static int hf_oap_1_opcode;

static int hf_oap_1_alias_size;
static int hf_oap_1_flags;
static int hf_oap_1_exception_internal_flag;
static int hf_oap_1_exception_final_flag;
static int hf_oap_1_exception_provider_flag;
static int hf_oap_1_cmdcontrol;
static int hf_oap_1_cmdcontrol_cache_flag;
static int hf_oap_1_cmdcontrol_verbosity_flag;
static int hf_oap_1_cmdcontrol_noexecute_flag;
static int hf_oap_1_cmdcontrol_ack_flag;
static int hf_oap_1_cmdcontrol_delay_flag;
static int hf_oap_1_cmdcontrol_heuristic_flag;
static int hf_oap_1_cmdcontrol_heuristic;
static int hf_oap_1_cmdcontrol_cache;
static int hf_oap_1_cmdcontrol_ackcnt;
static int hf_oap_1_cmdcontrol_ack;

#if 0 /* not used yet */
static int hf_oap_1_opinfo_start_frame;
static int hf_oap_1_opinfo_end_frame;
static int hf_oap_1_opinfo_timeout;
#endif

static int hf_oap_1_providerid;
static int ett_oap_1_1_providerid;

static int hf_oap_1_objectid;
static int ett_oap_1_objectid;

static int hf_oap_1_interfaceid;
static int hf_oap_1_itemid;

#if 0 /* not used yet */
static int hf_oap_1_distance;
#endif

static int hf_oap_1_alias;
static int hf_oap_1_alias_frame;

static int hf_oap_1_subscription_delta;
static int hf_oap_1_update_sequence;
static int hf_oap_1_value_list;

static int ett_oap_1_dsp;
static int ett_oap_1_dsp_options;

static int ett_oap_1;
static int ett_oap_1_opinfo;
static int ett_oap_1_cmdcontrol;
static int ett_oap_1_cmdcontrol_flags;
static int ett_oap_1_cmdcontrol_ack;
static int ett_oap_1_alias;

static int * const bitmask_oap_1_cmdcontrol_flags[] = {
    &hf_oap_1_cmdcontrol_cache_flag,
    &hf_oap_1_cmdcontrol_verbosity_flag,
    &hf_oap_1_cmdcontrol_noexecute_flag,
    &hf_oap_1_cmdcontrol_ack_flag,
    &hf_oap_1_cmdcontrol_delay_flag,
    &hf_oap_1_cmdcontrol_heuristic_flag,
    NULL
};

static expert_field ei_oap_no_session;

static GHashTable *oap_1_alias_to_binding;

#define OAP_1_RESPONSE                    (0x80)
#define OAP_1_CMD_ACTIVATE                28
#define OAP_1_RSP_ACTIVATE                (OAP_1_CMD_ACTIVATE|OAP_1_RESPONSE)
#define OAP_1_CMD_ADVERTISE               5
#define OAP_1_RSP_ADVERTISE               (OAP_1_CMD_ADVERTISE|OAP_1_RESPONSE)
#define OAP_1_CMD_CHANGE                  2
#define OAP_1_RSP_CHANGE                  (OAP_1_CMD_CHANGE|OAP_1_RESPONSE)
#define OAP_1_CMD_CONNECT                 4
#define OAP_1_RSP_CONNECT                 (OAP_1_CMD_CONNECT|OAP_1_RESPONSE)
#define OAP_1_CMD_DEFINE                  6
#define OAP_1_RSP_DEFINE                  (OAP_1_CMD_DEFINE|OAP_1_RESPONSE)
#define OAP_1_CMD_EXCEPTION               9
#define OAP_1_RSP_EXCEPTION               (OAP_1_CMD_EXCEPTION|OAP_1_RESPONSE)
#define OAP_1_CMD_FULL_CONNECT            3
#define OAP_1_RSP_FULL_CONNECT            (OAP_1_CMD_FULL_CONNECT|OAP_1_RESPONSE)
#define OAP_1_CMD_GET                     10
#define OAP_1_RSP_GET                     (OAP_1_CMD_GET|OAP_1_RESPONSE)
#define OAP_1_CMD_INVOKE                  12
#define OAP_1_RSP_INVOKE                  (OAP_1_CMD_INVOKE|OAP_1_RESPONSE)
#define OAP_1_CMD_OPEN                    14
#define OAP_1_RSP_OPEN                    (OAP_1_CMD_OPEN|OAP_1_RESPONSE)
#define OAP_1_CMD_PROVIDE                 16
#define OAP_1_RSP_PROVIDE                 (OAP_1_CMD_PROVIDE|OAP_1_RESPONSE)
#define OAP_1_CMD_REGISTER                25
#define OAP_1_RSP_REGISTER                (OAP_1_CMD_REGISTER|OAP_1_RESPONSE)
#define OAP_1_CMD_SET                     20
#define OAP_1_RSP_SET                     (OAP_1_CMD_SET|OAP_1_RESPONSE)
#define OAP_1_CMD_SIGNAL                  22
#define OAP_1_RSP_SIGNAL                  (OAP_1_CMD_SIGNAL|OAP_1_RESPONSE)
#define OAP_1_CMD_SUBSCRIBE               24
#define OAP_1_RSP_SUBSCRIBE               (OAP_1_CMD_SUBSCRIBE|OAP_1_RESPONSE)
#define OAP_1_CMD_WATCH                   30
#define OAP_1_RSP_WATCH                   (OAP_1_CMD_WATCH|OAP_1_RESPONSE)

static const value_string oap_opcode_strings[] = {
    { OAP_1_CMD_ACTIVATE, "OAP Activate" },
    { OAP_1_RSP_ACTIVATE, "OAP Activate Response (Illegal)" },
    { OAP_1_CMD_ADVERTISE, "OAP Advertise" },
    { OAP_1_RSP_ADVERTISE, "OAP Advertise Response (Illegal)" },
    { OAP_1_CMD_CHANGE, "OAP Change" },
    { OAP_1_RSP_CHANGE, "OAP Change Response (Illegal)" },
    { OAP_1_CMD_CONNECT, "OAP Connect" },
    { OAP_1_RSP_CONNECT, "OAP Connect Response (Illegal)" },
    { OAP_1_CMD_DEFINE, "OAP Define" },
    { OAP_1_RSP_DEFINE, "OAP Define Response" },
    { OAP_1_CMD_EXCEPTION, "OAP Exception (Illegal)" },
    { OAP_1_RSP_EXCEPTION, "OAP Exception Response" },
    { OAP_1_CMD_FULL_CONNECT, "OAP Full Connect" },
    { OAP_1_RSP_FULL_CONNECT, "OAP Full Connect Response (Illegal)" },
    { OAP_1_CMD_GET, "OAP Get" },
    { OAP_1_RSP_GET, "OAP Get Response" },
    { OAP_1_CMD_INVOKE, "OAP Invoke" },
    { OAP_1_RSP_INVOKE, "OAP Invoke Response" },
    { OAP_1_CMD_OPEN, "OAP Open" },
    { OAP_1_RSP_OPEN, "OAP Open Response" },
    { OAP_1_CMD_PROVIDE, "OAP Provide" },
    { OAP_1_RSP_PROVIDE, "OAP Provide Response (Illegal)" },
    { OAP_1_CMD_REGISTER, "OAP Register" },
    { OAP_1_RSP_REGISTER, "OAP Register Response" },
    { OAP_1_CMD_SET, "OAP Set" },
    { OAP_1_RSP_SET, "OAP Set Response" },
    { OAP_1_CMD_SIGNAL, "OAP Signal" },
    { OAP_1_RSP_SIGNAL, "OAP Signal Response (Illegal)" },
    { OAP_1_CMD_SUBSCRIBE, "OAP Subscribe" },
    { OAP_1_RSP_SUBSCRIBE, "OAP Subscribe Response" },
    { OAP_1_CMD_WATCH, "OAP Watch" },
    { OAP_1_RSP_WATCH, "OAP Watch Response (Illegal)" },

    { 0, NULL }
};

typedef struct _alias_key
{
    uint32_t session;
    uint32_t sender;
    uint32_t alias;
} oap_1_alias_key;

static unsigned oap_1_alias_hash_func(const void *ptr)
{
    const oap_1_alias_key *key = (const oap_1_alias_key *)ptr;
    return g_int_hash(&key->session) + g_int_hash(&key->sender) + g_int_hash(&key->alias);
}

static int oap_1_alias_equal_func(const void *ptr1, const void *ptr2)
{
    const oap_1_alias_key *key1 = (const oap_1_alias_key *)ptr1;
    const oap_1_alias_key *key2 = (const oap_1_alias_key *)ptr2;

    if (key1->session != key2->session)
        return 0;

    if (key1->sender != key2->sender)
        return 0;

    if (key1->alias != key2->alias)
        return 0;

    return 1;
}

typedef struct
{
    uint8_t *oid;
    uint16_t oid_length;
    uint8_t *iid;
    uint16_t iid_length;
    uint32_t frame;
} oap_1_binding;

typedef struct oap_1_binding_list
{
    oap_1_binding *binding;
    struct oap_1_binding_list *next;
} oap_1_binding_list;

typedef struct
{
    oap_1_binding *resolved_alias;
} oap_1_packet_data;

static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key);

static int oap_1_tree_add_alias(dof_api_data *api_data, oap_1_packet_data *oap_packet _U_, dof_packet_data *packet, proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int offset, uint8_t alias_length, uint8_t resolve)
{
    dof_session_data *session = api_data->session;
    proto_item *ti;
    proto_tree *options_tree;

    if (alias_length == 0)
    /* TODO: Output error. */
        return offset;

    if (session == NULL)
    /* TODO: Output error. */
        return offset;

    ti = proto_tree_add_item(tree, hf_oap_1_alias, tvb, offset, alias_length, ENC_BIG_ENDIAN);

    if (resolve)
    {
        oap_1_binding *binding = NULL;
        oap_1_alias_key key;
        int i;
        uint32_t alias;

        alias = 0;
        for (i = 0; i < alias_length; i++)
            alias = (alias << 8) | tvb_get_uint8(tvb, offset + i);

        key.session = session->session_id;
        key.sender = packet->sender_id;
        key.alias = alias;
        binding = oap_1_resolve_alias(&key);

        if (binding)
        {
            options_tree = proto_item_add_subtree(ti, ett_oap_1_alias);

            /* Decode the Interface */
            ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, 0, 0, binding->iid, "%s", dof_iid_create_standard_string(pinfo->pool, binding->iid_length, binding->iid));
            proto_item_set_generated(ti);

            /* Decode the Object ID */
            ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, 0, 0, binding->oid, "%s", dof_oid_create_standard_string(pinfo->pool, binding->oid_length, binding->oid, pinfo));
            proto_item_set_generated(ti);

            proto_tree_add_uint_format(options_tree, hf_oap_1_alias_frame,
                                       tvb, 0, 0, binding->frame,
                                       "This alias is defined in frame %u",
                                       binding->frame);
        }
    }

    return offset + alias_length;
}

static int oap_1_tree_add_interface(proto_tree *tree, tvbuff_t *tvb, int offset)
{
    uint8_t registry;
    uint8_t len;

    registry = tvb_get_uint8(tvb, offset);
    len = registry & 0x03;
    /* XXX - The DOF specifications indicate "len [bits] equal to 0 is invalid"
     * Why is a length of 16 bytes used in that case, and why is it handled
     * differently in InterfaceID_ToString? */
    if (len == 0)
        len = 16;
    else
        len = 1 << (len - 1);

    proto_tree_add_item(tree, hf_oap_1_interfaceid, tvb, offset, 1 + len, ENC_NA);
    return offset + 1 + len;
}

static int oap_1_tree_add_binding(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset)
{
  /*  uint8_t cl; */

    offset = oap_1_tree_add_interface(tree, tvb, offset);

#if 0 /* this seems to be dead code - check! */
    cl = tvb_get_uint8(tvb, offset);
    if (cl & 0x80)
        len = tvb_get_uint8(tvb, offset + 2);
    else
        len = tvb_get_uint8(tvb, offset + 1);
#endif

    offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, tree,
                                      offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);
    return offset;
}

static int oap_1_tree_add_cmdcontrol(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
    proto_item *ti;
    proto_tree *opinfo_tree;
    uint8_t flags;

    flags = tvb_get_uint8(tvb, offset);

    ti = proto_tree_add_bitmask(tree, tvb, offset, hf_oap_1_cmdcontrol, ett_oap_1_cmdcontrol_flags, bitmask_oap_1_cmdcontrol_flags, ENC_NA);
    opinfo_tree = proto_item_add_subtree(ti, ett_oap_1_cmdcontrol);

    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_cache_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_verbosity_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_noexecute_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ack_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_delay_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_heuristic_flag, tvb, offset, 1, ENC_NA);

    offset += 1;

    if (flags & 0x01)
    {
        /* Heuristic */
        int heur_len;
        uint16_t heur;
        proto_item *pi;

        read_c2(tvb, offset, &heur, &heur_len);
        pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_heuristic, tvb, offset, heur_len, heur, "Heuristic Value: %hu", heur);
        validate_c2(pinfo, pi, heur, heur_len);
        offset += heur_len;
    }

    if (flags & 0x04)
    {
        /* Ack List */
        uint8_t ackcnt;
        uint8_t i;

        ackcnt = tvb_get_uint8(tvb, offset);
        proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ackcnt, tvb, offset, 1, ENC_NA);
        offset += 1;

        for (i = 0; i < ackcnt; i++)
        {
            offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, opinfo_tree,
                                              offset, hf_oap_1_cmdcontrol_ack, ett_oap_1_cmdcontrol_ack, NULL);
        }
    }

    if (flags & 0x40)
    {
        /* Cache Delay */
        int cache_len;
        uint16_t cache;
        proto_item *pi;

        read_c2(tvb, offset, &cache, &cache_len);
        pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_cache, tvb, offset, cache_len, cache, "Cache Delay: %hu", cache);
        validate_c2(pinfo, pi, cache, cache_len);
        offset += cache_len;
    }

    return offset;
}

/**
 * Define an alias. This routine is called for each Provide operation that includes an alias assignment.
 * It is also called for retries of Provide operations.
 * The alias is defined for the duration of the Provide. This means that if the operation is cancelled
 * then the alias should no longer be valid.
 * The alias is associated with an oap_session, an dof_node, and the alias itself. Aliases
 * may be reused as long as the previous use has expired, and so the list is stored in reverse
 * order.
 *
 * NOTE: The alias is passed as a structure pointer, and must be reallocated if it is stored in
 * the hash.
 */
static void oap_1_define_alias(dof_api_data *api_data, uint32_t alias, oap_1_binding *binding)
{
    /* The definer of an alias is the sender, in the session. */
    dof_session_data *session = api_data->session;
    dof_packet_data *packet = (dof_packet_data *)api_data->packet;
    uint32_t session_id;
    uint32_t sender_id;
    oap_1_alias_key key;

    if (!session)
        return;

    session_id = session->session_id;
    sender_id = packet->sender_id;

    if (!binding)
        return;

    key.session = session_id;
    key.sender = sender_id;
    key.alias = alias;

    /* If there isn't an entry for the alias, then we need to create one.
    * The first entry will be the binding we are defining.
    */
    if (!g_hash_table_lookup(oap_1_alias_to_binding, &key))
    {
        oap_1_alias_key *alias_ptr = wmem_new0(wmem_file_scope(), oap_1_alias_key);
        memcpy(alias_ptr, &key, sizeof(oap_1_alias_key));
        g_hash_table_insert(oap_1_alias_to_binding, alias_ptr, binding);
    }
}

/**
 * Given an oap_alias, resolve it to an oap_1_binding. This assumes that the destination of the
 * packet is the one that defined the alias.
 */
static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key)
{
    /* The first lookup is inside the session based on defining node. */
    return (oap_1_binding *)g_hash_table_lookup(oap_1_alias_to_binding, key);
}

/* DAP V128 (TEP - TICKET EXCHANGE PROTOCOL V1) */
#define DOF_PROTOCOL_TEP 128
#define DSP_TEP_FAMILY 0x000000
static int proto_tep;
static int proto_tep_dsp;

static int hf_dsp_option;

static int ett_tep_operation;
static int hf_tep_operation;
static int hf_tep_operation_type;
static int hf_tep_opcode;
static int hf_tep_k;
static int hf_tep_c;
static int hf_tep_reject_code;
static int hf_tep_reject_data;

static const true_false_string tep_optype_vals = { "DPP Response", "DPP Command" };

/* TEP.2.1 */
static int ett_tep_2_1_domain;
static int hf_tep_2_1_domain;
static int ett_tep_2_1_initiator_block;
static int hf_tep_2_1_initiator_block;
static int hf_tep_2_1_ticket_confirmation;

/* TEP.2.2 */
static int ett_tep_2_2_initiator_ticket;
static int hf_tep_2_2_initiator_ticket;
static int hf_tep_2_2_ticket_confirmation;
static int ett_tep_2_2_responder_initialization;
static int hf_tep_2_2_responder_initialization;
static int ett_tep_2_2_responder_block;
static int hf_tep_2_2_responder_block;
static int ett_tep_2_2_authenticator_initialization;
static int hf_tep_2_2_authenticator_initialization;

/* TEP.2.2.1 */
static int hf_tep_2_2_1_state_identifier;
static int ett_tep_2_2_1_initial_state;
static int hf_tep_2_2_1_initial_state;

static int hf_tep_session_key;

static int ett_tep_dsp;
static int ett_tep_dsp_options;
static int ett_tep;

#if 0 /* not used yet */
static const value_string tep_filter_existing[] = {
    { 1, "Include Existing Matches" },
    { 0, "Exclude Existing Matches" },
    { 0, NULL }
};
#endif

#define TEP_OPCODE_RSP                                                  (0x80)
#define TEP_OPCODE_C                                                    (0x20)
#define TEP_OPCODE_K                                                    (0x10)
#define TEP_PDU_REJECT                                                  (TEP_OPCODE_RSP|0)
#define TEP_PDU_REQUEST                                                 (1)
#define TEP_PDU_END_SESSION                                             (5)
#define TEP_PDU_SESSION_ENDING                                  (6)

#define TEP_PDU_REQUEST_KEY                                             (TEP_OPCODE_K|TEP_PDU_REQUEST)
#define TEP_PDU_CONFIRM                                                 (TEP_OPCODE_C|TEP_PDU_REQUEST)
#define TEP_PDU_ACCEPT                                                  (TEP_OPCODE_RSP|TEP_PDU_REQUEST)
#define TEP_PDU_CONFIRM_ACK                                             (TEP_OPCODE_RSP|TEP_OPCODE_C|TEP_PDU_REQUEST)

static const value_string tep_opcode_strings[] = {
    { TEP_PDU_REJECT, "TEP Reject" },
    { TEP_PDU_REQUEST, "TEP Request" },
    { TEP_PDU_END_SESSION, "TEP End Session" },
    { TEP_PDU_SESSION_ENDING, "TEP Session Ending" },

    { TEP_PDU_REQUEST_KEY, "TEP Rekey" },
    { TEP_PDU_CONFIRM, "TEP Confirm" },
    { TEP_PDU_ACCEPT, "TEP Accept" },
    { TEP_PDU_CONFIRM_ACK, "TEP Confirm Ack" },

    { 0, NULL }
};

#if 0 /* not use yet */
static const value_string tep_error_strings[] = {
    { 1, "Parse Error" },
    { 2, "Access Denied" },
    { 3, "Duration Not Supported" },
    { 4, "Authentication Failed" },
    { 0, NULL }
};
#endif

/* Initialized to zero. */
typedef struct tep_rekey_data
{
    /* Stored from the K bit of the Request PDU. */
    bool is_rekey;

    /* Stored from the key request for non-secure rekeys. Otherwise 0 and NULL. */
    uint8_t domain_length;
    uint8_t *domain;

    /* Stored from the identity of the Request PDU. Seasonal. */
    uint8_t *i_identity;
    uint8_t i_identity_length;

    /* Stored from the nonce of the Request PDU. Seasonal. */
    uint8_t *i_nonce;
    uint8_t i_nonce_length;

    /* Stored from the identity of the Request response PDU. Seasonal. */
    uint8_t *r_identity;
    uint8_t r_identity_length;

    /* Stored from the nonce of the Request response PDU. Seasonal. */
    uint8_t *r_nonce;
    uint8_t r_nonce_length;

    uint16_t security_mode;
    uint32_t security_mode_data_length;
    uint8_t *security_mode_data;

    /* Security session data for this rekey, if is_rekey is true. */
    dof_session_key_exchange_data *key_data;
} tep_rekey_data;

/* DAP V129 (TRP - TICKET REQUEST PROTOCOL V2) */
#define DOF_PROTOCOL_TRP 129
#define DSP_TRP_FAMILY 0x030000
typedef struct _trp_packet_data
{
    uint8_t *domain;
    uint8_t domain_length;
    uint8_t *identity;
    uint8_t identity_length;
    uint8_t *group;
    uint8_t group_length;
    uint8_t *block_I;
    uint16_t block_I_length;
    uint8_t *secret;
    bool kek_known;
} trp_packet_data;


static int proto_trp;
static int proto_trp_dsp;

static int hf_trp_dsp_option;

static int hf_trp_opcode;
static int hf_domain;
static int hf_identity_resolution;
static int hf_initiator_request;
static int hf_responder_request;
static int hf_initiator_ticket;
static int hf_responder_ticket;
static int hf_authentication_block;
static int hf_group_identifier;
static int hf_node_identifier;
static int hf_thb;
static int hf_tmin;
static int hf_tmax;
static int hf_trp_epoch;
static int hf_sidg;
static int hf_security_scope;
static int hf_security_mode;
static int hf_ssid;
#if 0 /* not used yet */
static int hf_initiator_pg;
#endif
static int hf_initiator_validation;
static int hf_responder_pg;
static int hf_responder_validation;

static int hf_trp_errorcode;
static int hf_trp_duration;
#if 0 /* not used yet */
static int hf_trp_rnonce;
static int hf_trp_pnonce;
static int hf_trp_reqid;
static int hf_trp_provid;
static int hf_trp_perm_count;
static int hf_trp_perm_type;
static int hf_trp_perm_rcache;
static int hf_trp_perm_rsrp;
static int hf_trp_perm_rsrp_a;
static int hf_trp_perm_rsrp_u;
static int hf_trp_perm_rflags;
static int hf_trp_perm_pcache;
static int hf_trp_perm_psrp;
static int hf_trp_perm_psrp_a;
static int hf_trp_perm_psrp_u;
static int hf_trp_perm_psrp_b;
static int hf_trp_perm_psrp_s;
static int hf_trp_perm_pflags;
static int hf_trp_confirmation;
static int hf_trp_perm_pke;
static int hf_trp_perm_pka;
#endif

static int ett_trp_dsp;
static int ett_trp;
static int ett_domain;
static int ett_identity_resolution;
static int ett_initiator_request;
static int ett_initiator_ticket;
static int ett_responder_request;
static int ett_responder_ticket;
static int ett_authentication_block;
static int ett_group_identifier;
static int ett_node_identifier;
static int ett_sidg;
static int ett_security_scope;
static int ett_security_mode;
static int ett_initiator_pg;
static int ett_initiator_validation;
static int ett_responder_pg;
static int ett_responder_validation;


static int ett_trp_permset;
static int ett_srp_flags;
static int ett_trp_ticket;

static expert_field ei_trp_initiator_id_known;
static expert_field ei_trp_kek_discovered;

#define TRP_RESPONSE                    (0x80)

#define TRP_RSP_REJECT                                                  (TRP_RESPONSE|0)
#define TRP_CMD_REQUEST_KEK                                             (1)
#define TRP_RSP_REQUEST_KEK                                             (TRP_RESPONSE|TRP_CMD_REQUEST_KEK)
#define TRP_CMD_REQUEST_RANDOM                                  (2)
#define TRP_RSP_REQUEST_RANDOM                                  (TRP_RESPONSE|TRP_CMD_REQUEST_RANDOM)
#define TRP_CMD_REQUEST_SESSION                                 (3)
#define TRP_RSP_REQUEST_SESSION                                 (TRP_RESPONSE|TRP_CMD_REQUEST_SESSION)
#define TRP_CMD_REQUEST_SECURITY_SCOPES                 (4)
#define TRP_RSP_REQUEST_SECURITY_SCOPES                 (TRP_RESPONSE|TRP_CMD_REQUEST_SECURITY_SCOPES)
#define TRP_CMD_RESOLVE_CREDENTIAL                              (6)
#define TRP_RSP_RESOLVE_CREDENTIAL                              (TRP_RESPONSE|TRP_CMD_RESOLVE_CREDENTIAL)
#define TRP_CMD_REQUEST_LOCAL_DOMAIN                    (7)
#define TRP_RSP_REQUEST_LOCAL_DOMAIN                    (TRP_RESPONSE|TRP_CMD_REQUEST_LOCAL_DOMAIN)
#define TRP_CMD_REQUEST_REMOTE_DOMAIN                   (8)
#define TRP_RSP_REQUEST_REMOTE_DOMAIN                   (TRP_RESPONSE|TRP_CMD_REQUEST_REMOTE_DOMAIN)
#define TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN        (TRP_RESPONSE|0x0A)
#define TRP_CMD_VALIDATE_CREDENTIAL                             (9)
#define TRP_RSP_VALIDATE_CREDENTIAL                             (TRP_RESPONSE|TRP_CMD_VALIDATE_CREDENTIAL)

static const value_string trp_opcode_strings[] = {
    { TRP_RSP_REJECT, "Reject" },

    { TRP_CMD_REQUEST_KEK, "TRP Request KEK" },
    { TRP_RSP_REQUEST_KEK, "TRP Request KEK Response" },

    { TRP_CMD_REQUEST_RANDOM, "TRP Request Random" },
    { TRP_RSP_REQUEST_RANDOM, "TRP Request Random Response" },

    { TRP_CMD_REQUEST_SESSION, "TRP Request Session" },
    { TRP_RSP_REQUEST_SESSION, "TRP Request Session Response" },

    { TRP_CMD_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes" },
    { TRP_RSP_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes Response" },

    { TRP_CMD_RESOLVE_CREDENTIAL, "TRP Resolve Credential" },
    { TRP_RSP_RESOLVE_CREDENTIAL, "TRP Resolve Credential Response" },

    { TRP_CMD_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain" },
    { TRP_RSP_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain Response" },

    { TRP_CMD_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain" },
    { TRP_RSP_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain Response" },
    { TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN, "TRP Request Discovered Remote Domain Response" },

    { TRP_CMD_VALIDATE_CREDENTIAL, "TRP Validate Credential" },
    { TRP_RSP_VALIDATE_CREDENTIAL, "TRP Validate Credential Response" },

    { 0, NULL }
};

static const value_string trp_error_strings[] = {
    { 1, "Parse Error" },
    { 2, "Access Denied" },
    { 3, "Unknown Initiator" },
    { 4, "Unknown Responder" },
    { 5, "Unknown Domain" },
    { 6, "High Load" },
    { 7, "Bad Mode" },
    { 8, "Incompatible Security Identifiers" },
    { 127, "Internal Error" },

    { 0, NULL }
};

/* DAP V130 (SGMP - SECURE GROUP MANAGEMENT PROTOCOL V1) */
#define DOF_PROTOCOL_SGMP       130
typedef struct _sgmp_packet_data
{
    uint8_t domain_length;
    uint8_t *domain;

    uint8_t group_length;
    uint8_t *group;

    uint16_t epoch;
    uint8_t *kek;

    unsigned I_length;
    uint8_t *I;
    unsigned A_length;
    uint8_t *A;

    dof_session_data *request_session;
} sgmp_packet_data;

static int proto_sgmp;

static int hf_opcode;
static int hf_sgmp_domain;
static int hf_sgmp_epoch;
static int hf_initiator_block;
static int hf_sgmp_security_scope;
static int hf_initial_state;
static int hf_latest_version;
static int hf_desire;
static int hf_ticket;
static int hf_sgmp_tmin;
static int hf_tie_breaker;
static int hf_delay;
static int hf_key;

static int ett_sgmp;
static int ett_sgmp_domain;
static int ett_initiator_block;
static int ett_sgmp_security_scope;
static int ett_initial_state;
static int ett_ticket;

#define SGMP_RESPONSE                                   (0x80)
#define SGMP_CMD_HEARTBEAT                              (0)
#define SGMP_RSP_HEARTBEAT                              (SGMP_CMD_HEARTBEAT|SGMP_RESPONSE)
#define SGMP_CMD_EPOCH_CHANGED                  (1)
#define SGMP_RSP_EPOCH_CHANGED                  (SGMP_CMD_EPOCH_CHANGED|SGMP_RESPONSE)
#define SGMP_CMD_REKEY                                  (2)
#define SGMP_RSP_REKEY                                  (SGMP_CMD_REKEY|SGMP_RESPONSE)
#define SGMP_CMD_REQUEST_GROUP                  (3)
#define SGMP_RSP_REQUEST_GROUP                  (SGMP_CMD_REQUEST_GROUP|SGMP_RESPONSE)
#define SGMP_CMD_REKEY_EPOCH                    (5)
#define SGMP_RSP_REKEY_EPOCH                    (SGMP_CMD_REKEY_EPOCH|SGMP_RESPONSE)
#define SGMP_CMD_REKEY_MERGE                    (7)
#define SGMP_RSP_REKEY_MERGE                    (SGMP_CMD_REKEY_MERGE|SGMP_RESPONSE)

static const value_string sgmp_opcode_strings[] = {
    { SGMP_CMD_HEARTBEAT, "SGMP Heartbeat" },
    { SGMP_RSP_HEARTBEAT, "SGMP Heartbeat Response (Illegal)" },
    { SGMP_CMD_EPOCH_CHANGED, "SGMP Epoch Changed" },
    { SGMP_RSP_EPOCH_CHANGED, "SGMP Epoch Changed Response (Illegal)" },
    { SGMP_CMD_REKEY, "SGMP Rekey" },
    { SGMP_RSP_REKEY, "SGMP Rekey Response (Illegal)" },
    { SGMP_CMD_REQUEST_GROUP, "SGMP Request Group" },
    { SGMP_RSP_REQUEST_GROUP, "SGMP Request Group Response" },
    { SGMP_CMD_REKEY_EPOCH, "SGMP Rekey Epoch" },
    { SGMP_RSP_REKEY_EPOCH, "SGMP Rekey Epoch Response (Illegal)" },
    { SGMP_CMD_REKEY_MERGE, "SGMP Rekey Merge" },
    { SGMP_RSP_REKEY_MERGE, "SGMP Rekey Merge Response (Illegal)" },

    { 0, NULL }
};


#if 0 /* TODO not used yet */
static bool sgmp_validate_session_key(sgmp_packet_data *cmd_data, uint8_t *confirmation, uint8_t *kek, uint8_t *key)
{
    gcry_mac_hd_t hmac;
    gcry_error_t result;

    result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL);
    if (result != 0)
        return false;

    gcry_mac_setkey(hmac, kek, 32);
    gcry_mac_write(hmac, cmd_data->I, cmd_data->I_length);
    gcry_mac_write(hmac, cmd_data->A, cmd_data->A_length);
    gcry_mac_write(hmac, key, 32);
    result = gcry_mac_verify(hmac, confirmation, sizeof(confirmation));
    return result == 0;
}
#endif

/* DOF SECURITY PROTOCOL */
#define DOF_SECURITY_PROTOCOL "DOF Security Protocol"
static dissector_table_t dof_sec_dissectors;
#define AS_ASSIGNED_SSID 0x40000000

/* DOFSEC Vxxxx (CCM - COUNTER WITH CBC-MAC PROTOCOL V1) */
#define DOF_PROTOCOL_CCM 24577
#define DSP_CCM_FAMILY 0x020000

static int proto_ccm_app;
static int proto_ccm;
static int proto_ccm_dsp;

static int hf_ccm_dsp_option;
static int hf_ccm_dsp_strength_count;
static int hf_ccm_dsp_strength;
static int hf_ccm_dsp_e_flag;
static int hf_ccm_dsp_m_flag;
static int hf_ccm_dsp_tmax;
static int hf_ccm_dsp_tmin;

static const value_string ccm_strengths[] = {
    { 1, "256-bit" },
    { 2, "192-bit" },
    { 3, "128-bit" },
    { 0, NULL }
};
static int hf_ccm_opcode;

static int hf_epp_v1_ccm_flags;
static int hf_epp_v1_ccm_flags_manager;
static int hf_epp_v1_ccm_flags_period;
static int hf_epp_v1_ccm_flags_target;
static int hf_epp_v1_ccm_flags_next_nid;
static int hf_epp_v1_ccm_flags_packet;
static int hf_epp_v1_ccm_tnid;
static int hf_epp_v1_ccm_nnid;
static int hf_epp_v1_ccm_nid;
static int hf_epp_v1_ccm_slot;
static int hf_epp_v1_ccm_pn;

static int ett_header;
static int ett_epp_v1_ccm_flags;

static int ett_ccm_dsp_option;
static int ett_ccm_dsp;
static int ett_ccm;

static expert_field ei_decode_failure;

typedef struct _ccm_session_data
{
    unsigned protocol_id;
    gcry_cipher_hd_t cipher_data;
    GHashTable *cipher_data_table;
    /* Starts at 1, incrementing for each new key. */
    uint32_t period;
    /* Mapping from wire period to absolute periods. */
    uint8_t periods[8];
    uint8_t cipher;
    bool encrypted;
    uint8_t mac_len;
    uint32_t client_datagram_number;
    uint32_t server_datagram_number;
} ccm_session_data;

typedef struct _ccm_packet_data
{
    uint32_t nid;
    uint32_t dn;
    uint32_t period;
} ccm_packet_data;

#define CCM_PDU_PROBE            (0)

static const value_string ccm_opcode_strings[] = {
    { CCM_PDU_PROBE, "Probe" },
    { 0, NULL }
};

/* DOF OBJECT IDENTIFIER (OID) */
#define DOF_OBJECT_IDENTIFIER "DOF Object Identifier"

static dissector_handle_t dof_oid_handle;

static int oid_proto = -1;

static int hf_oid_class;
static int hf_oid_header;
static int hf_oid_attribute;
static int hf_oid_length;
static int hf_oid_data;
static int hf_oid_all_attribute_data;
static int hf_oid_attribute_header;
static int hf_oid_attribute_attribute;
static int hf_oid_attribute_id;
static int hf_oid_attribute_length;
static int hf_oid_attribute_data;
static int hf_oid_attribute_oid;

static int ett_oid;
static int ett_oid_header;
static int ett_oid_attribute;
static int ett_oid_attribute_header;
static int ett_oid_attribute_oid;

/**
 * EXPERT INFOS
 * Expert infos are related to either a PDU type or a specification, and so
 * they are listed separately.
 */
#if 0
static expert_field ei_undecoded;
#endif
static expert_field ei_malformed;
static expert_field ei_implicit_no_op;
static expert_field ei_c2_c3_c4_format;
static expert_field ei_type_4_header_zero;
static expert_field ei_dof_10_flags_zero;
#if 0
static expert_field ei_dof_13_length_specified;
#endif

static expert_field ei_dpp2_dof_10_flags_zero;
static expert_field ei_dpp_default_flags;
static expert_field ei_dpp_explicit_sender_sid_included;
static expert_field ei_dpp_explicit_receiver_sid_included;
static expert_field ei_dpp_no_security_context;
static expert_field ei_dof_6_timeout;

static expert_field ei_security_3_1_invalid_stage;
static expert_field ei_security_4_invalid_bit;
static expert_field ei_security_13_out_of_range;

/**
 * SOURCE IDENTIFIER (SID) SUPPORT
 * Source identifiers are used as part of operation tracking in the
 * DOF Protocol Stack. They are version independent, and associated with
 * a node in the DOF mesh network. Each session is associated with a SID.
 *
 * DPP Manages the SID information, since it is DPP that learns about SIDs.
 * SIDs are complicated because the can be 'unknown' for periods, and then
 * learned later. The requirement here is that all SIDs that can be known
 * are known by the second pass of the dissector (pinfo->visited != 0).
 *
 * There are two hash tables to map to an actual SID. The first goes
 * from sender information to SID ID. During the first pass multiple SID ID
 * may actually refer to the same SID, and so the system must be able to "patch"
 * these values as actual SIDs are learned. The second hash table goes from SID ID
 * to actual SID. This lookup is only known after a real SID has been learned.
 *
 * The hash tables are used in order to look up full SID information when only
 * partial information is known, and must support looking up in both directions
 * based on what is known from a particular PDU.
 */
static GHashTable *node_key_to_sid_id;
static GHashTable *sid_buffer_to_sid_id;
static GHashTable *sid_id_to_sid_buffer;

typedef struct _node_key_to_sid_id_key
{
    int transport_id;
    int transport_node_id;
    int dof_id;
    int dof_node_id;
    int dof_session_id;
} node_key_to_sid_id_key;

static unsigned sender_key_hash_fn(const void *key)
{
    const node_key_to_sid_id_key *sid_key_ptr = (const node_key_to_sid_id_key *)key;
    unsigned result = 0;

    result += g_int_hash(&(sid_key_ptr->transport_id));
    result += g_int_hash(&(sid_key_ptr->transport_node_id));
    result += g_int_hash(&(sid_key_ptr->dof_id));
    result += g_int_hash(&(sid_key_ptr->dof_node_id));
    result += g_int_hash(&(sid_key_ptr->dof_session_id));

    return result;
}

static unsigned sid_buffer_hash_fn(const void *key)
{
    /* The sid buffer is a length byte followed by data. */
    unsigned hash = 5381;
    const uint8_t *str = (const uint8_t *)key;
    uint16_t i;

    for (i = 0; i <= str[0]; i++)
        hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */

    return hash;
}

static gboolean sender_key_equal_fn(const void *key1, const void *key2)
{
    const node_key_to_sid_id_key *sid_key_ptr1 = (const node_key_to_sid_id_key *)key1;
    const node_key_to_sid_id_key *sid_key_ptr2 = (const node_key_to_sid_id_key *)key2;

    if (sid_key_ptr1->transport_id != sid_key_ptr2->transport_id)
        return FALSE;

    if (sid_key_ptr1->transport_node_id != sid_key_ptr2->transport_node_id)
        return FALSE;

    if (sid_key_ptr1->dof_id != sid_key_ptr2->dof_id)
        return FALSE;

    if (sid_key_ptr1->dof_node_id != sid_key_ptr2->dof_node_id)
        return FALSE;

    if (sid_key_ptr1->dof_session_id != sid_key_ptr2->dof_session_id)
        return FALSE;

    return TRUE;
}

static gboolean sid_buffer_equal_fn(const void *key1, const void *key2)
{
    const uint8_t *sb1 = (const uint8_t *)key1;
    const uint8_t *sb2 = (const uint8_t *)key2;

    if (sb1[0] != sb2[0])
        return FALSE;

    return memcmp(sb1 + 1, sb2 + 1, sb1[0]) == 0;
}

static unsigned dpp_next_sid_id = 1;

/**
 * This routine is called for each reset (file load, capture) and is responsible
 * for allocating the SID support hash tables. Previous information is freed
 * if needed.
 */
static void dpp_reset_sid_support(void)
{
    dpp_next_sid_id = 1;

    if (node_key_to_sid_id != NULL)
    {
        g_hash_table_destroy(node_key_to_sid_id);
        node_key_to_sid_id = NULL;
    }

    if (sid_buffer_to_sid_id != NULL)
    {
        g_hash_table_destroy(sid_buffer_to_sid_id);
        sid_buffer_to_sid_id = NULL;
    }

    if (sid_id_to_sid_buffer != NULL)
    {
        g_hash_table_destroy(sid_id_to_sid_buffer);
        sid_id_to_sid_buffer = NULL;
    }

    /* The value is not allocated, so does not need to be freed. */
    node_key_to_sid_id = g_hash_table_new_full(sender_key_hash_fn, sender_key_equal_fn, g_free, NULL);
    sid_buffer_to_sid_id = g_hash_table_new_full(sid_buffer_hash_fn, sid_buffer_equal_fn, g_free, NULL);
    sid_id_to_sid_buffer = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, NULL);
}

/**
 * OPERATION IDENTIFIER SUPPORT
 * Operation identifiers are an extension of a SID, and represent each separate
 * operation in the DOF. They are identified by a SID and an operation count.
 * Like SIDs, they are independent of version (at least in meaning, the formatting
 * may change).
 *
 * The hash is used to look up common operation information each time an operation
 * is seen in any packet.
 */
static GHashTable *dpp_opid_to_packet_data;

static unsigned dpp_opid_hash_fn(const void *opid)
{
    const dof_2009_1_pdu_20_opid *ptr = (const dof_2009_1_pdu_20_opid *)opid;
    return g_int_hash(&ptr->op_sid_id) + g_int_hash(&ptr->op_cnt);
}

static gboolean dpp_opid_equal_fn(const void *opid1, const void *opid2)
{
    const dof_2009_1_pdu_20_opid *ptr1 = (const dof_2009_1_pdu_20_opid *)opid1;
    const dof_2009_1_pdu_20_opid *ptr2 = (const dof_2009_1_pdu_20_opid *)opid2;
    if (ptr1->op_cnt != ptr2->op_cnt)
        return FALSE;
    if (ptr1->op_sid_id != ptr2->op_sid_id)
        return FALSE;

    return TRUE;
}

static void dpp_reset_opid_support(void)
{
    if (dpp_opid_to_packet_data != NULL)
    {
        /* Clear it out. Note that this calls the destroy functions for each element. */
        g_hash_table_destroy(dpp_opid_to_packet_data);
        dpp_opid_to_packet_data = NULL;
    }

    dpp_opid_to_packet_data = g_hash_table_new_full(dpp_opid_hash_fn, dpp_opid_equal_fn, NULL, NULL);
}

/**
 * NON-SECURE SESSION LOOKUP SUPPORT
 */
static GHashTable *dof_ns_session_lookup;

/**
 * NON-SECURE DPS SESSION
 * This is defined by the transport session and the DNP port information.
 */
typedef struct _dof_ns_session_key
{
    unsigned transport_session_id;
    unsigned client;
    unsigned server;
    bool is_secure;
} dof_ns_session_key;

static dof_session_data* dof_ns_session_retrieve(unsigned transport_session_id, unsigned client, unsigned server)
{
    dof_ns_session_key lookup_key;
    dof_session_data *value;

    /* Build a (non-allocated) key to do the lookup. */
    lookup_key.transport_session_id = transport_session_id;
    lookup_key.client = client;
    lookup_key.server = server;

    value = (dof_session_data *)g_hash_table_lookup(dof_ns_session_lookup, &lookup_key);
    if (value)
    {
        /* We found a match. */
        return value;
    }

    return NULL;
}

static void dof_ns_session_define(unsigned transport_session_id, unsigned client, unsigned server, dof_session_data *session_data)
{
    dof_ns_session_key *key;

    /* No match, need to add a key. */
    key = g_new0(dof_ns_session_key, 1);
    key->transport_session_id = transport_session_id;
    key->client = client;
    key->server = server;

    /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
    g_hash_table_insert(dof_ns_session_lookup, key, session_data);
}

/* COMMON PDU DISSECTORS */

/* Security.1 */
static int hf_security_1_permission_type;
static int hf_security_1_length;
static int hf_security_1_data;

static const value_string dof_2008_16_permission_type[] = {
    { 1, "Binding" },
    { 3, "IAM" },
    { 5, "ACTAS" },
    { 128, "Requestor" },
    { 130, "Provider" },
    { 131, "Define" },
    { 133, "Tunnel Domain" },
    { 0, NULL }
};

/* Security.2 */
static int hf_security_2_count;
static int ett_security_2_permission;
static int hf_security_2_permission;

/* Security.3.1 */
static int hf_security_3_1_credential_type;
static int hf_security_3_1_stage;
static int ett_security_3_1_security_node_identifier;
static int hf_security_3_1_security_node_identifier;

/* Security.3.2 */
static int hf_security_3_2_credential_type;
static int hf_security_3_2_stage;
static int hf_security_3_2_length;
static int hf_security_3_2_public_data;

/* Security.4 */
static int hf_security_4_l;
static int hf_security_4_f;
static int hf_security_4_ln;
static int ett_security_4_identity;
static int hf_security_4_identity;
static int hf_security_4_nonce;
static int ett_security_4_permission_set;
static int hf_security_4_permission_set;

/* Security.5 */
static int hf_security_5_mac;
static int hf_security_5_key;

/* Security.6.1 */
static int hf_security_6_1_desired_duration;
static int ett_security_6_1_desired_security_mode;
static int hf_security_6_1_desired_security_mode;
static int ett_security_6_1_initiator_request;
static int hf_security_6_1_initiator_request;

/* Security.6.2 */
static int ett_security_6_2_responder_request;
static int hf_security_6_2_responder_request;

/* Security.6.3 */
static int hf_security_6_3_granted_duration;
static int ett_security_6_3_session_security_scope;
static int hf_security_6_3_session_security_scope;
static int ett_security_6_3_initiator_validation;
static int hf_security_6_3_initiator_validation;
static int ett_security_6_3_responder_validation;
static int hf_security_6_3_responder_validation;

/* Security.9 */
static int hf_security_9_length;
static int hf_security_9_initial_state;

/* Security.10 */
static int hf_security_10_count;
static int hf_security_10_permission_group_identifier;

/* Security.11 */
static int hf_security_11_count;
static int ett_security_11_permission_security_scope;
static int hf_security_11_permission_security_scope;

/* Security.12 */
static int hf_security_12_m;

static const value_string dof_2008_16_security_12_m[] = {
    { 0, "Reference" },
    { 1, "Relative" },
    { 2, "Absolute" },
    { 3, "Continued" },
    { 0, NULL }
};

static int hf_security_12_count;
static int hf_security_12_permission_group_identifier;

static bool
dof_sessions_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data)
{
    ccm_session_data *ccm_data = (ccm_session_data*) user_data;
    gcry_cipher_close(ccm_data->cipher_data);
    if (ccm_data->cipher_data_table) {
        g_hash_table_destroy(ccm_data->cipher_data_table);
    }
    /* unregister this callback */
    return false;
}

static void dof_cipher_data_destroy (void *data)
{
    gcry_cipher_hd_t cipher_data = (gcry_cipher_hd_t) data;
    gcry_cipher_close(cipher_data);
}

static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    proto_item *parent = proto_tree_get_parent(tree);
    uint8_t attribute_code = tvb_get_uint8(tvb, 0);
    uint16_t attribute_data = tvb_get_ntohs(tvb, 1);
    uint8_t option_length = tvb_get_uint8(tvb, 3);

    /* Add the generic representation of the fields. */
    proto_tree_add_item(tree, hf_2008_1_dsp_attribute_code, tvb, 0, 1, ENC_NA);
    proto_tree_add_item(tree, hf_2008_1_dsp_attribute_data, tvb, 1, 2, ENC_BIG_ENDIAN);
    proto_tree_add_item(tree, hf_2008_1_dsp_value_length, tvb, 3, 1, ENC_NA);

    /* Append description to the parent. */
    proto_item_append_text(parent, " (Code=%s/Data=0x%04x)", val_to_str(pinfo->pool, attribute_code, strings_2008_1_dsp_attribute_codes, "%u"), attribute_data);

    if (option_length)
    {
        proto_tree_add_item(tree, hf_2008_1_dsp_value_data, tvb, 4, option_length, ENC_NA);

        /* call the next dissector */
        tvb_set_reported_length(tvb, option_length + 4);
        dissector_try_uint(dsp_option_dissectors, (attribute_code << 16) | attribute_data, tvb, pinfo, tree);
    }
    return option_length + 4;
}

/**
 * Security.1: Permission. This is the base type for
 * permissions, and supports extension.
 */
static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    bool has_length;
    uint16_t length;

    /* Permission Type */
    {
        int start = offset;
        uint16_t value;
        int val_len;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &val_len);
        has_length = (bool)(value % 2);
        pi = proto_tree_add_uint(tree, hf_security_1_permission_type, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, val_len);
    }

    if (!has_length)
        return offset;

    /* Length */
    {
        int start = offset;
        uint16_t value;
        int value_len;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &value_len);
        length = value;
        pi = proto_tree_add_uint(tree, hf_security_1_length, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, value_len);
    }

    /* Data */
    proto_tree_add_item(tree, hf_security_1_data, tvb, offset, length, ENC_NA);
    offset += length;

    return offset;
}

/**
 * Security.2: Permission Request.
 */
static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint16_t count;

    /* Count */
    {
        int start = offset;
        uint16_t value;
        int length;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &length);
        count = value;
        pi = proto_tree_add_uint(tree, hf_security_2_count, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, length);
    }

    while (count--)
    {
        proto_item *ti = proto_tree_add_item(tree, hf_security_2_permission, tvb, offset, -1, ENC_NA);
        proto_tree *subtree = proto_item_add_subtree(ti, ett_security_2_permission);
        tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
        int len = dissect_2008_16_security_1(next_tvb, pinfo, subtree, NULL);
        proto_item_set_len(ti, len);
        offset += len;
    }

    return offset;
}

/**
 * Security.3.1: Base Credential Format.
 * Returns: dof_2008_16_security_3_1
 */
static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    int offset = 0;
    uint8_t stage;
    proto_item *ti;
    dof_2008_16_security_3_1 *return_data = (dof_2008_16_security_3_1 *)data;

    /* Credential Type */
    {
        int start = offset;
        uint16_t value;
        int length;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &length);
        pi = proto_tree_add_uint(tree, hf_security_3_1_credential_type, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, length);
    }

    /* Stage */
    stage = tvb_get_uint8(tvb, offset);
    ti = proto_tree_add_item(tree, hf_security_3_1_stage, tvb, offset, 1, ENC_NA);
    offset += 1;

    if (stage != 0)
        expert_add_info(pinfo, ti, &ei_security_3_1_invalid_stage);

    /* Security Node Identifier */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_tree *subtree;
        ti = proto_tree_add_item(tree, hf_security_3_1_security_node_identifier, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_3_1_security_node_identifier);
        block_length = dissect_2008_16_security_8(start, pinfo, subtree, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
        tvb_set_reported_length(start, block_length);
        if (return_data)
            return_data->identity = start;
    }

    return offset;
}

/**
 * Security.3.2: Identity Resolution.
 */
int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint16_t length;

    /* Credential Type */
    {
        int start = offset;
        uint16_t value;
        int val_len;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &val_len);
        pi = proto_tree_add_uint(tree, hf_security_3_2_credential_type, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, val_len);
    }

    /* Stage */
    proto_tree_add_item(tree, hf_security_3_2_stage, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* Length */
    {
        int start = offset;
        uint16_t value;
        int value_len;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &value_len);
        length = value;
        pi = proto_tree_add_uint(tree, hf_security_3_2_length, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, value_len);
    }

    /* Public Data */
    proto_tree_add_item(tree, hf_security_3_2_public_data, tvb, offset, length, ENC_NA);
    offset += length;

    return offset;
}

/**
 * Security.4: Key Request. Returns: dof_2008_16_security_4
 */
static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    int offset = 0;
    uint8_t flag;
    dof_2008_16_security_4 *return_data = (dof_2008_16_security_4 *)data;

    flag = tvb_get_uint8(tvb, offset);
    if (flag & 0x30)
        expert_add_info(pinfo, tree, &ei_security_4_invalid_bit);

    proto_tree_add_item(tree, hf_security_4_l, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(tree, hf_security_4_f, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(tree, hf_security_4_ln, tvb, offset, 1, ENC_NA);
    offset += 1;

    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;
        dof_2008_16_security_3_1 return_3_1;

        ti = proto_tree_add_item(tree, hf_security_4_identity, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_4_identity);

        block_length = dissect_2008_16_security_3_1(start, pinfo, subtree, &return_3_1);
        proto_item_set_len(ti, block_length);
        offset += block_length;
        if (return_data)
        {
            return_data->identity = return_3_1.identity;
        }
    }

    {
        tvbuff_t *start = tvb_new_subset_length(tvb, offset, (flag & 0x0F) + 1);
        if (return_data)
            return_data->nonce = start;

        proto_tree_add_item(tree, hf_security_4_nonce, start, 0, (flag & 0x0F) + 1, ENC_NA);
        offset += (flag & 0x0F) + 1;
    }

    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_4_permission_set, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_4_permission_set);
        block_length = dissect_2008_16_security_2(start, pinfo, subtree, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
    }

    return offset;
}

/**
 * Security.5: Key Grant.
 */
static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    int offset = 0;

    proto_tree_add_item(tree, hf_security_5_mac, tvb, offset, 32, ENC_NA);
    offset += 32;

    proto_tree_add_item(tree, hf_security_5_key, tvb, offset, 32, ENC_NA);
    offset += 32;

    return offset;
}

/**
 * Security.6.1: Session Initiator Block.
 * Returns dof_2008_16_security_6_1
 */
static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    int offset = 0;

    /* Allocate the return structure. */
    dof_2008_16_security_6_1 *return_data = (dof_2008_16_security_6_1 *)data;

    /* Desired Duration */
    proto_tree_add_item(tree, hf_security_6_1_desired_duration, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* Desired Security Mode */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_1_desired_security_mode, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_1_desired_security_mode);

        block_length = dissect_2008_16_security_13(start, pinfo, subtree, NULL);
        offset += block_length;
        tvb_set_reported_length(start, block_length);
        proto_item_set_len(ti, block_length);

        if (return_data)
        {
            return_data->security_mode = tvb_get_ntohs(start, 1);
            return_data->security_mode_data_length = block_length - 4;
            return_data->security_mode_data = (uint8_t *)tvb_memdup(wmem_file_scope(), start, 4, block_length - 4);
        }
    }

    /* Initiator Request */
    {
        int block_length;
        dof_2008_16_security_4 output;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_1_initiator_request, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_1_initiator_request);

        block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output);
        proto_item_set_len(ti, block_length);
        offset += block_length;
        if (return_data)
        {
            return_data->i_identity = output.identity;
            return_data->i_nonce = output.nonce;
        }
    }

    return offset;
}

/**
 * Security.6.2: Session Responder Block.
 * Returns dof_2008_16_security_6_2
 */
static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    int offset = 0;
    dof_2008_16_security_6_2 *return_data = (dof_2008_16_security_6_2 *)data;

    /* Responder Request */
    {
        int block_length;
        dof_2008_16_security_4 output;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_2_responder_request, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_2_responder_request);

        block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output);
        proto_item_set_len(ti, block_length);
        offset += block_length;
        if (return_data)
        {
            return_data->r_identity = output.identity;
            return_data->r_nonce = output.nonce;
        }
    }

    return offset;
}

/**
 * Security.6.3: Authentication Response Block.
 */
static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;

    /* Granted Duration */
    proto_tree_add_item(tree, hf_security_6_3_granted_duration, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* Session Security Scope */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_3_session_security_scope, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_3_session_security_scope);
        block_length = dissect_2008_16_security_10(start, pinfo, subtree, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
    }

    /* Initiator Validation */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_3_initiator_validation, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_3_initiator_validation);
        block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
    }

    /* Responder Validation */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        proto_item *ti;
        proto_tree *subtree;

        ti = proto_tree_add_item(tree, hf_security_6_3_responder_validation, tvb, offset, 0, ENC_NA);
        subtree = proto_item_add_subtree(ti, ett_security_6_3_responder_validation);
        block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
    }

    return offset;
}

/**
 * Security.7: Security Domain.
 */
static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    /* Parse the base type. */
    int block_length;

    block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL);

    return block_length;
}

/**
 * Security.8: Security Node Identifier.
 */
static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    /* Parse the base type. */
    int block_length;

    block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL);

    return block_length;
}

/**
 * Security.9: Security Mode of Operation Initialization.
 * If the packet info has knowledge of the active security mode
 * of operation then this datagram can be further decoded.
 */
static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint16_t length;

    /* Length */
    {
        int start = offset;
        uint16_t value;
        int value_len;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &value_len);
        length = value;
        pi = proto_tree_add_uint(tree, hf_security_9_length, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, value_len);
    }

    if (length > 0)
    {
        proto_tree_add_item(tree, hf_security_9_initial_state, tvb, offset, length, ENC_NA);
        offset += length;
    }

    return offset;
}

/**
 * Security.10: Security Scope.
 */
static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint16_t count;

    /* Count */
    {
        int start = offset;
        uint16_t value;
        int length;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &length);
        count = value;
        pi = proto_tree_add_uint(tree, hf_security_10_count, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, length);
    }

    while (count--)
    {
        const char *def = "";

        int start = offset;
        uint32_t value;
        int length;
        proto_item *pi;

        offset = read_c4(tvb, offset, &value, &length);

        switch (value)
        {
        case 0x3FFFFFFF:
            def = " (all scopes)";
            break;
        case 0x3FFFFFFE:
            def = " (doesn't mask)";
            break;
        case 0x3FFFFFFD:
            def = " (session scope)";
            break;
        }

        pi = proto_tree_add_uint_format_value(tree, hf_security_10_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
        validate_c4(pinfo, pi, value, length);
    }

    return offset;
}

/**
 * Security.11: Permission Validation.
 */
static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint16_t count;

    /* Count */
    {
        int start = offset;
        uint16_t value;
        int length;
        proto_item *pi;
        offset = read_c2(tvb, offset, &value, &length);
        count = value;
        pi = proto_tree_add_uint(tree, hf_security_11_count, tvb, start, offset - start, value);
        validate_c2(pinfo, pi, value, length);
    }

    while (count--)
    {
        proto_item *ti = proto_tree_add_item(tree, hf_security_11_permission_security_scope, tvb, offset, -1, ENC_NA);
        proto_tree *subtree = proto_item_add_subtree(ti, ett_security_11_permission_security_scope);
        tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
        int len;
        len = dissect_2008_16_security_12(next_tvb, pinfo, subtree, NULL);
        proto_item_set_len(ti, len);
        offset += len;
    }

    return offset;
}

/**
 * Security.12: Permission Security Scope.
 */
static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint8_t m = tvb_get_uint8(tvb, offset) >> 6;
    uint16_t count = tvb_get_uint8(tvb, offset) & 0x3F;
    proto_item *pi;

    proto_tree_add_item(tree, hf_security_12_m, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(tree, hf_security_12_count, tvb, offset, 1, ENC_NA);
    offset += 1;

    if (m == 0)
        return offset;

    while (count--)
    {
        const char *def = "";

        int start = offset;
        uint32_t value;
        int length;
        offset = read_c4(tvb, offset, &value, &length);

        switch (value)
        {
        case 0x3FFFFFFF:
            def = " (all scopes)";
            break;
        case 0x3FFFFFFE:
            def = " (doesn't mask)";
            break;
        case 0x3FFFFFFD:
            def = " (session scope)";
            break;
        }

        pi = proto_tree_add_uint_format_value(tree, hf_security_12_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
        validate_c4(pinfo, pi, value, length);
    }

    return offset;
}

/**
 * Security.13: Security Mode of Operation Negotiation.
 */
static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    /* Parse the base type. */
    int block_length;
    uint16_t attribute_data;

    /* TODO: Skipping this first byte means that no other encryption modes can be supported. */
    attribute_data = tvb_get_ntohs(tvb, 1);
    if (attribute_data < 0x6000 || attribute_data >= 0x7000)
        expert_add_info(pinfo, tree, &ei_security_13_out_of_range);

    block_length = dissect_2008_1_dsp_1(tvb, pinfo, tree);

    return block_length;
}

/**
 * Dissects a buffer that is pointing at an OID.
 * Adds a subtree with detailed information about the fields of
 * the OID,
 * returns the length of the OID,
 * and appends text to the tree (really a tree item) that is
 * passed in that gives a more accurate description of the OID.
 * Note that the tree already shows the bytes of the OID, so if
 * no additional information can be displayed then it should not
 * be.
 *
 * If 'tree' is NULL then just return the length.
 */
// NOLINTNEXTLINE(misc-no-recursion)
static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    proto_item *ti;
    int start_offset = 0;
    int offset = 0;
    uint32_t oid_class;
    int oid_class_len;
    uint8_t oid_len_byte;
    proto_tree *oid_tree = tree;
    proto_tree *header_tree;

    if (tree)
    {
        ti = proto_tree_get_parent(tree);
        proto_item_set_text(ti, "Object ID: %s", dof_oid_create_standard_string(pinfo->pool, tvb_reported_length(tvb), tvb_get_ptr(tvb, 0, tvb_reported_length(tvb)), pinfo));
    }

    offset = read_c4(tvb, offset, &oid_class, &oid_class_len);
    ti = proto_tree_add_uint_format(oid_tree, hf_oid_class, tvb, start_offset, offset - start_offset, oid_class, "Class: %u", oid_class);
    validate_c4(pinfo, ti, oid_class, oid_class_len);

    oid_len_byte = tvb_get_uint8(tvb, offset);
    ti = proto_tree_add_uint_format(oid_tree, hf_oid_header, tvb,
                                    offset, 1, oid_len_byte, "Header: 0x%02x (%sLength=%d)", oid_len_byte, oid_len_byte & 0x80 ? "Attribute, " : "", oid_len_byte & 0x3F);

    header_tree = proto_item_add_subtree(ti, ett_oid_header);
    proto_tree_add_item(header_tree, hf_oid_attribute, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(header_tree, hf_oid_length, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* Validate the flag byte */
    if (oid_len_byte & 0x40)
    {
        /* Type.4 Malformed (bit mandated zero). */
        expert_add_info(pinfo, ti, &ei_type_4_header_zero);
    }

    if ((oid_len_byte & 0x3F) > 0)
    {
        /* Add the raw data. */
        proto_tree_add_item(oid_tree, hf_oid_data, tvb, offset, oid_len_byte & 0x3F, ENC_NA);
        offset += oid_len_byte & 0x3F;
    }

    /* Check for attributes */
    if (oid_len_byte & 0x80)
    {
        /* Read attributes, adding them to oid_tree. */
        uint8_t flag;

        do
        {
            tvbuff_t *packet = tvb_new_subset_remaining(tvb, offset);
            proto_tree *attribute_tree;
            int attribute_length;

            ti = proto_tree_add_item(tree, hf_oid_all_attribute_data, tvb, offset, -1, ENC_NA);
            attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute);
            flag = tvb_get_uint8(tvb, offset);
            increment_dissection_depth(pinfo);
            attribute_length = dissect_2009_11_type_5(packet, pinfo, attribute_tree);
            decrement_dissection_depth(pinfo);
            proto_item_set_len(ti, (const int)attribute_length);
            offset += attribute_length;
        }
        while (flag & 0x80);
    }

    if (tree)
    {
        ti = proto_tree_get_parent(tree);
        proto_item_set_len(ti, offset - start_offset);
    }

    /* TODO: Add the description. */
    /* proto_item_append_text( oid_tree, ": %s", "TODO" ); */
    return offset;
}

/**
 * Dissects a buffer that is pointing at an attribute.
 * Adds a subtree with detailed information about the fields of
 * the attribute,
 * returns the new offset,
 * and appends text to the tree (really a tree item) that is
 * passed in that gives a more accurate description of the
 * attribute.
 * Note that the tree already shows the bytes of the OID, so if
 * no additional information can be displayed then it should not
 * be.
 *
 * If 'tree' is NULL then just return the length.
 */
// NOLINTNEXTLINE(misc-no-recursion)
static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    proto_item *ti;
    int offset = 0;
    uint8_t attribute_id_byte;
    uint8_t attribute_length_byte;
    proto_tree *oid_tree = tree;
    proto_tree *header_tree;

    attribute_id_byte = tvb_get_uint8(tvb, offset);
    ti = proto_tree_add_uint_format(oid_tree, hf_oid_attribute_header, tvb,
                                    offset, 1, attribute_id_byte, "Header: 0x%02x (%sLength=%d)", attribute_id_byte, attribute_id_byte & 0x80 ? "Attribute, " : "", attribute_id_byte & 0x3F);

    header_tree = proto_item_add_subtree(ti, ett_oid_attribute_header);
    proto_tree_add_item(header_tree, hf_oid_attribute_attribute, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(header_tree, hf_oid_attribute_id, tvb, offset, 1, ENC_NA);
    offset += 1;

    attribute_length_byte = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(oid_tree, hf_oid_attribute_length, tvb, offset, 1, ENC_NA);
    offset += 1;

    switch (attribute_id_byte & 0x7F)
    {
    case 1:
        /* TODO: Check length */
        proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
        offset += attribute_length_byte;
        break;

    case 0:
    case 2:
    {
        tvbuff_t *packet = tvb_new_subset_length(tvb, offset, attribute_length_byte);
        proto_tree *attribute_tree;

        ti = proto_tree_add_item(tree, hf_oid_attribute_oid, tvb, offset, -1, ENC_NA);
        attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute_oid);
        increment_dissection_depth(pinfo);
        offset += dissect_2009_11_type_4(packet, pinfo, attribute_tree, NULL);
        decrement_dissection_depth(pinfo);
    }
        break;

    default:
        proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
        offset += attribute_length_byte;
    }

    return offset;
}


/* Transport Session ID */
static dof_globals globals;

/* Static Methods. */

static dof_packet_data* create_packet_data(packet_info *pinfo);
static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, uint8_t version, int *offset);
#define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )


/* Configuration structures. These tables allow for security
 * mode templates, security keys, and secrets to be configured.
 */

static bool decrypt_all_packets;
static bool track_operations;
static unsigned track_operations_window = 5;
static uint32_t next_dof_frame = 1;

/* Structure for security mode of operation templates. */
typedef struct _secmode_field_t {
    char *domain;
    char *identity;
    char *kek;
} secmode_field_t;

static secmode_field_t *secmode_list;
static unsigned num_secmode_list;

/* Structure for security keys. */
typedef struct _seckey_field_t {
    char *key;
} seckey_field_t;

/* Structure for secrets (for identities) */
typedef struct _identsecret_field_t {
    char *domain;
    char *identity;
    char *secret;
} identsecret_field_t;

typedef struct _tcp_ignore_data
{
    uint32_t sequence;
    bool ignore;
    struct _tcp_ignore_data *next;
} tcp_ignore_data;

typedef struct _tcp_dof_packet_ref
{
    /* A single TCP frame can contain multiple packets. We must
     * be able to keep track of them all.
     */
    dof_api_data api_data;

    uint16_t start_offset;
    dof_transport_packet transport_packet;
    struct _tcp_dof_packet_ref *next;
} tcp_dof_packet_ref;

/**
 * This structure exists for TCP packets and allows matching Wireshark frames to
 * DPS packets.
 */
typedef struct _tcp_packet_data
{
    /* Packets are ignored based on the starting TCP SEQ (sequence of first byte). */
    tcp_ignore_data *from_client_ignore_list;
    tcp_ignore_data *from_server_ignore_list;

    /* DPS packet structures contained within a TCP frame. */
    tcp_dof_packet_ref *dof_packets;
} tcp_packet_data;

/**
 * This structure exists for UDP sessions and allows for advanced stream handling
 * and matching Wireshark frames to DPS packets.
 */
typedef struct _udp_session_data
{
    /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
    dof_transport_session common;

    /* For the associated TCP conversation, this tracks the client and server
     * addresses.
     */
    ws_node server;
} udp_session_data;

/* This structure exists for TCP sessions and allows for advanced stream handling
 * and matching Wireshark frames to DPS packets.
 */
typedef struct _tcp_session_data
{
    /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
    dof_transport_session common;

    /* This flag is used to determine that an entire TCP session is NOT OpenDOF.
     * Because of TCP/IP negotiation in the DPS it is easy to confuse arbitrary
     * protocols as OpenDOF. Once it is determined that it is not then this
     * flag can be set, which will turn off all the OpenDOF dissectors.
     */
    bool not_dps;

    /* For the associated TCP conversation, this tracks the client and server
     * addresses.
     */
    ws_node client, server;

    /* TCP sequence numbers, used to detect retransmissions. These are only valid
     * during the first pass through the packets.
     */
    uint32_t from_client_seq;
    uint32_t from_server_seq;

} tcp_session_data;

static dof_security_data global_security;

static uint8_t count_hex_bytes(char *str);

/* Global DPS data structures for security keys. */
static seckey_field_t *seckey_list;
static unsigned num_seckey_list;

/* Global DPS data structures for identity secrets. */
static identsecret_field_t *identsecret_list;
static unsigned num_identsecret_list;


/* Callbacks for Configuration security templates. */
UAT_CSTRING_CB_DEF(secmode_list, domain, secmode_field_t)
UAT_CSTRING_CB_DEF(secmode_list, identity, secmode_field_t)
UAT_CSTRING_CB_DEF(secmode_list, kek, secmode_field_t)

static void secmode_list_post_update_cb(void)
{
}

static bool secmode_list_update_cb(void *r, char **err)
{
    secmode_field_t *rec = (secmode_field_t *)r;
    uint32_t size;

    *err = NULL;

    size = (uint32_t)strlen(rec->domain);
    if (!VALIDHEX(rec->domain[0]) && !dof_oid_create_internal(rec->domain, &size, NULL))
    {
        *err = g_strdup("Invalid domain [must be valid OID].");
        return false;
    }
    else if (!count_hex_bytes(rec->domain))
    {
        *err = g_strdup("Invalid domain [must be valid OID].");
        return false;
    }

    size = (uint32_t)strlen(rec->identity);
    if (!VALIDHEX(rec->identity[0]) && !dof_oid_create_internal(rec->identity, &size, NULL))
    {
        *err = g_strdup("Invalid identity [must be valid OID].");
        return false;
    }
    else if (!count_hex_bytes(rec->identity))
    {
        *err = g_strdup("Invalid identity [must be valid OID].");
        return false;
    }

    if (count_hex_bytes(rec->kek) != 32)
    {
        *err = g_strdup("Invalid KEK [must be 32 byte key].");
        return false;
    }
    return true;
}

static void* secmode_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
    secmode_field_t *new_rec = (secmode_field_t *)n;
    const secmode_field_t *old_rec = (const secmode_field_t *)o;

    new_rec->domain = g_strdup(old_rec->domain);
    new_rec->identity = g_strdup(old_rec->identity);
    new_rec->kek = g_strdup(old_rec->kek);

    return new_rec;
}

static void secmode_list_free_cb(void *r)
{
    secmode_field_t *rec = (secmode_field_t *)r;

    g_free(rec->domain);
    g_free(rec->identity);
    g_free(rec->kek);
}


/* Callbacks for security keys. */
UAT_CSTRING_CB_DEF(seckey_list, key, seckey_field_t)

static void seckey_list_post_update_cb(void)
{
}

static bool seckey_list_update_cb(void *r, char **err)
{
    seckey_field_t *rec = (seckey_field_t *)r;

    *err = NULL;
    if (count_hex_bytes(rec->key) != 32)
    {
        *err = g_strdup("Invalid secret [must be 32 bytes].");
        return false;
    }
    return true;
}

static void* seckey_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
    seckey_field_t *new_rec = (seckey_field_t *)n;
    const seckey_field_t *old_rec = (const seckey_field_t *)o;

    new_rec->key = g_strdup(old_rec->key);

    return new_rec;
}

static void seckey_list_free_cb(void *r)
{
    seckey_field_t *rec = (seckey_field_t *)r;

    g_free(rec->key);
}


/* Callbacks for identity secrets. */
UAT_CSTRING_CB_DEF(identsecret_list, domain, identsecret_field_t)
UAT_CSTRING_CB_DEF(identsecret_list, identity, identsecret_field_t)
UAT_CSTRING_CB_DEF(identsecret_list, secret, identsecret_field_t)

static void identsecret_list_post_update_cb(void)
{
}

static bool identsecret_list_update_cb(void *r, char **err)
{
    identsecret_field_t *rec = (identsecret_field_t *)r;
    uint32_t size;

    *err = NULL;

    size = (uint32_t)strlen(rec->domain);
    if (!VALIDHEX(rec->domain[0]))
    {
        if (dof_oid_create_internal(rec->domain, &size, NULL))
        {
            *err = g_strdup("Invalid domain [must be valid OID].");
            return false;
        }
    }
    else if (!count_hex_bytes(rec->domain))
    {
        *err = g_strdup("Invalid domain [must be valid OID].");
        return false;
    }

    size = (uint32_t)strlen(rec->identity);
    if (!VALIDHEX(rec->identity[0]))
    {
        if (dof_oid_create_internal(rec->identity, &size, NULL))
        {
            *err = g_strdup("Invalid identity [must be valid OID].");
            return false;
        }
    }
    else if (!count_hex_bytes(rec->identity))
    {
        *err = g_strdup("Invalid identity [must be valid OID].");
        return false;
    }

    if (count_hex_bytes(rec->secret) != 32)
    {
        *err = g_strdup("Invalid secret [must be 32 byte key].");
        return false;
    }
    return true;
}

static void* identsecret_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
    identsecret_field_t *new_rec = (identsecret_field_t *)n;
    const identsecret_field_t *old_rec = (const identsecret_field_t *)o;

    new_rec->domain = g_strdup(old_rec->domain);
    new_rec->identity = g_strdup(old_rec->identity);
    new_rec->secret = g_strdup(old_rec->secret);

    return new_rec;
}

static void identsecret_list_free_cb(void *r)
{
    identsecret_field_t *rec = (identsecret_field_t *)r;

    g_free(rec->domain);
    g_free(rec->identity);
    g_free(rec->secret);
}

static void init_addr_port_tables(void);

/* The IP transport protocols need to assign SENDER ID based on the
 * transport address. This requires a hash lookup from address/port to ID.
 */

static GHashTable *addr_port_to_id;

typedef struct _addr_port_key
{
    address addr;
    uint16_t port;
} addr_port_key;

static unsigned addr_port_key_hash_fn(const void *key)
{
    const addr_port_key *addr_key = (const addr_port_key *)key;
    unsigned result = 0;
    unsigned port_as_int = addr_key->port;
    unsigned type_as_int = addr_key->addr.type;

    result += g_int_hash(&port_as_int);
    result += g_int_hash(&type_as_int);

    {
        unsigned hash = 5381;
        const uint8_t *str = (const uint8_t *)addr_key->addr.data;

        for (int i = 0; i < addr_key->addr.len; i++)
            hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */

        result += hash;
    }

    return result;
}

static gboolean addr_port_key_equal_fn(const void *key1, const void *key2)
{
    const addr_port_key *addr_key_ptr1 = (const addr_port_key *)key1;
    const addr_port_key *addr_key_ptr2 = (const addr_port_key *)key2;

    if (addr_key_ptr1->port != addr_key_ptr2->port)
        return FALSE;

    return addresses_equal(&addr_key_ptr1->addr, &addr_key_ptr2->addr);
}

static void addr_port_key_free_fn(void *key)
{
    addr_port_key *addr_port = (addr_port_key *)key;
    g_free(addr_port->addr.priv);
    g_free(addr_port);
}

static void init_addr_port_tables(void)
{
    /* This routine is called each time the system is reset (file load, capture)
     * and so it should take care of freeing any of our persistent stuff.
     */
    if (addr_port_to_id != NULL)
    {
        /* Clear it out. Note that this calls the destroy functions for each element. */
        g_hash_table_destroy(addr_port_to_id);
        addr_port_to_id = NULL;
    }

    /* The value is not allocated, so does not need to be freed. */
    addr_port_to_id = g_hash_table_new_full(addr_port_key_hash_fn, addr_port_key_equal_fn, addr_port_key_free_fn, NULL);
}

static unsigned next_addr_port_id = 1;

#define EP_COPY_ADDRESS(alloc, to, from) { \
    uint8_t *EP_COPY_ADDRESS_data; \
    (to)->type = (from)->type; \
    (to)->len = (from)->len; \
    EP_COPY_ADDRESS_data = (uint8_t*) wmem_alloc(alloc,(from)->len); \
    memcpy(EP_COPY_ADDRESS_data, (from)->data, (from)->len); \
    (to)->priv = EP_COPY_ADDRESS_data; \
    (to)->data = (to)->priv; \
    }

/* Return the transport ID, a unique number for each transport sender.
 */
static unsigned assign_addr_port_id(wmem_allocator_t* allocator, address *addr, uint16_t port)
{
    addr_port_key lookup_key;
    addr_port_key *key;
    unsigned value;

    /* ensure the address contains actual data */
    if (addr->type == AT_NONE)
        return 0;

    /* Build a (non-allocated) key to do the lookup. */

    EP_COPY_ADDRESS(allocator, &lookup_key.addr, addr);
    lookup_key.port = port;

    value = GPOINTER_TO_UINT(g_hash_table_lookup(addr_port_to_id, &lookup_key));
    if (value)
    {
        /* We found a match. */
        return value;
    }

    /* No match, need to add a key. */
    key = g_new0(addr_port_key, 1);
    copy_address(&key->addr, addr);
    key->port = port;

    /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
    g_hash_table_insert(addr_port_to_id, key, GUINT_TO_POINTER(next_addr_port_id));
    return next_addr_port_id++;
}

/* Wireshark Configuration Dialog Routines*/

static bool identsecret_chk_cb(void *r _U_, const char *p _U_, unsigned len _U_, const void *u1 _U_, const void *u2 _U_, char **err _U_)
{
#if 0
    char** protos;
    char* line = ep_strndup(p, len);
    unsigned num_protos, i;

    g_strstrip(line);
    ascii_strdown_inplace(line);

    protos = ep_strsplit(line, ":", 0);

    for (num_protos = 0; protos[num_protos]; num_protos++)
    g_strstrip(protos[num_protos]);

    if (!num_protos)
    {
        *err = g_strdup("No protocols given");
        return false;
    }

    for (i = 0; i < num_protos; i++)
    {
        if (!find_dissector(protos[i]))
        {
            *err = g_strdup("Could not find dissector for: '%s'", protos[i]);
            return false;
        }
    }
#endif
    return true;
}

/* Utility Methods */

static uint8_t count_hex_bytes(char *str)
{
    uint8_t total = 0;

    while (str != NULL && *str != '\0' && *str != '#')
    {
        if (!g_ascii_isxdigit(*str))
        {
            str += 1;
            continue;
        }

        if (!g_ascii_isxdigit(str[1]))
            return 0;

        total += 1;
        str += 2;
    }

    return total;
}

static void parse_hex_string(char *str, uint8_t **ptr, uint8_t *len)
{
    uint8_t j = 0;
    *len = count_hex_bytes(str);
    *ptr = (uint8_t *)g_malloc0(*len);

    while (j < *len)
    {
        int high, low;

        if (!g_ascii_isxdigit(*str))
        {
            str += 1;
            continue;
        }

        high = ws_xton(str[0]);
        low = ws_xton(str[1]);
        (*ptr)[j++] = (high << 4) | low;
        str += 2;
    }
}

/* OID and IID Parsing */

static const uint8_t OALString_HexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };

#define IS_PRINTABLE(c)         ( ((uint8_t)c) >= 32U && ((uint8_t)c) < 127U )
#define IS_ESCAPED(c)           ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )
#define DOFOBJECTID_MAX_CLASS_SIZE (4)
#define MAX_OID_DATA_SIZE                 (63)
#define OID_DATA_LEN_MASK                 (MAX_OID_DATA_SIZE)

#define ObjectID_DataToStringLength( data, dataSize ) ObjectID_DataToString( (data), (dataSize), NULL )
#define OALString_HexDigitToChar(c)     (OALString_HexChar[(c)])
#define DOFObjectIDAttribute_IsValid( attribute ) ((attribute).id < DOFOBJECTIDATTRIBUTE_INVALID)
#define DOFObjectIDAttribute_GetValueSize( attribute ) ((attribute).dataSize)
#define DOFObjectIDAttribute_GetValue( attribute ) ((attribute).data)
#define DOFObjectIDAttribute_GetType( attribute ) ((DOFObjectIDAttributeType)(attribute).id)

typedef enum DOFObjectIDAttributeID_t
{
    /**
    * Provider attribute. This attribute identifies an object as being
    * provided by a specific service provider. The associated data must
    * be an object identifier.
    */
    DOFOBJECTIDATTRIBUTE_PROVIDER = 0,

    /**
    * Session attribute. This attribute associates the object with the
    * specified session. The associated data must be exactly 16 bytes long.
    */
    DOFOBJECTIDATTRIBUTE_SESSION = 1,

    /**
    * Group attribute. This attribute is normally used in association
    * with the BROADCAST object identifier. It defines a target that is
    * a multicast group in the DOF network (as opposed to the transport).
    * The associated data must be an object identifier.
    */
    DOFOBJECTIDATTRIBUTE_GROUP = 2,

    /**
    * Invalid, used to signal that an error has occurred.
    */
    DOFOBJECTIDATTRIBUTE_INVALID = 128
} DOFObjectIDAttributeType;
typedef uint32_t                       DOFObjectIDClass;

typedef struct DOFObjectID_t
{
    uint32_t refCount;
    uint16_t len;                /* Actual length of oid's wire representation. Max is 32707: 4 + 1 + 63 + (127 * 257). */
    uint8_t oid[];               /* Extends beyond end of this defined structure, so oid MUST be last structure member! */
} DOFObjectID_t;

typedef DOFObjectID_t *DOFObjectID;

typedef uint8_t                        DOFObjectIDAttributeDataSize;

typedef struct DOFObjectIDAttribute_t
{
    uint8_t                         id;         /**< Attribute Identifier.  Intentionally defined as uint8 for size, but holds all valid values for DOFObjectIDAttributeType.  **/
    DOFObjectIDAttributeDataSize   dataSize;    /**< Size of the attribute data. **/
    const uint8_t *data;                         /**< Attribute data. **/
} DOFObjectIDAttribute;

/**
* Read variable-length value from buffer.
*
* @param maxSize   [in]        Maximum size of value to be read
* @param bufLength [in,out]    Input: size of buffer, output: size of value in buffer
* @param buffer    [in]        Actual buffer
* @return                      Uncompressed value if buffer size is valid (or 0 on error)
*/
static uint32_t OALMarshal_UncompressValue(uint8_t maxSize, uint32_t *bufLength, const uint8_t *buffer)
{
    uint32_t value = 0;
    uint8_t used = 0;
    uint8_t size = maxSize;
    uint8_t mask;

    switch (buffer[0] >> 6)
    {
    case 0x02:
        /* Two Bytes */
        if (maxSize > 2)
            mask = 0x3F;
        else
            mask = 0x7F;
        size = 2;
        break;

    case 0x03:
        /* Three/Four Bytes */
        if (maxSize > 2)
            mask = 0x3F;
        else
            mask = 0x7F;
        break;

    default:
        /* One Byte */
        size = 1;
        mask = 0x7F;
        break;
    }

    /* Sanity check */
    if (size > *bufLength)
        return 0;

    value = buffer[used++] & mask;
    while (used < size)
        value = (value << 8) | buffer[used++];

    *bufLength = used;
    return (value);
}

static uint32_t DOFObjectID_GetClassSize(DOFObjectID self)
{
    uint32_t size = self->len;

    (void)OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid);

    return size;
}

static uint32_t DOFObjectID_GetDataSize(const DOFObjectID self)
{
    return ((*((const uint8_t *)self->oid + DOFObjectID_GetClassSize(self))) & OID_DATA_LEN_MASK);
}

static uint32_t ObjectID_DataToString(const uint8_t *data, uint32_t dataSize, char *pBuf)
{
    uint32_t len = 0, i, nonprintable, escaped;

    /* Determine if the data is printable... */
    for (i = 0, nonprintable = 0, escaped = 0; i < dataSize; i++)
    {
        if (!IS_PRINTABLE(data[i]))
            nonprintable++;
        else if (IS_ESCAPED(data[i]))
            escaped++;
    }
    if (nonprintable == 0)
    {
        /* Printable, so copy as a string, escaping where necessary. */
        if (pBuf)
        {
            for (i = 0; i < dataSize; i++)
            {
                if (IS_ESCAPED(data[i]))
                {
                    pBuf[len++] = '\\';
                    pBuf[len++] = data[i];
                }
                else
                    pBuf[len++] = data[i];
            }
        }
        else
        {
            len = dataSize + escaped; /* Count escaped characters twice. */
        }
    }
    else
    {
        /* Non-printable, so format as hex string. */
        if (pBuf)
        {
            pBuf[len++] = '{';
            for (i = 0; i < dataSize; i++)
            {
                pBuf[len++] = OALString_HexDigitToChar((data[i] >> 4) & 0x0F);
                pBuf[len++] = OALString_HexDigitToChar((data[i]) & 0x0F);
            }
            pBuf[len++] = '}';
        }
        else
        {
            len = dataSize * 2 + 2;
        }
    }
    return len;
}

static const uint8_t* DOFObjectID_GetData(const DOFObjectID self)
{
    if (DOFObjectID_GetDataSize(self) > 0)
        return (const uint8_t *)self->oid + DOFObjectID_GetClassSize(self) + 1;          /* 1: length of length byte. */

    return NULL;
}

static uint32_t DOFObjectID_GetIDClass(const DOFObjectID self)
{
    uint32_t size = 4;

    return OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid);
}

static bool DOFObjectID_HasAttributes(const DOFObjectID self)
{
    if (!self)
        return false;

    /* bit 7: next attribute flag. */
    return (bool)(((*(const uint8_t *)((const uint8_t *)(self->oid) + DOFObjectID_GetClassSize(self))) & 0x80) != 0);
}

static uint8_t DOFObjectID_GetBaseSize(const DOFObjectID oid)
{
    return DOFObjectID_GetClassSize(oid) + 1 + DOFObjectID_GetDataSize(oid);
}

static uint8_t DOFObjectID_GetAttributeCount(const DOFObjectID self)
{
    uint8_t retVal = 0;

    /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-126. So max count fits in uint8. */
    if (self && DOFObjectID_HasAttributes(self))
    {
        const uint8_t *pNextAttribute = (const uint8_t *)self->oid + DOFObjectID_GetBaseSize(self);

        ++retVal;
        while (*pNextAttribute & 0x80)                                         /* bit 7: next attribute present flag. */
        {
            ++retVal;
            pNextAttribute += (2 + *((const uint8_t *)pNextAttribute + 1));      /* 2: attribute marshalling overhead. */
        }
    }

    return retVal;
}

static DOFObjectIDAttribute DOFObjectID_GetAttributeAtIndex(const DOFObjectID self, uint8_t attribute_index)
{
    DOFObjectIDAttribute retAttributeDescriptor = { DOFOBJECTIDATTRIBUTE_INVALID, 0, NULL };

    /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-127. So max index fits in uint8. */
    if (self && attribute_index < DOFOBJECTIDATTRIBUTE_INVALID)
    {
        if (DOFObjectID_HasAttributes(self))
        {
            uint8_t        count = 0;
            const uint8_t *pNextAttribute = (const uint8_t *)self->oid + DOFObjectID_GetBaseSize(self);

            while (1)                                           /* Parse through the N Attributes. */
            {
                if (attribute_index == count++)
                {
                    retAttributeDescriptor.id = *pNextAttribute & 0x7F;
                    retAttributeDescriptor.dataSize = (DOFObjectIDAttributeDataSize) * ((const uint8_t *)pNextAttribute + 1);
                    retAttributeDescriptor.data = (const uint8_t *)pNextAttribute + 2; /* 2: attr marshalling overhead. */
                    break;                                      /* Success. */
                }
                if (!(*pNextAttribute & 0x80))
                    break;                                      /* Fail: no more Attributes */
                pNextAttribute += (2 + *((const uint8_t *)pNextAttribute + 1));
            }
        }
    }

    return retAttributeDescriptor;
}

static void DOFObjectID_Destroy(DOFObjectID self _U_)
{
    /* Ephemeral memory doesn't need to be freed. */
}

static void DOFObjectID_InitStruct(DOFObjectID newObjID, uint32_t dataLen)
{
    newObjID->refCount = 1;
    newObjID->len = dataLen;
}

static DOFObjectID DOFObjectID_Create_Unmarshal(wmem_allocator_t* allocator, uint32_t *length, const uint8_t *buffer)
{
    uint32_t len = *length;

    /* Legal OID described at buffer must have at least 2 bytes. */
    if (buffer && len >= 2)
    {
        uint32_t classSize = len;
        uint32_t classv = OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &classSize, buffer);

        /* Legal OID described at buffer must have its class representation be correctly compressed. */
        if (1)
        {
            uint32_t computedSize;

            /* Above call won't return 3 because DOFOBJECTID_MAX_CLASS_SIZE (4) was passed in. */
            computedSize = classSize + 1;                              /* 1: length of length byte. */
            /* Legal OID described at buffer must have enough bytes to describe its OID class. */
            if (len >= computedSize)
            {
                uint8_t lenByte = buffer[classSize];

                /* Legal OID described at buffer must have its length byte bit 6 be 0. */
                if (!(lenByte & 0x40))
                {
                    bool hasAttr;
                    uint8_t  dataLen = lenByte & OID_DATA_LEN_MASK;

                    /* Legal broadcast OID described at buffer must have no base data, though it can have attribute(s)*/
                    if ((classv == 0) && (dataLen > 0))
                        goto notvalid;
                    computedSize += dataLen;
                    hasAttr = lenByte & 0x80;                       /* Valid OID base; check attributes. */
                    while (hasAttr)
                    {
                        /* Legal OID described at buffer must have enough bytes to hold each new found attribute. */
                        if (len >= computedSize + 2)                /* 2: attribute marshalling overhead. */
                        {
                            hasAttr = buffer[computedSize] & 0x80;  /* bit 7: next attribute present flag. */
                            computedSize += (2 + buffer[computedSize + 1]);
                        }
                        else
                            goto notvalid;
                    }
                    /* Legal OID described at buffer must have enough buffer bytes, final check. */
                    if (len >= computedSize)
                    {
                        DOFObjectID newObjID = (DOFObjectID)wmem_alloc0(allocator, sizeof(DOFObjectID_t) + (sizeof(uint8_t) * (computedSize + 1)));
                        /* Adds space for null-terminator, just in case. */

                        *length = computedSize;
                        if (newObjID)
                        {
                            DOFObjectID_InitStruct(newObjID, computedSize);
                            memcpy(newObjID->oid, buffer, computedSize);
                            newObjID->oid[computedSize] = 0;
                            return newObjID;                    /* Success. */
                        }
                        /* buffer describes valid OID, but due to alloc failure we cannot return the newly created OID*/
                        goto allocErrorOut;
                    }
                }
            }
        }
    }
notvalid:
    /* buffer does not describe a valid OID, but do not log a message. The caller may have called us to find out if the
    buffer does or does not obey the rules of a valid OID. He learns that by our NULL return. */
allocErrorOut :
    *length = 0;

    return NULL;
}

static DOFObjectID DOFObjectID_Create_Bytes(wmem_allocator_t* allocator, uint32_t bufferSize, const uint8_t *pOIDBuffer)
{
    uint32_t     len = bufferSize;
    DOFObjectID rval = DOFObjectID_Create_Unmarshal(allocator, &len, pOIDBuffer);

    if (rval)
    {
        if (len != bufferSize)
        {
            DOFObjectID_Destroy(rval);
            rval = NULL;
        }
    }
    return rval;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint32_t ObjectID_ToStringLength(const DOFObjectID oid, packet_info *pinfo)
{
    uint32_t len = 0;

    /* Note: All these string functions can be exercised with objectid_test.c, which outputs the string to console. */
    len = 7 /* [{xx}: and trailing ] */ + ObjectID_DataToStringLength(DOFObjectID_GetData(oid),
                                                                      DOFObjectID_GetDataSize(oid));
    if (DOFObjectID_GetIDClass(oid) & 0xFF000000)
        len += 6;                                           /* Six more hex digits. */
    else if (DOFObjectID_GetIDClass(oid) & 0xFF0000)
        len += 4;                                           /* Four more hex digits. */
    else if (DOFObjectID_GetIDClass(oid) & 0xFF00)
        len += 2;                                           /* Two more hex digits. */
    increment_dissection_depth(pinfo);
    /* Handle Attributes, if any. */
    if (DOFObjectID_HasAttributes(oid))
    {
        uint8_t i;                                            /* Max attribute count is under uint8. */
        uint8_t attributeCount = DOFObjectID_GetAttributeCount(oid);

        len += 2;                                           /* surrounding ( ) */
        for (i = 0; i < attributeCount; i++)
        {
            DOFObjectID embedOID;
            DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i);

            if (!DOFObjectIDAttribute_IsValid(avpDescriptor))
                break;  /* Done with Attributes. If here, some error took place. */

            if (i)
                len++;
            len += 5;  /* {xx}: */
            /* Handle embedded Object IDs. */
            embedOID = DOFObjectID_Create_Bytes(pinfo->pool, DOFObjectIDAttribute_GetValueSize(avpDescriptor),
                                                DOFObjectIDAttribute_GetValue(avpDescriptor));
            if (embedOID)
            {
                len += ObjectID_ToStringLength(embedOID, pinfo); /* Recurse to compute string rep length of found OID. */
                DOFObjectID_Destroy(embedOID);
            }
            else
            {
                /* Hex Data. */
                len += ObjectID_DataToStringLength(DOFObjectIDAttribute_GetValue(avpDescriptor),
                                                   DOFObjectIDAttribute_GetValueSize(avpDescriptor));
            }
        } /* end for(). */
    }
    decrement_dissection_depth(pinfo);

    return len;
}

static uint32_t InterfaceID_ToString(const uint8_t *iid, char *pBuf)
{
    uint32_t          len = 0;
    unsigned iid_len = iid[0] & 0x03;
    unsigned i;

    /* XXX - The handling for iid_len 0 is not the same as in
     * oap_1_tree_add_interface. */
    if (iid_len == 3)
        iid_len = 4;

    pBuf[len++] = '[';
    pBuf[len++] = '{';

    pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 6) & 0x0F);
    pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 2) & 0x0F);

    pBuf[len++] = '}';
    pBuf[len++] = ':';
    pBuf[len++] = '{';

    /* Data */
    for (i = 0; i < iid_len; i++)
    {
        pBuf[len++] = OALString_HexDigitToChar((iid[i + 1] >> 4) & 0x0F);
        pBuf[len++] = OALString_HexDigitToChar(iid[i + 1] & 0x0F);
    }

    pBuf[len++] = '}';
    pBuf[len++] = ']';

    return len;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint32_t ObjectID_ToString(const DOFObjectID oid, char *pBuf, packet_info *pinfo)
{
    DOFObjectIDClass oidClass;
    uint32_t          len = 0;

    pBuf[len++] = '[';
    pBuf[len++] = '{';
    /* Class */
    oidClass = DOFObjectID_GetIDClass(oid);
    if (oidClass & 0xFF000000)
    {
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 28) & 0x0F);
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 24) & 0x0F);
    }
    if (oidClass & 0xFFFF0000)
    {
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 20) & 0x0F);
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 16) & 0x0F);
    }
    if (oidClass & 0xFFFFFF00)
    {
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 12) & 0x0F);
        pBuf[len++] = OALString_HexDigitToChar((oidClass >> 8) & 0x0F);
    }
    pBuf[len++] = OALString_HexDigitToChar((oidClass >> 4) & 0x0F);
    pBuf[len++] = OALString_HexDigitToChar((oidClass) & 0x0F);
    pBuf[len++] = '}';
    pBuf[len++] = ':';
    /* Data */
    len += ObjectID_DataToString(DOFObjectID_GetData(oid), DOFObjectID_GetDataSize(oid), &pBuf[len]);
    /* Handle Attributes, if any. */
    if (DOFObjectID_HasAttributes(oid))
    {
        uint8_t i;
        uint8_t attributeCount = DOFObjectID_GetAttributeCount(oid);

        pBuf[len++] = '(';
        for (i = 0; i < attributeCount; i++)
        {
            DOFObjectID embedOID;
            DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i);

            if (!DOFObjectIDAttribute_IsValid(avpDescriptor))
                break;  /* Done with Attributes. If here, some error took place. */

            if (i)
                pBuf[len++] = '|';
            pBuf[len++] = '{';
            pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor) >> 4) & 0x0F);
            pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor)) & 0x0F);
            pBuf[len++] = '}';
            pBuf[len++] = ':';

            /* Handle embedded Object IDs. */
            embedOID = DOFObjectID_Create_Bytes(pinfo->pool, DOFObjectIDAttribute_GetValueSize(avpDescriptor),
                                                DOFObjectIDAttribute_GetValue(avpDescriptor));
            if (embedOID)
            {
                increment_dissection_depth(pinfo);
                len += ObjectID_ToString(embedOID, &pBuf[len], pinfo); /* Recurse to output string rep of found OID. */
                decrement_dissection_depth(pinfo);
                DOFObjectID_Destroy(embedOID);
            }
            else
            {
                /* Hex Data. */
                len += ObjectID_DataToString(DOFObjectIDAttribute_GetValue(avpDescriptor),
                                             DOFObjectIDAttribute_GetValueSize(avpDescriptor), &pBuf[len]);
            }
        } /* end for(). */
        pBuf[len++] = ')';
    }
    pBuf[len++] = ']';

    return len;
}

static const char* dof_iid_create_standard_string(wmem_allocator_t* allocator, uint32_t bufferSize, const uint8_t *pIIDBuffer)
{
    char *pRetval;
    unsigned len = 9 + (bufferSize - 1) * 2;   /* Alias is always [{AA}:{01234567}] */

    pRetval = (char *)wmem_alloc(allocator, len + 1);
    if (pRetval)
    {
        len = InterfaceID_ToString(pIIDBuffer, pRetval);
        pRetval[len] = 0;
    }

    return pRetval;
}

static const char* dof_oid_create_standard_string(wmem_allocator_t* allocator, uint32_t bufferSize, const uint8_t *pOIDBuffer, packet_info *pinfo)
{
    DOFObjectID oid;
    char *pRetval;
    uint32_t len = bufferSize;

    oid = DOFObjectID_Create_Unmarshal(allocator, &len, pOIDBuffer);
    if (!oid)
        return "Illegal OID";

    len = ObjectID_ToStringLength(oid, pinfo);
    /* Use PCRMem_Alloc() and not DOFMem_Alloc() because app caller will be freeing memory with PCRMem_Destroy(). */
    pRetval = (char *)wmem_alloc(allocator, len + 1);
    if (pRetval)
    {
        ObjectID_ToString(oid, pRetval, pinfo);
        pRetval[len] = 0;
    }

    return pRetval;
}

struct parseCtx
{
    const char *oid;
    uint8_t *buffer;
    uint32_t buffLen;
    uint32_t oidLen;
    uint32_t currOidPos;
    uint32_t currBufferPos;
    unsigned depth;
}parseCtx;

/* Operations on OID string */
#define PARSECTX_PEEK_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos] )
#define PARSECTX_PEEK_NEXT_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos+1] )
#define PARSECTX_READ_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos++] )
#define PARSECTX_GET_CURRENT_POS_OID(ctx) ( (ctx)->oid+(ctx)->currOidPos )
#define PARSECTX_STEP_OID(ctx, count)((ctx)->currOidPos+=(count))

/* Operations on DOFObjectID buffer */
#define PARSECTX_GET_CURRENT_POS_BUF(ctx)( ((ctx)->buffer)? (ctx)->buffer+(ctx)->currBufferPos: NULL )
#define PARSECTX_STEP_BUF(ctx, count)( (ctx)->currBufferPos+=(count))
#define PARSECTX_WRITE_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) = (value); } while(0)
#define PARSECTX_OR_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) |= (value); } while(0)
#define PARSECTX_WRITE_BUF(ctx, value)( ((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (value): (ctx)->currBufferPos++ )
#define PARSECTX_CHECK_LEN(ctx, len) (((ctx)->buffer)? (((ctx)->currBufferPos+len <= (ctx)->buffLen)? 0: 1): 0)

/* Operation to read from OID straight to buffer */
#define PARSECTX_WRITE_BUF_FROM_OID(ctx) (((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (ctx)->oid[(ctx)->currOidPos]: ((ctx)->currBufferPos++),((ctx)->currOidPos++))

#define IS_DIGIT(c) (((c) >= '0' && (c) <= '9'))
#define DIGIT2VALUE(c) (c-48)

#define HEX2VALUE(c) ( (IS_DIGIT(c))? DIGIT2VALUE(c) : ((c) >= 'A' && (c) <= 'F')? (c-55): (c-87) )
#define VALIDHEXSEP(c) ( (c) == ' ' || (c) == ':' || (c) == '-' )
#define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )
#define VALIDHEXBYTE(s) ( VALIDHEX((s)[0]) && VALIDHEX((s)[1]) )
#define VALIDNUMBER(c) ((c) >= '0' && (c) <= '9')

#define VALIDASCIICHAR(c) (((uint8_t)c) >= 32 && ((uint8_t)c) <= 126 )

#define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )

static uint8_t parseFormatOID(struct parseCtx *ctx);

static uint8_t parseHexField(struct parseCtx *ctx)
{
    /* Hex fields start with { and end with } can contain space, dash and colon*/
    if (PARSECTX_READ_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_CHAR_OID(ctx) != '}')
    {
        while (PARSECTX_PEEK_CHAR_OID(ctx) != '}')
        {
            if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx)))
            {
                if (PARSECTX_CHECK_LEN(ctx, 1) == 0)
                {
                    PARSECTX_WRITE_BUF(ctx, HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
                    PARSECTX_STEP_OID(ctx, 2);

                    if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx)))
                    {
                        if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}')
                        {
                            /* no separator after byte block */
                            return 1;
                        }
                        PARSECTX_STEP_OID(ctx, 1);
                    }
                }
                else
                {
                    return 1;
                }
            }
            else
            {
                return 1;
            }
        }
        PARSECTX_STEP_OID(ctx, 1);
        return 0;
    }
    return 1;
}

static uint8_t parseStringField(struct parseCtx *ctx)
{
    /* Copy into buffer until end or */
    while (ctx->currOidPos < (ctx->oidLen - 1))
    {
        char curr = PARSECTX_PEEK_CHAR_OID(ctx);
        if (curr == ']' || curr == '(')
        {
            break; /* End of string field */
        }
        else if (curr == '\\')
        {
            /* Handle escaped char */
            PARSECTX_STEP_OID(ctx, 1);
            if (!IS_ESCAPED(PARSECTX_PEEK_CHAR_OID(ctx)) || PARSECTX_CHECK_LEN(ctx, 1) != 0)
                return 1;
            PARSECTX_WRITE_BUF_FROM_OID(ctx);
        }
        else
        {
            if (VALIDASCIICHAR(curr) && PARSECTX_CHECK_LEN(ctx, 1) == 0)
                PARSECTX_WRITE_BUF_FROM_OID(ctx);
            else
                return 1;
        }
    }
    return 0;
}

static uint8_t OALMarshal_GetCompressedValueSize(uint8_t maxSize, uint32_t value)
{
    uint8_t lenbytes = (1 + (value > 0x7F) + (value > 0x3FFF));
    if (lenbytes > 2)
        return (maxSize);
    return (lenbytes);
}

static uint32_t OALMarshal_CompressValue(uint8_t maxSize, uint32_t value, uint32_t bufLength, uint8_t *buffer)
{
    uint8_t lenSize = OALMarshal_GetCompressedValueSize(maxSize, value);

    if (bufLength < lenSize)
        return 0;
    switch (lenSize)
    {
    case 4:
        *(buffer++) = (uint8_t)((value >> 24) & 0x3F) | 0xC0;
        *(buffer++) = (uint8_t)((value >> 16) & 0xFF);
        *(buffer++) = (uint8_t)((value >> 8) & 0xFF);
        *(buffer++) = (uint8_t)(value & 0xFF);
        break;

    case 3:
        *(buffer++) = (uint8_t)((value >> 16) & 0x3F) | 0xC0;
        *(buffer++) = (uint8_t)((value >> 8) & 0xFF);
        *(buffer++) = (uint8_t)(value & 0xFF);
        break;

    case 2:
        if (maxSize == 2)
        {
            *(buffer++) = (uint8_t)((value >> 8) & 0x7F) | 0x80;
        }
        else
        {
            *(buffer++) = (uint8_t)((value >> 8) & 0x3F) | 0x80;
        }
        *(buffer++) = (uint8_t)(value & 0xFF);
        break;

    case 1:
        *(buffer++) = (uint8_t)(value & 0x7F);
        break;

    default:
        /* Invalid computed size! */
        break;
    }
    return (lenSize);
}

static uint8_t parseOIDClass(struct parseCtx *ctx)
{
    if (PARSECTX_PEEK_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != '}')
    {
        /* Hex */
        uint8_t classSize = 0;
        uint32_t oidClass = 0;
        PARSECTX_STEP_OID(ctx, 1);
        while (PARSECTX_PEEK_CHAR_OID(ctx) != '}')
        {
            if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx)))
            {
                oidClass <<= 8;
                oidClass += (HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
                PARSECTX_STEP_OID(ctx, 2);

                if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx)))
                {
                    if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}')
                    {
                        /* no separator after byte block */
                        return 1;
                    }
                    PARSECTX_STEP_OID(ctx, 1);
                }
            }
            else
            {
                return 1;
            }
        }
        PARSECTX_STEP_OID(ctx, 1);

        classSize = OALMarshal_GetCompressedValueSize(4, oidClass);
        if (PARSECTX_CHECK_LEN(ctx, classSize) == 0)
        {
            if (PARSECTX_GET_CURRENT_POS_BUF(ctx))
                classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));

            PARSECTX_STEP_BUF(ctx, classSize);
        }

        return 0;
    }
    else
    {
        /* Number */
        uint8_t classSize = 0;
        uint32_t oidClass = 0;
        while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx)))
        {
            oidClass *= 10;
            oidClass += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx));
            PARSECTX_STEP_OID(ctx, 1);
        }

        classSize = OALMarshal_GetCompressedValueSize(4, oidClass);
        if (PARSECTX_CHECK_LEN(ctx, classSize) == 0)
        {
            if (PARSECTX_GET_CURRENT_POS_BUF(ctx))
                classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));

            PARSECTX_STEP_BUF(ctx, classSize);
        }

        return 0;
    }
}

static uint8_t parseAttributeID(struct parseCtx *ctx)
{
    if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
    {
        return parseHexField(ctx);
    }
    else
    {
        uint8_t avpid = 0;
        while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx)))
        {
            avpid *= 10;
            avpid += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx));
            PARSECTX_STEP_OID(ctx, 1);
        }

        if (PARSECTX_CHECK_LEN(ctx, 1) == 0)
        {
            PARSECTX_WRITE_BUF(ctx, avpid);
            return 0;
        }
    }
    return 1;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint8_t parseAttributeData(struct parseCtx *ctx)
{
    uint8_t ret;
    ctx->depth++;
    DISSECTOR_ASSERT(ctx->depth < prefs.gui_max_tree_depth);
    if (PARSECTX_PEEK_CHAR_OID(ctx) == '[')
    {
        ret = parseFormatOID(ctx);
    }
    else if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
    {
        ret = parseHexField(ctx);
    }
    else
    {
        ret = parseStringField(ctx);
    }
    ctx->depth--;
    return ret;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint8_t parseAttribute(struct parseCtx *ctx)
{
    if (parseAttributeID(ctx) == 0)
    {
        /* separated by ':' */
        if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0)
        {
            uint8_t *length = PARSECTX_GET_CURRENT_POS_BUF(ctx);
            if (length == NULL)
                return 0;

            PARSECTX_STEP_BUF(ctx, 1);

            if (parseAttributeData(ctx) == 0)
            {
                PARSECTX_WRITE_AT_POS_BUF(ctx, length, (uint8_t)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));
                return 0;
            }
        }
    }
    return 1;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint8_t parseAttributes(struct parseCtx *ctx)
{
    /* AVPs surrounded by '(' ')' but needs at least an avp */
    if (PARSECTX_READ_CHAR_OID(ctx) == '(' &&  PARSECTX_PEEK_CHAR_OID(ctx) != ')')
    {
        while (PARSECTX_PEEK_CHAR_OID(ctx) != ')')
        {
            uint8_t *avpID = PARSECTX_GET_CURRENT_POS_BUF(ctx);
            if (avpID == NULL)
                return 0;

            if (parseAttribute(ctx) != 0)
                return 1;

            /* multiple separated by '|' */
            if (PARSECTX_PEEK_CHAR_OID(ctx) == '|' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != ')')
            {
                PARSECTX_OR_AT_POS_BUF(ctx, avpID, 0x80); /* set that there is a next attribute */
                PARSECTX_STEP_OID(ctx, 1);
            }
        }
        PARSECTX_STEP_OID(ctx, 1);
        return 0;
    }
    return 1;
}

// NOLINTNEXTLINE(misc-no-recursion)
static uint8_t parseFormatOID(struct parseCtx *ctx)
{
    /* oid must start with '[' */
    if (PARSECTX_PEEK_CHAR_OID(ctx) == '[')
    {
        PARSECTX_STEP_OID(ctx, 1);
        /* Get class id */
        if (parseOIDClass(ctx) == 0)
        {
            /* separated by ':' */
            if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0)
            {
                uint8_t *length = PARSECTX_GET_CURRENT_POS_BUF(ctx);
                PARSECTX_STEP_BUF(ctx, 1);

                /* Get data */
                if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
                {
                    /* hex data */
                    if (parseHexField(ctx) != 0)
                        return 1;
                }
                else
                {
                    /* string data */
                    if (parseStringField(ctx) != 0)
                        return 1;
                }

                /* Write length */
                if (length == NULL)
                    return 0;
                PARSECTX_WRITE_AT_POS_BUF(ctx, length, (uint8_t)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));

                /* Check if attributes exist */
                if (PARSECTX_PEEK_CHAR_OID(ctx) == '(')
                {
                    PARSECTX_OR_AT_POS_BUF(ctx, length, 0x80); /* set that there are attributes */
                    if (parseAttributes(ctx) != 0)
                        return 1;
                }

                /* Ends with ] */
                if (PARSECTX_READ_CHAR_OID(ctx) == ']')
                {
                    return 0;
                }
            }
        }
    }
    return 1;
}

static uint8_t dof_oid_create_internal(const char *oid, uint32_t *size, uint8_t *buffer)
{
    struct parseCtx ctx = {0};

    ctx.oid = oid;
    ctx.buffer = buffer;

    if (oid)
    {
        if (size)
        {
            ctx.buffLen = (*size);
            ctx.oidLen = (uint32_t)strlen(oid);
            if (PARSECTX_PEEK_CHAR_OID(&ctx) == '[')
            {
                /* Format OID */
                if (parseFormatOID(&ctx) == 0)
                {
                    (*size) = ctx.currBufferPos;
                    return 0;
                }
            }
            else if (PARSECTX_PEEK_CHAR_OID(&ctx) == '{')
            {
                /* HEX OID */
                if (parseHexField(&ctx) == 0)
                {
                    (*size) = ctx.currBufferPos;
                    return 0;
                }
            }
            (*size) = 0;
        }
    }
    return 1;
}

static void dof_oid_new_standard_string(const char *data, uint32_t *rsize, uint8_t **oid)
{
    if (data)
    {
        uint8_t err;
        uint32_t size = 0;

        /* Call parseInternal to find out how big the buffer needs to be. */
        err = dof_oid_create_internal(data, &size, NULL);

        if (err == 0)
        {
            /* Create the DOFObjectID using the size that was just computed. */
            *oid = (uint8_t *)g_malloc(size + 1); /* Adds space for null-terminator, just in case. */

            if (*oid)
            {
                /* Now that the size is computed and the DOFObjectID is created, call parseInternal again to fill the oid buffer. */
                err = dof_oid_create_internal(data, &size, *oid);

                if (err == 0)
                {
                    *rsize = size;
                    return;
                }

                g_free(*oid);
            }
        }
    }

    *rsize = 0;
    *oid = NULL;
}

/* Binary Parsing Support */

/**
 * Read a compressed 32-bit quantity (PDU Type.3).
 * Since the value is variable length, the new offset is
 * returned. The value can also be returned, along with the size, although
 * NULL is allowed for those parameters.
 */
static int read_c4(tvbuff_t *tvb, int offset, uint32_t *v, int *L)
{
    uint32_t val = 0;
    uint8_t len = 0;
    uint8_t b = tvb_get_uint8(tvb, offset++);
    int i;

    if ((b & 0x80) == 0)
    {
        len = 1;
        b = b & 0x7F;
    }
    else if ((b & 0x40) == 0)
    {
        len = 2;
        b = b & 0x3F;
    }
    else
    {
        len = 4;
        b = b & 0x3F;
    }

    val = b;
    for (i = 1; i < len; i++)
        val = (val << 8) | tvb_get_uint8(tvb, offset++);

    if (L)
        *L = len;
    if (v)
        *v = val;
    return offset;
}

/**
 * Validate PDU Type.3
 * Validates the encoding.
 * Add Expert Info if format invalid
 * This also validates Spec Type.3.1.
 */
static void validate_c4(packet_info *pinfo, proto_item *pi, uint32_t val, int len)
{
    if (len > 1 && val < 0x80)
    {
        /* SPEC Type.3.1 Violation. */
        expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
    }

    if (len > 2 && val < 0x4000)
    {
        /* SPEC Type.3.1 Violation. */
        expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
    }
}

/**
 * Reads a compressed 24-bit quantity (PDU Type.2).
 * Since the value is variable length, the new offset is
 * returned.
 * The value can also be returned, along with the size, although
 * NULL is allowed for those parameters.
 */
static int read_c3(tvbuff_t *tvb, int offset, uint32_t *v, int *L)
{
    uint32_t val = 0;
    uint8_t len = 0;
    uint8_t b = tvb_get_uint8(tvb, offset++);
    int i;

    if ((b & 0x80) == 0)
    {
        len = 1;
        b = b & 0x7F;
    }
    else if ((b & 0x40) == 0)
    {
        len = 2;
        b = b & 0x3F;
    }
    else
    {
        len = 3;
        b = b & 0x3F;
    }

    val = b;
    for (i = 1; i < len; i++)
        val = (val << 8) | tvb_get_uint8(tvb, offset++);

    if (L)
        *L = len;
    if (v)
        *v = val;
    return offset;
}

/**
 * Validate PDU Type.2
 * Validates the encoding.
 * Adds Expert Info if format invalid
 * This also validates Spec Type.2.1.
 */
static void validate_c3(packet_info *pinfo, proto_item *pi, uint32_t val, int len)
{
    if (len > 1 && val < 0x80)
    {
        /* SPEC Type.2.1 Violation. */
        expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory." );
    }

    if (len > 2 && val < 0x4000)
    {
        /* SPEC Type.2.1 Violation. */
        expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory.");
    }
}

/**
 * Reads a compressed 16-bit quantity (PDU Type.1).
 * Since the value is variable length, the new offset is
 * returned. The value can also be returned, along with the size, although
 * NULL is allowed for those parameters.
 */
static int read_c2(tvbuff_t *tvb, int offset, uint16_t *v, int *L)
{
    uint16_t val = 0;
    uint8_t b = tvb_get_uint8(tvb, offset++);
    if (b & 0x80)
    {
        b = b & 0x7F;
        val = (b << 8) | tvb_get_uint8(tvb, offset++);
        if (L)
            *L = 2;
    }
    else
    {
        val = b;
        if (L)
            *L = 1;
    }

    if (v)
        *v = val;
    return offset;
}

/**
 * Validates PDU Type.1
 * Validates the encoding.
 * Adds Expert Info if format invalid
 * This also validates Spec Type.1.1.
 */
static void validate_c2(packet_info *pinfo, proto_item *pi, uint16_t val, int len)
{
    if (len > 1 && val < 0x80)
    {
        /* SPEC Type.1.1 Violation. */
        expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.1.1: Compressed 16-bit Compression Mandatory." );
    }
}

/**
 * Given a packet data, and assuming that all of the prerequisite information is known,
 * assign a SID ID to the packet if not already assigned.
 * A SID ID is the *possibility* of a unique SID, but until the SID is learned the
 * association is not made. Further, multiple SID ID may end up referring to the
 * same SID, in which case the assignment must be repaired.
 */
static void assign_sid_id(dof_api_data *api_data)
{
    node_key_to_sid_id_key lookup_key;
    node_key_to_sid_id_key *key;
    dof_session_data *session;
    dof_packet_data *packet;
    unsigned value;

    /* Validate input. These represent dissector misuse, not decoding problems. */
    /* TODO: Diagnostic/programmer message. */
    if (!api_data || !api_data->packet || !api_data->session)
        return;

    session = api_data->session;
    packet = (dof_packet_data *)api_data->packet;


    /* Check if the sender_sid_id is already assigned, if so we are done. */
    if (!packet->sender_sid_id)
    {
        /* Build a (non-allocated) key to do the lookup. */
        lookup_key.transport_id = api_data->transport_session->transport_id;
        lookup_key.transport_node_id = api_data->transport_packet->sender_id;
        lookup_key.dof_id = session->dof_id;
        lookup_key.dof_node_id = packet->sender_id;
        lookup_key.dof_session_id = session->session_id;

        value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key));
        if (value)
        {
            void *sid_id_key = GUINT_TO_POINTER(value);
            void *sid_buffer;

            /* We found a match. */
            packet->sender_sid_id = value;

            /* If we know the SID, we must get it now. */
            sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key);
            if (sid_buffer)
            {
                /* We found a match. */
                packet->sender_sid = (dof_2009_1_pdu_19_sid)sid_buffer;
            }
        }
        else
        {
            /* No match, need to add a key. */
            key = g_new0(node_key_to_sid_id_key, 1);
            memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key));

            /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
            g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id));
            packet->sender_sid_id = dpp_next_sid_id++;
        }
    }

    /* Check if the receiver_sid_id is already assigned, if so we are done. */
    if (!packet->receiver_sid_id)
    {
        /* Build a (non-allocated) key to do the lookup. */
        lookup_key.transport_id = api_data->transport_session->transport_id;
        lookup_key.transport_node_id = api_data->transport_packet->receiver_id;
        lookup_key.dof_id = session->dof_id;
        lookup_key.dof_node_id = packet->receiver_id;
        lookup_key.dof_session_id = session->session_id;

        value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key));
        if (value)
        {
            void *sid_id_key = GUINT_TO_POINTER(value);
            void *sid_buffer;

            /* We found a match. */
            packet->receiver_sid_id = value;

            /* If we know the SID, we must get it now. */
            sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key);
            if (sid_buffer)
            {
                /* We found a match. */
                packet->receiver_sid = (dof_2009_1_pdu_19_sid)sid_buffer;
            }
        }
        else
        {
            /* No match, need to add a key. */
            key = g_new0(node_key_to_sid_id_key, 1);
            memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key));

            /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
            g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id));
            packet->receiver_sid_id = dpp_next_sid_id++;
        }
    }

}

/**
 * Declare that the sender of the packet is known to have a SID
 * that is identified by the specified buffer. There are a few
 * cases here:
 *  1. The sid of the sender is already assigned. This is a NOP.
 *  2. The sid has never been seen. This associates the SID with the sender SID ID.
 *  3. The sid has been seen, and matches the SID ID of the sender. This just sets the sid field.
 *  4. The sid has been seen, but with a different SID ID than ours. Patch up all the packets.
 */
static void learn_sender_sid(dof_api_data *api_data, uint8_t length, const uint8_t *sid)
{
    dof_packet_data *packet;
    uint8_t lookup_key[256];
    uint8_t *key;
    void *value;

    /* Validate input. */
    if (!api_data)
    {
        /* TODO: Print error. */
        return;
    }

    if (!api_data->packet)
    {
        /* TODO: Print error. */
        return;
    }

    packet = (dof_packet_data *)api_data->packet;
    if (!packet->sender_sid_id)
        return;

    /* Check for sender SID already known. */
    if (packet->sender_sid)
        return;

    /* Check for SID already known (has assigned SID ID) */
    /* Build a (non-allocated) key to do the lookup. */
    lookup_key[0] = length;
    memcpy(lookup_key + 1, sid, length);

    if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (void * *)&key, &value))
    {
        unsigned sid_id = GPOINTER_TO_UINT(value);

        /* We found a match. */
        if (packet->sender_sid_id == sid_id)
        {
            /* It matches our SID ID. Set the sid field. */
            packet->sender_sid = key;
            return;
        }
        else
        {
            /* There is a mis-match between SID and SID ID. We have to go through
            * all the packets that have SID ID (ours) and update them to SID ID (sid).
            */
            unsigned sid_id_correct = sid_id;
            unsigned sid_id_incorrect = packet->sender_sid_id;
            dof_packet_data *ptr = globals.dof_packet_head;

            while (ptr)
            {
                if (ptr->sender_sid_id == sid_id_incorrect)
                    ptr->sender_sid_id = sid_id_correct;

                if (ptr->receiver_sid_id == sid_id_incorrect)
                    ptr->receiver_sid_id = sid_id_correct;

                if (ptr->op.op_sid_id == sid_id_incorrect)
                    ptr->op.op_sid_id = sid_id_correct;

                if (ptr->ref_op.op_sid_id == sid_id_incorrect)
                    ptr->ref_op.op_sid_id = sid_id_correct;

                ptr = ptr->next;
            }
        }

        return;
    }

    /* The SID has never been seen. Associate with the SID ID. */
    key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1);
    memcpy(key, lookup_key, length + 1);

    /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
    g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(packet->sender_sid_id));
    g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(packet->sender_sid_id), key);

    /* NOTE: We are storing a reference to the SID in the packet data. This memory
    * will be freed by the dissector init routine when the SID hash table is destroyed.
    * Nothing else should free this SID.
    */
    packet->sender_sid = (dof_2009_1_pdu_19_sid)key;

    /* We have learned the "correct" sid and sid_id, so we can set the sid of
    * any packets that have this sid_id (saves hash lookups in the future).
    */
    {
        dof_packet_data *ptr = globals.dof_packet_head;

        while (ptr)
        {
            if (ptr->sender_sid_id == packet->sender_sid_id)
                ptr->sender_sid = key;

            if (ptr->receiver_sid_id == packet->sender_sid_id)
                ptr->receiver_sid = key;

            ptr = ptr->next;
        }
    }
}

/**
 * Learn a SID from an explicit operation. This only defines sids and sid ids.
 */
static void learn_operation_sid(dof_2009_1_pdu_20_opid *opid, uint8_t length, const uint8_t *sid)
{
    uint8_t lookup_key[256];
    uint8_t *key;
    void *value;

    /* Check for sender SID already known. */
    if (opid->op_sid)
        return;

    /* Check for SID already known (has assigned SID ID) */
    /* Build a (non-allocated) key to do the lookup. */
    lookup_key[0] = length;
    memcpy(lookup_key + 1, sid, length);

    if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (void * *)&key, &value))
    {
        unsigned sid_id = GPOINTER_TO_UINT(value);

        opid->op_sid_id = sid_id;
        opid->op_sid = key;
        return;
    }

    /* The SID has never been seen. Associate with the SID ID. */
    key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1);
    memcpy(key, lookup_key, length + 1);

    /* Assign the op_sid_id. */
    opid->op_sid_id = dpp_next_sid_id++;

    /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
    g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(opid->op_sid_id));
    g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(opid->op_sid_id), key);

    /* NOTE: We are storing a reference to the SID in the packet data. This memory
    * will be freed by the dissector init routine when the SID hash table is destroyed.
    * Nothing else should free this SID.
    */
    opid->op_sid = (dof_2009_1_pdu_19_sid)key;
}

static void generateMac(gcry_cipher_hd_t cipher_state, uint8_t *nonce, const uint8_t *epp, int a_len, uint8_t *data, int len, uint8_t *mac, int mac_len)
{
    uint16_t i;

    /* a_len = 1, t = mac_len, q = 4: (t-2)/2 : (q-1) -> 4B */
    mac[0] = 0x43 | (((mac_len - 2) / 2) << 3);
    memcpy(mac + 1, nonce, 11);
    memset(mac + 12, 0, 4);
    mac[14] = len >> 8;
    mac[15] = len & 0xFF;

    gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);

    mac[0] ^= (a_len >> 8);
    mac[1] ^= (a_len);
    i = 2;

    for (int cnt = 0; cnt < a_len; cnt++, i++)
    {
        if (i % 16 == 0)
            gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);

        mac[i % 16] ^= epp[cnt];
    }

    i = 0;
    for (int cnt = 0; cnt < len; cnt++, i++)
    {
        if (i % 16 == 0)
            gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);

        mac[i % 16] ^= data[cnt];
    }

    gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);
}

static int decrypt(ccm_session_data *session, ccm_packet_data *pdata, uint8_t *nonce, const uint8_t *epp, int a_len, uint8_t *data, int len)
{
    int i;
    unsigned char ctr[16];
    unsigned char encrypted_ctr[16];
    unsigned char mac[16];
    unsigned char computed_mac[16];
    unsigned int skip;
    uint8_t *ekey;

    if (data == NULL || len == 0)
        return 0;

    /* Check the mac length. */
    if (session->mac_len < 4 || session->mac_len > 16)
        return 0;

    if (pdata->period == 0)
        ekey = (uint8_t *)session->cipher_data;
    else
        ekey = (uint8_t *)g_hash_table_lookup(session->cipher_data_table, GUINT_TO_POINTER(pdata->period));

    if (!ekey)
        return 0;

    /* Determine how many blocks are skipped. */
#if 0 /* seems to be dead code... check this! */
    skip = a_len + 2;
    skip /= 16;
    if ((a_len + 2) % 16)
        skip += 1;
#endif
    skip = 0;

    /* This is hard-coded for q=4. This can only change with a protocol revision.
    Note the value is stored as (q-1). */
    ctr[0] = 0x03;
    memcpy(ctr + 1, nonce, 11);
    ctr[12] = 0;
    ctr[13] = 0;
    ctr[14] = 0;
    ctr[15] = skip; /* Preincremented below. */


    for (i = 0; i < len - session->mac_len; i++)
    {
        if (i % 16 == 0)
        {
            if (ctr[15] == 255)
                ctr[14] += 1;
            ctr[15] += 1;
            memcpy(encrypted_ctr, ctr, 16);
            gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0);
        }

        data[i] ^= encrypted_ctr[i % 16];
    }

    memcpy(mac, data + i, session->mac_len);

    ctr[12] = 0;
    ctr[13] = 0;
    ctr[14] = 0;
    ctr[15] = 0;
    memcpy(encrypted_ctr, ctr, 16);
    gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0);

    for (i = 0; i < session->mac_len; i++)
        mac[i] ^= encrypted_ctr[i];

    /* Now we have to generate the MAC... */
    generateMac(session->cipher_data, nonce, epp, a_len, data, (int)(len - session->mac_len), computed_mac, session->mac_len);
    if (!memcmp(mac, computed_mac, session->mac_len))
        return 1;

    /* Failure */
    return 0;
}

/* Master Protocol Layer Handlers */

/**
 * This dissector is handed a DPP packet of any version. It is responsible for decoding
 * the common header fields and then passing off to the specific DPP dissector
 */
static int dissect_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the APP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint16_t app;
        int app_len;

        read_c2(tvb, 0, &app, &app_len);

        col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app);

        /* call the next dissector */
        if (dissector_try_uint_with_data(app_dissectors, app, tvb, pinfo, tree, true, data))
        {
            col_set_fence(pinfo->cinfo, COL_PROTOCOL);
            col_set_fence(pinfo->cinfo, COL_INFO);

            return tvb_reported_length(tvb);
        }
        else
        {
            proto_tree_add_protocol_format(tree, proto_2008_1_app, tvb, 0, app_len,
                                           DOF_APPLICATION_PROTOCOL ", Version: %u", app);
        }
    }

    return 0;
}

/**
 * This dissector is handed a DPP packet of any version. It is responsible for decoding
 * the common header fields and then passing off to the specific DPP dissector
 */
static int dof_dissect_dpp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    unsigned offset = 0;

    DISSECTOR_ASSERT(api_data != NULL);

    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the DPP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t header = tvb_get_uint8(tvb, offset);
        uint8_t dpp_version = header & 0x7F;
        uint8_t dpp_flags_included = header & 0x80;
        proto_item *hi;
        proto_tree * dpp_root,*dpp_tree;

        col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DPPv%u", dpp_version);


        hi = proto_tree_add_protocol_format(tree, proto_2008_1_dpp, tvb, offset, 0,
                                            DOF_PRESENTATION_PROTOCOL " Version %u, Flags: %s", dpp_version, dpp_flags_included ? "Included" : "Default");

        dpp_root = proto_item_add_subtree(hi, ett_2008_1_dpp);

        dpp_tree = proto_tree_add_subtree(dpp_root, tvb, offset, 1, ett_2008_1_dpp_1_header, NULL, "Header");


        /* Version and Flag bit */
        proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_flag, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_version, tvb, offset, 1, ENC_NA);
        offset += 1;

        /* This may, in some cases, be the end of the packet. This is only valid in some
        * situations, which are checked here.
        */
        if (offset == tvb_reported_length(tvb))
        {
            /* TODO: Complete this logic. */

            proto_item_set_len(hi, offset);

            if (!api_data)
                return offset;

            if (api_data->transport_session->is_streaming)
            {
                col_append_str(pinfo->cinfo, COL_INFO, "DNP/DPP Negotiation");

                if (pinfo->fd->visited &&
                    api_data->transport_session->negotiation_required &&
                    ((api_data->transport_session->negotiation_complete_at == 0) || (api_data->transport_session->negotiation_complete_at_ts.secs - api_data->transport_session->session_start_ts.secs > 10)))
                {
                    /* This is the second pass, so we can check for timeouts. */
                    expert_add_info(pinfo, hi, &ei_dof_6_timeout);
                }

                return offset;
            }
        }

        /* call the next dissector */
        if (dissector_try_uint_with_data(dof_dpp_dissectors, dpp_version, tvb, pinfo, dpp_root, false, data))
        {
            col_set_fence(pinfo->cinfo, COL_PROTOCOL);
            col_set_fence(pinfo->cinfo, COL_INFO);

            return tvb_reported_length(tvb);
        }
    }

    return 0;
}

/**
 * This dissector is handed a DNP packet of any version. It is responsible for decoding
 * the common header fields and then passing off to the specific DNP dissector
 */
static int dof_dissect_dnp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, dof_api_data *api_data, int offset)
{
    uint8_t header = tvb_get_uint8(tvb, offset);
    uint8_t dnp_version = header & 0x7F;
    uint8_t dnp_flags_included = header & 0x80;
    proto_item *main_ti;
    proto_tree * dnp_root,*dnp_tree;

    col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DNPv%u", dnp_version);

    main_ti = proto_tree_add_protocol_format(tree, proto_2008_1_dnp, tvb, offset, 0,
                                             DOF_NETWORK_PROTOCOL " Version %u, Flags: %s", dnp_version, dnp_flags_included ? "Included" : "Default");

    dnp_root = proto_item_add_subtree(main_ti, ett_2008_1_dnp);

    dnp_tree = proto_tree_add_subtree(dnp_root, tvb, offset, 1, ett_2008_1_dnp_header, NULL, "Header");

    /* Version and Flag bit */
    proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_version, tvb, offset, 1, ENC_NA);

    /* call the next dissector */
    if (dissector_try_uint_with_data(dnp_dissectors, dnp_version, tvb, pinfo, dnp_root, false, api_data))
    {
        /* Since the transport may have additional packets in this frame, protect our work. */
        col_set_fence(pinfo->cinfo, COL_PROTOCOL);
        col_set_fence(pinfo->cinfo, COL_INFO);
    }
    else
    {
        proto_item_set_end(main_ti, tvb, 1);

        /* During negotiation, we can move past DNP even if it is not known. */
        if (((header & 0x80) == 0) && api_data->transport_session->negotiation_required && ((pinfo->fd->num < api_data->transport_session->negotiation_complete_at) || (api_data->transport_session->negotiation_complete_at == 0)))
        {
            offset += dof_dissect_dpp_common(tvb_new_subset_remaining(tvb, offset + 1), pinfo, tree, api_data);
        }
    }

    if (dnp_flags_included && !api_data->transport_session->negotiation_complete_at)
    {
        api_data->transport_session->negotiation_complete_at = pinfo->fd->num;
        api_data->transport_session->negotiation_complete_at_ts = pinfo->abs_ts;
    }

    return offset;
}

/**
 * This dissector is called for each DPS packet. It assumes that the first layer is
 * DNP, but it does not know anything about versioning. Further, it only worries
 * about decoding DNP (DNP will decode DPP, and so on).
 *
 * This routine is given the DPS packet for the first packet, but doesn't know anything
 * about DPS sessions. It may understand transport sessions, but these are surprisingly
 * worthless for DPS.
 */
static int dissect_dof_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    proto_tree *dof_root;
    dof_packet_data *packet;

    DISSECTOR_ASSERT(api_data != NULL);
    DISSECTOR_ASSERT(api_data->transport_session != NULL);
    DISSECTOR_ASSERT(api_data->transport_packet != NULL);

    packet = (dof_packet_data *)api_data->packet;

    /* Create the packet if it doesn't exist. */
    if (packet == NULL)
    {
        api_data->packet = packet = create_packet_data(pinfo);
        DISSECTOR_ASSERT(packet != NULL);

        /* TODO: This is not correct for reversed sessions. */
        packet->is_sent_by_initiator = api_data->transport_packet->is_sent_by_client;
    }

    /* Assign the transport sequence if it does not exist. */
    if (api_data->transport_session->transport_session_id == 0)
        api_data->transport_session->transport_session_id = globals.next_transport_session++;

    /* Compute the DPS information. This is a master holder for general information. */
    {
        proto_item *ti;

        ti = proto_tree_add_protocol_format(tree, proto_2008_1_dof, tvb, 0, tvb_reported_length(tvb), DOF_PROTOCOL_STACK);
        dof_root = proto_item_add_subtree(ti, ett_2008_1_dof);

        /* Add the general packet information. */
        {
            ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session_transport, tvb, 0, 0, api_data->transport_session->transport_session_id);
            proto_item_set_generated(ti);

            ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_2_node, tvb, 0, 0, api_data->transport_session->is_2_node);
            proto_item_set_generated(ti);

            ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_streaming, tvb, 0, 0, api_data->transport_session->is_streaming);
            proto_item_set_generated(ti);

            if (api_data->session)
            {
                ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->session->session_id);
                proto_item_set_generated(ti);
            }

            if (api_data->secure_session)
            {
                ti = proto_tree_add_uint_format(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->secure_session->original_session_id, "DPS Session (Non-secure): %d", api_data->secure_session->original_session_id);
                proto_item_set_generated(ti);
            }

            ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_frame, tvb, 0, 0, packet->dof_frame);
            proto_item_set_generated(ti);

            ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_from_client, tvb, 0, 0, api_data->transport_packet->is_sent_by_client);
            proto_item_set_generated(ti);
        }
    }

    dof_dissect_dnp_common(tvb, pinfo, tree, api_data, 0);

    packet->processed = true;
    return tvb_reported_length(tvb);
}

/**
 * This dissector is called for each DPS packet. It assumes that the first layer is
 * ENP, but it does not know anything about versioning. Further, it only worries
 * about decoding ENP (ENP will decode EPP, and so on).
 *
 * This routine is given the DPS packet for the first packet, but doesn't know anything
 * about DPS sessions. It may understand transport sessions, but these are surprisingly
 * worthless for DPS.
 */
static int dissect_tunnel_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    /* The packet data is the private_data, and must exist. */
    tcp_dof_packet_ref *ref = (tcp_dof_packet_ref *)data;
    int offset = 0;

    offset = 0;

    /* Compute the APP control information. This is the version and the length bytes.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t version = tvb_get_uint8(tvb, offset);
        uint8_t opcode;
        proto_item *ti;
        proto_tree *app_root;

        col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "TUNv%u", version);

        ti = proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, offset, 0,
                                            "DOF Tunnel Protocol, Version: %u", version);

        app_root = proto_item_add_subtree(ti, ett_2012_1_tunnel);
        proto_tree_add_item(app_root, hf_2012_1_tunnel_1_version, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(app_root, hf_2012_1_tunnel_1_length, tvb, offset + 1, 2, ENC_BIG_ENDIAN);

        opcode = tvb_get_uint8(tvb, offset + 3);
        if (opcode == 3)
        {
            tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset + 5);

            dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data);
        }
    }

    return tvb_captured_length(tvb);
}

static int dissect_tun_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the APP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint16_t app;
        int app_len;


        app = tvb_get_uint8(tvb, 0);
        app_len = 1;

        col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app);

        /* call the next dissector */
        if (dissector_try_uint(dof_tun_app_dissectors, app, tvb, pinfo, tree))
        {
            col_set_fence(pinfo->cinfo, COL_PROTOCOL);
            col_set_fence(pinfo->cinfo, COL_INFO);

            return tvb_captured_length(tvb);
        }
        else
        {
            proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, 0, app_len,
                                                DOF_APPLICATION_PROTOCOL ", Version: %u", app);
        }
    }

    return 0;
}

/* Packet and Session Data Creation */

static udp_session_data* create_udp_session_data(packet_info *pinfo, conversation_t *conversation _U_)
{
    udp_session_data *packet = wmem_new0(wmem_file_scope(), udp_session_data);

    /* TODO: Determine if this is valid or not. */
    /* WMEM_COPY_ADDRESS( wmem_file_scope(), &packet->server.address, &conversation->key_ptr->addr1 );
    packet->server.port = conversation->key_ptr->port1; */
    copy_address_wmem(wmem_file_scope(), &packet->server.addr, &pinfo->dst);
    packet->server.port = pinfo->destport;

    packet->common.transport_id = proto_2008_1_dof_udp;

    {
        const uint8_t *addr = (const uint8_t *)packet->server.addr.data;
        if ((packet->server.addr.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224))
            packet->common.is_2_node = true;
        else
            packet->common.is_2_node = false;
    }

    packet->common.is_streaming = false;
    packet->common.session_start_ts = pinfo->abs_ts;
    packet->common.negotiation_required = false;
    packet->common.negotiation_complete_at = 0;

    return packet;
}

static tcp_session_data* create_tcp_session_data(packet_info *pinfo, conversation_t *conversation)
{
    tcp_session_data *packet = wmem_new0(wmem_file_scope(), tcp_session_data);

    copy_address_wmem(wmem_file_scope(), &packet->client.addr, conversation_key_addr1(conversation->key_ptr));
    packet->client.port = conversation_key_port1(conversation->key_ptr);
    copy_address_wmem(wmem_file_scope(), &packet->server.addr, conversation_key_addr2(conversation->key_ptr));
    packet->server.port = conversation_key_port2(conversation->key_ptr);

    packet->not_dps = false;

    packet->common.transport_id = proto_2008_1_dof_tcp;
    packet->common.is_2_node = true;
    packet->common.is_streaming = true;
    packet->common.session_start_ts = pinfo->abs_ts;
    packet->common.negotiation_required = true;
    packet->common.negotiation_complete_at = 0;

    return packet;
}

static dof_packet_data* create_packet_data(packet_info *pinfo)
{
    /* Create the packet data. */
    dof_packet_data *packet = wmem_new0(wmem_file_scope(), dof_packet_data);

    packet->data_list = wmem_list_new(wmem_file_scope());
    packet->frame = pinfo->fd->num;
    packet->dof_frame = next_dof_frame++;

    /* Add the packet into the list of packets. */
    if (!globals.dof_packet_head)
    {
        globals.dof_packet_head = packet;
        globals.dof_packet_tail = packet;
    }
    else
    {
        globals.dof_packet_tail->next = packet;
        globals.dof_packet_tail = packet;
    }

    return packet;
}

/* Dissectors for Transports (UDP/TCP) */

/**
 * Dissect a UDP packet. The parent protocol is UDP. No assumptions about DPS
 * data structures are made on input, but before calling common they must
 * be set up.
 * This dissector is registered with the UDP protocol on the standard DPS port.
 * It will be used for anything that involves that port (source or destination).
 */
static int dissect_dof_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    dof_api_data *api_data = (dof_api_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0);
    if (api_data == NULL)
    {
        conversation_t *conversation;
        udp_session_data *transport_session;
        dof_transport_packet *transport_packet;
        /* bool mcast = false; */

        /* {
            uint8_t* addr = (uint8_t*) pinfo->dst.data;
            if ( (pinfo->dst.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224) )
                mcast = true;
        } */

        /* Register the source address as being DPS for the sender UDP port. */
        conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR_B | NO_PORT_B);
        if (!conversation)
        {
            conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR2 | NO_PORT2);
            conversation_set_dissector(conversation, dof_udp_handle);
        }

        /* Find or create the conversation for this transport session. For UDP, the transport session is determined entirely by the
         * server port. This assumes that the first packet seen is from a client to the server.
         */
        conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR_B | NO_PORT_B);
        if (conversation)
        {
            /* TODO: Determine if this is valid or not. */
            /*if ( conversation->key_ptr->port1 != pinfo->destport || ! addresses_equal( &conversation->key_ptr->addr1, &pinfo->dst ) )
                conversation = NULL; */
        }

        if (!conversation)
            conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR2 | NO_PORT2 | CONVERSATION_TEMPLATE);

        transport_session = (udp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_udp);
        if (transport_session == NULL)
        {
            transport_session = create_udp_session_data(pinfo, conversation);
            conversation_add_proto_data(conversation, proto_2008_1_dof_udp, transport_session);
        }

        /* UDP has no framing or retransmission issues, so the dof_api_data is stored directly on the frame. */
        api_data = wmem_new0(wmem_file_scope(), dof_api_data);
        if (api_data == NULL)
            return 0;

        transport_packet = wmem_new0(wmem_file_scope(), dof_transport_packet);
        if (transport_packet == NULL)
            return 0;

        transport_packet->is_sent_by_client = true;
        if (addresses_equal(&transport_session->server.addr, &pinfo->src) && (transport_session->server.port == pinfo->srcport))
            transport_packet->is_sent_by_client = false;

        transport_packet->sender_id = assign_addr_port_id(pinfo->pool, &pinfo->src, pinfo->srcport);
        transport_packet->receiver_id = assign_addr_port_id(pinfo->pool, &pinfo->dst, pinfo->destport);

        api_data->transport_session = &transport_session->common;
        api_data->transport_packet = transport_packet;
        p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0, api_data);
    }

    return dissect_dof_common(tvb, pinfo, tree, api_data);
}

/**
 * Determine if the current offset has already been processed.
 * This is specific to the TCP dissector.
 */
static bool is_retransmission(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
{
    /* TODO: Determine why we get big numbers sometimes... */
    /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
    {
        tcp_ignore_data *id;
        uint32_t sequence = tcpinfo->seq;

        if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
        {
            id = packet->from_client_ignore_list;
        }
        else
        {
            id = packet->from_server_ignore_list;
        }

        while (id != NULL && id->sequence != sequence)
        {
            id = id->next;
        }

        if (id == NULL)
            return false;

        return id->ignore;
    }

    return false;
}

/**
 * We have found and processed packets starting at offset, so
 * don't allow the same (or previous) packets.
 * This only applies to TCP dissector conversations.
 */
static void remember_offset(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
{
    bool ignore = false;

    /* TODO: Determine why we get big numbers sometimes... */
    /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
    {
        tcp_ignore_data **last;
        tcp_ignore_data *id;
        uint32_t sequence;
        uint32_t *seqptr = NULL;

        if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
        {
            last = &(packet->from_client_ignore_list);
            id = packet->from_client_ignore_list;
            sequence = tcpinfo->seq;
            seqptr = &session->from_client_seq;

            if (LE_SEQ(tcpinfo->seq, session->from_client_seq))
                ignore = true;
        }
        else
        {
            last = &(packet->from_server_ignore_list);
            id = packet->from_server_ignore_list;
            sequence = tcpinfo->seq;
            seqptr = &session->from_server_seq;

            if (LE_SEQ(tcpinfo->seq, session->from_server_seq))
                ignore = true;
        }

        while (id != NULL && id->sequence != tcpinfo->seq)
        {
            last = &(id->next);
            id = id->next;
        }

        *seqptr = sequence;
        if (id == NULL)
        {
            *last = wmem_new0(wmem_file_scope(), tcp_ignore_data);
            id = *last;
            id->ignore = ignore;
            id->sequence = tcpinfo->seq;
        }
    }
}

/**
 * This dissector is registered with TCP using the standard port. It uses registered
 * protocols to determine framing, and those dissectors will call into the base
 * DPS dissector for each packet.
 */
static int dissect_dof_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    conversation_t *conversation;
    tcp_session_data *session;
    tcp_packet_data *packet;
    struct tcpinfo *tcpinfo = (struct tcpinfo *)data;
    uint8_t header;

    /* Get the TCP conversation. TCP creates a new conversation for each TCP connection,12
     * so we can "mirror" that by attaching our own data to that conversation. If our
     * data cannot be found, then it is a new connection (to us).
     */
    conversation = find_conversation_pinfo(pinfo, 0);
    {
        /* This should be impossible - the TCP dissector requires this conversation.
         * Bail...
         */
        DISSECTOR_ASSERT(conversation != NULL);
    }


    /* This requires explanation. TCP will call this dissector, and we know
     * that the first byte (offset 0 of this tvb) is the first byte of an
     * DPS packet. The TCP dissector ensures this.
     *
     * We do *not* know that this is the only packet, and
     * so the dissector that we call below must handle framing. All of
     * this state must be stored, and so we store it in a transport
     * data structure. DPS packet data is created later and associated
     * differently.
     *
     * Further, this routine MAY be called MULTIPLE times for the SAME
     * frame with DIFFERENT sequence numbers. This makes handling
     * retransmissions very difficult - we must track each call to this
     * routine with its associated offset and ignore flag. However, due
     * to the way that Wireshark handles asking for more data we cannot
     * mark an offset as "duplicate" until after it has been processed.
     */

    /* TCP packet data is only associated with TCP frames that hold DPS packets. */
    session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_tcp);
    if (session == NULL)
    {
        session = create_tcp_session_data(pinfo, conversation);
        conversation_add_proto_data(conversation, proto_2008_1_dof_tcp, session);
    }

    if (session->not_dps)
        return 0;

    packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0);
    if (packet == NULL)
    {
        packet = wmem_new0(wmem_file_scope(), tcp_packet_data);
        p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0, packet);
    }

    if (is_retransmission(pinfo, session, packet, tcpinfo))
        return 0;

    /* Loop, checking all the packets in this frame and communicating with the TCP
     * desegmenter. The framing dissector entry is used to determine the size
     * of the current frame.
     */
    {
        /* Note that we must handle fragmentation on TCP... */
        int offset = 0;

        while (offset < (int)tvb_reported_length(tvb))
        {
            int available = tvb_ensure_captured_length_remaining(tvb, offset);
            int packet_length;

            header = tvb_get_uint8(tvb, offset);

            /* If we are negotiating, then we do not need the framing dissector
             * as we know the packet length is two. Note that for the first byte
             * of a TCP session there are only two cases, both handled here. An error
             * of not understanding the first byte will trigger that this is not
             * a DPS session.
             */
            if (((header & 0x80) == 0) && session->common.negotiation_required && ((pinfo->fd->num < session->common.negotiation_complete_at) || (session->common.negotiation_complete_at == 0)))
            {
                packet_length = 2;
                if (header > DNP_MAX_VERSION)
                {
                    session->not_dps = true;
                    return 0;
                }
            }
            else
            {
                packet_length = dof_dissect_dnp_length(tvb, pinfo, header & 0x7F, &offset);
                if (packet_length < 0)
                {
                    session->not_dps = true;
                    return offset;
                }
            }

            if (packet_length == 0)
            {
                pinfo->desegment_offset = offset;
                pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
                return offset + available;
            }

            if (available < packet_length)
            {
                pinfo->desegment_offset = offset;
                pinfo->desegment_len = packet_length - available;
                return offset + available;
            }

            remember_offset(pinfo, session, packet, tcpinfo);
            if (is_retransmission(pinfo, session, packet, tcpinfo))
                return 0;

            /* We have a packet. We have to store the dof_packet_data in a list, as there may be
             * multiple DPS packets in a single Wireshark frame.
             */
            {
                tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, packet_length);
                tcp_dof_packet_ref *ref;
                int raw_offset = tvb_raw_offset(tvb) + offset;
                bool ref_is_new = false;

                /* Get the packet data. This is a list in increasing sequence order. */
                if (packet->dof_packets == NULL)
                {
                    ref_is_new = true;
                    ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
                    ref->transport_packet.sender_id = assign_addr_port_id(pinfo->pool, &pinfo->src, pinfo->srcport);
                    ref->transport_packet.receiver_id = assign_addr_port_id(pinfo->pool, &pinfo->dst, pinfo->destport);
                    packet->dof_packets = ref;
                    ref->start_offset = raw_offset;
                }
                else
                    ref = packet->dof_packets;

                /* Find the entry for our offset. */
                while (ref->start_offset != raw_offset)
                {
                    if (ref->next)
                    {
                        ref = ref->next;
                        continue;
                    }

                    {
                        tcp_dof_packet_ref *last = ref;

                        /* This is the default state, NULL and 0. */
                        ref_is_new = true;
                        ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
                        ref->transport_packet.sender_id = last->transport_packet.sender_id;
                        ref->transport_packet.receiver_id = last->transport_packet.receiver_id;
                        ref->start_offset = raw_offset;
                        last->next = ref;
                    }
                }

                if (ref_is_new)
                {
                    dof_transport_packet *tp = &(ref->transport_packet);

                    tp->is_sent_by_client = false;
                    if (addresses_equal(&session->client.addr, &pinfo->src) &&
                        (session->client.port == pinfo->srcport))
                        tp->is_sent_by_client = true;

                    ref->api_data.transport_session = (dof_transport_session *)&(session->common);
                    ref->api_data.transport_packet = tp;
                }


                dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data);
            }

            offset += packet_length;
        }

        return offset;
    }
}

#if 0 /* TODO not used yet */
/**
 * This dissector is registered with the UDP protocol on the standard DPS port.
 * It will be used for anything that involves that port (source or destination).
 */
#if 0
static int dissect_tunnel_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    conversation_t *conversation;
    dof_packet_data *packet;

    /* Initialize the default transport session structure. */
    if (!udp_transport_session)
    udp_transport_session = se_alloc0(sizeof(*udp_transport_session));

    conversation = find_or_create_conversation(pinfo);

    /* Add the packet data. */
    packet = p_get_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0);
    if (!packet)
    {
        packet = wmem_alloc0(wmem_file_scope(), sizeof(dof_packet_data));
        packet->frame = pinfo->fd->num;
        packet->next = NULL;
        packet->start_offset = 0;
        packet->session_counter = &session_counter;
        packet->transport_session = udp_transport_session;
        p_add_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0, packet);
    }

    pinfo->private_data = packet;
    return dissect_tunnel_common(tvb, pinfo, tree);
#else
static int dissect_tunnel_udp(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
#endif
    return 0;
}
#endif


/**
 * This dissector is registered with TCP using the standard port. It uses registered
 * protocols to determine framing, and those dissectors will call into the base
 * DPS dissector for each packet.
 */
static int dissect_tunnel_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    conversation_t *conversation;
    tcp_session_data *session;
    tcp_packet_data *packet;
    struct tcpinfo *tcpinfo = (struct tcpinfo *)data;

    /* Get the TCP conversation. TCP creates a new conversation for each TCP connection,
    * so we can "mirror" that by attaching our own data to that conversation. If our
    * data cannot be found, then it is a new connection (to us).
    */
    conversation = find_conversation_pinfo(pinfo, 0);
    {
        /* This should be impossible - the TCP dissector requires this conversation.
        * Bail...
        */
        DISSECTOR_ASSERT(conversation != NULL);
    }


    /* This requires explanation. TCP will call this dissector, and we know
    * that the first byte (offset 0 of this tvb) is the first byte of an
    * DPS packet. The TCP dissector ensures this.
    *
    * We do *not* know that this is the only packet, and
    * so the dissector that we call below must handle framing. All of
    * this state must be stored, and so we store it in a transport
    * data structure. DPS packet data is created later and associated
    * differently.
    *
    * Further, this routine MAY be called MULTIPLE times for the SAME
    * frame with DIFFERENT sequence numbers. This makes handling
    * retransmissions very difficult - we must track each call to this
    * routine with its associated offset and ignore flag. However, due
    * to the way that Wireshark handles asking for more data we cannot
    * mark an offset as "duplicate" until after it has been processed.
    */

    /* TCP packet data is only associated with TCP frames that hold DPS packets. */
    session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2012_1_tunnel);
    if (session == NULL)
    {
        session = create_tcp_session_data(pinfo, conversation);
        conversation_add_proto_data(conversation, proto_2012_1_tunnel, session);
    }

    packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0);
    if (packet == NULL)
    {
        packet = wmem_new0(wmem_file_scope(), tcp_packet_data);
        p_add_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0, packet);
    }

    if (is_retransmission(pinfo, session, packet, tcpinfo))
        return 0;

    /* Loop, checking all the packets in this TCP frame.
    */
    {
        /* Note that we must handle fragmentation on TCP... */
        int offset = 0;

        while (offset < (int)tvb_reported_length(tvb))
        {
            int available = tvb_reported_length_remaining(tvb, offset);
            int packet_length;
            int header_length;
            int i;

            if (available < 3)
            {
                pinfo->desegment_offset = offset;
                pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
                return offset + available;
            }

            packet_length = 0;
            header_length = 3;

            for (i = 0; i < 2; i++)
                packet_length = packet_length * 256 + tvb_get_uint8(tvb, offset + 1 + i);

            packet_length += header_length;

            if (available < packet_length)
            {
                pinfo->desegment_offset = offset;
                pinfo->desegment_len = packet_length - available;
                return offset + available;
            }

            /* We have a packet. We have to store the dof_packet_data in a list, as there may be
            * multiple DPS packets in a single Wireshark frame.
            */
            {
                tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, packet_length);
                tcp_dof_packet_ref *ref;
                int raw_offset = tvb_raw_offset(tvb) + offset;
                bool ref_is_new = false;

                /* Get the packet data. This is a list in increasing sequence order. */
                if (packet->dof_packets == NULL)
                {
                    ref_is_new = true;
                    ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
                    ref->transport_packet.sender_id = assign_addr_port_id(pinfo->pool, &pinfo->src, pinfo->srcport);
                    ref->transport_packet.receiver_id = assign_addr_port_id(pinfo->pool, &pinfo->dst, pinfo->destport);
                    packet->dof_packets = ref;
                    ref->start_offset = raw_offset;
                }
                else
                    ref = packet->dof_packets;

                /* Find the entry for our offset. */
                while (ref->start_offset != raw_offset)
                {
                    if (ref->next)
                    {
                        ref = ref->next;
                        continue;
                    }

                    {
                        tcp_dof_packet_ref *last = ref;

                        /* This is the default state, NULL and 0. */
                        ref_is_new = true;
                        ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
                        ref->transport_packet.sender_id = last->transport_packet.sender_id;
                        ref->transport_packet.receiver_id = last->transport_packet.receiver_id;
                        ref->start_offset = raw_offset;
                        last->next = ref;
                    }
                }

                if (ref_is_new)
                {
                    dof_transport_packet *tp = &(ref->transport_packet);

                    tp->is_sent_by_client = false;
                    if (addresses_equal(&session->client.addr, &pinfo->src) &&
                        (session->client.port == pinfo->srcport))
                        tp->is_sent_by_client = true;

                    ref->api_data.transport_session = (dof_transport_session *)&(session->common);
                    ref->api_data.transport_packet = tp;
                }

                /* Manage the private data, restoring the existing value. Call the common dissector. */
                {
                    dissect_tunnel_common(next_tvb, pinfo, tree, ref);
                }
            }

            offset += packet_length;
        }

        return tvb_captured_length(tvb);
    }
}

/* Dissectors */

static int dissect_dnp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    unsigned offset = 0;

    uint8_t dnp_flags_included = 0;

    offset = 0;
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the DNP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t header = tvb_get_uint8(tvb, offset);

        dnp_flags_included = (header & 0x80) != 0;

        offset += 1;

        {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv0 ");

            if (dnp_flags_included)
            {
                /* TODO: Protocol violation. */
            }

            if (tvb_reported_length(tvb) == offset)
                col_set_str(pinfo->cinfo, COL_INFO, "Query");
            else
            {
                uint8_t first = tvb_get_uint8(tvb, offset);
                if (first == 0)
                {
                    /* Query with padding. */
                    col_set_str(pinfo->cinfo, COL_INFO, "Query");
                    proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA);
                }
                else
                {
                    /* Response. */
                    col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
                    while (first)
                    {
                        proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_version, tvb, offset, 1, ENC_NA);
                        offset += 1;
                        if (offset == tvb_reported_length(tvb))
                            break;

                        first = tvb_get_uint8(tvb, offset);
                    }

                    if (offset < tvb_reported_length(tvb))
                        proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA);
                }
            }
        }
    }

    col_set_fence(pinfo->cinfo, COL_PROTOCOL);
    col_set_fence(pinfo->cinfo, COL_INFO);
    return tvb_reported_length(tvb);
}

/**
 * Determine the length of the packet in tvb, starting at an offset that is passed as a
 * pointer in private_data.
 * Return 0 if the length cannot be determined because there is not enough data in
 * the buffer, otherwise return the length of the packet.
 */
static int determine_packet_length_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data)
{
    /* Note that we must handle fragmentation on TCP... */
    int offset = *((int *)data);

    {
        int available = tvb_ensure_captured_length_remaining(tvb, offset);
        uint8_t header, flags;
        uint8_t size;
        uint8_t i;
        int data_len, header_len;

        if (available < 2)
            return 0;

        header = tvb_get_uint8(tvb, offset);
        data_len = 0;

        if ((header & 0x80) == 0)
        {
            /* The length is fixed in this case... */
            data_len = 0;
            header_len = 2;
            size = 0;
        }
        else
        {
            flags = tvb_get_uint8(tvb, offset + 1);
            size = flags & 0x03;
            header_len = 2 + size;
        }

        if (available < header_len)
            return 0;

        for (i = 0; i < size; i++)
            data_len = data_len * 256 + tvb_get_uint8(tvb, offset + 2 + i);

        return header_len + data_len;
    }
}

static int dissect_dnp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    int offset = 0;
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet;

    int8_t dnp_version = -1;
    uint8_t dnp_flags_included = 0;
    uint8_t dnp_length_length = 0;
    uint32_t dnp_flags = 0;

    unsigned length = 0;
    unsigned encapsulated_length = 0;

    int i;

    proto_tree *dnp_tree = tree;

    if (!api_data)
    {
        /* TODO: Print error */
        return 0;
    }

    if (!api_data->packet)
    {
        /* TODO: Print error */
        return 0;
    }

    packet = api_data->packet;

    offset = 0;
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the DNP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t header = tvb_get_uint8(tvb, offset);
        uint32_t dnp_src_port = 0;
        uint32_t dnp_dst_port = 0;

        dnp_version = header & 0x7F;
        dnp_flags_included = (header & 0x80) != 0;


        offset += 1;

        {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv1 ");

            if (dnp_flags_included)
            {
                /* Including flags always terminates negotiation. */
                /* packet->negotiated = true; */

                dnp_flags = tvb_get_uint8(tvb, offset);
                if ((dnp_flags & 0xF0) != 0)
                    expert_add_info(pinfo, NULL, &ei_dof_10_flags_zero);

                proto_tree_add_bitmask(dnp_tree, tvb, offset, hf_2009_9_dnp_1_flags, ett_2009_9_dnp_1_flags, bitmask_2009_9_dnp_1_flags, ENC_BIG_ENDIAN);

                offset += 1;
            }
            else
                dnp_flags = DNP_V1_DEFAULT_FLAGS;

            /* Determine the size of the length field. */
            dnp_length_length = dnp_flags & 0x03;
            if (dnp_length_length)
                proto_tree_add_item(dnp_tree, hf_2009_9_dnp_1_length, tvb, offset, dnp_length_length, ENC_BIG_ENDIAN);

            /* Read the length. */
            length = 0;
            for (i = 0; i < dnp_length_length; i++)
                length = (length << 8) | tvb_get_uint8(tvb, offset + i);

            /* Validate the length. */
#if 0
            if ( (length == 0) && packet->negotiated && session && ! session->connectionless )
            {
            expert_add_info( pinfo, NULL, &ei_dof_13_length_specified );
            }
#endif

            offset += dnp_length_length;

            /* If there isn't a length specified then use the packet size. */
            if (dnp_length_length == 0)
                length = tvb_reported_length_remaining(tvb, offset);

            encapsulated_length = length;

            /* Read the srcport */
            if (dnp_flags & 0x04)
            {
                int s_offset = offset;
                proto_item *item;
                int dnp_src_port_len;

                offset = read_c3(tvb, offset, &dnp_src_port, &dnp_src_port_len);
                item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, s_offset, offset - s_offset, dnp_src_port, "Source Address: %u", dnp_src_port);
                validate_c3(pinfo, item, dnp_src_port, dnp_src_port_len);
                encapsulated_length -= (offset - s_offset);
            }
            else
            {
                proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, 0, 0, 0, "Source Address: %u", 0);
                proto_item_set_generated(item);
            }

            /* Read the dstport */
            if (dnp_flags & 0x08)
            {
                int s_offset = offset;
                int dnp_dst_port_len;
                proto_item *item;

                offset = read_c3(tvb, offset, &dnp_dst_port, &dnp_dst_port_len);
                item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, s_offset, offset - s_offset, dnp_dst_port, "Destination Address: %u", dnp_dst_port);
                validate_c3(pinfo, item, dnp_dst_port, dnp_dst_port_len);
                encapsulated_length -= (offset - s_offset);
            }
            else
            {
                proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, 0, 0, 0, "Destination Address: %u", 0);
                proto_item_set_generated(item);
            }
        }

        proto_item_set_end(tree, tvb, offset);

        /* Given the transport session and the DPS port information, determine the DPS session. */
        if (api_data->session == NULL)
        {
            uint32_t client;
            uint32_t server;

            if (api_data->transport_packet->is_sent_by_client)
            {
                client = dnp_src_port;
                server = dnp_dst_port;
            }
            else
            {
                client = dnp_dst_port;
                server = dnp_src_port;
            }

            api_data->session = dof_ns_session_retrieve(api_data->transport_session->transport_session_id, client, server);
            if (api_data->session == NULL)
            {
                dof_session_data *sdata = wmem_new0(wmem_file_scope(), dof_session_data);
                dof_ns_session_define(api_data->transport_session->transport_session_id, client, server, sdata);
                sdata->session_id = globals.next_session++;
                sdata->dof_id = dnp_version;
                api_data->session = sdata;
            }
        }

        packet->sender_id = dnp_src_port;
        packet->receiver_id = dnp_dst_port;

        /* Assuming there is more, it must be DPP. */

        /* We have a packet. */
        {
            tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, encapsulated_length);
            offset += dof_dissect_dpp_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
        }
    }

    col_set_fence(pinfo->cinfo, COL_PROTOCOL);
    col_set_fence(pinfo->cinfo, COL_INFO);
    return offset;
}

static int dissect_dpp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    unsigned offset = 0;

    uint8_t dpp_flags_included = 0;

    offset = 0;
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the DPP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t header = tvb_get_uint8(tvb, offset);

        dpp_flags_included = (header & 0x80) != 0;

        offset += 1;

        {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv0 ");

            if (dpp_flags_included)
            {
                /* TODO: Protocol violation. */
            }

            if (tvb_reported_length(tvb) == offset)
                col_set_str(pinfo->cinfo, COL_INFO, "Query");
            else
            {
                uint8_t first = tvb_get_uint8(tvb, offset);
                /* Response. */
                col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
                while (first)
                {
                    proto_tree_add_item(tree, hf_2008_1_dpp_0_1_1_version, tvb, offset, 1, ENC_NA);
                    offset += 1;
                    if (offset == tvb_reported_length(tvb))
                        break;

                    first = tvb_get_uint8(tvb, offset);
                }
            }
        }
    }

    col_set_fence(pinfo->cinfo, COL_PROTOCOL);
    col_set_fence(pinfo->cinfo, COL_INFO);
    return tvb_reported_length(tvb);
}

static int dissect_dpp_v2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;
    int offset = 0;
    uint8_t opcode;
    uint16_t app;
    int app_len;
    proto_item *ti;
    proto_tree *dpps_tree;
    proto_tree *opid_tree;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPs ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_2009_12_dpp_common, tvb, offset, -1, ENC_NA);
    dpps_tree = proto_item_add_subtree(ti, ett_2009_12_dpp_common);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(dpps_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);


    /* Retrieve the opcode. */
    opcode = tvb_get_uint8(tvb, offset);
    if (!packet_data->is_command)
        opcode |= OP_2009_12_RESPONSE_FLAG;

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"));

    /* Opcode */
    proto_tree_add_uint_format(dpps_tree, hf_2009_12_dpp_2_14_opcode, tvb, offset, 1, opcode & 0x3F, "Opcode: %s (%u)", val_to_str(pinfo->pool, opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"), opcode & 0x3F);
    offset += 1;

    switch (opcode)
    {
    case OP_2009_12_SOURCE_LOST_CMD:
    case OP_2009_12_SOURCE_FOUND_CMD:
    case OP_2009_12_RENAME_CMD:
        packet_data->has_referenced_opid = true;

        /* FALL THROUGH */

    case OP_2009_12_CANCEL_ALL_CMD:
    case OP_2009_12_NODE_DOWN_CMD:
    case OP_2009_12_QUERY_RSP:
        /* SID */
    {
        proto_tree *oid_tree;
        int opid_len;
        tvbuff_t *next_tvb;

        if (packet_data->has_referenced_opid)
        {
            opid_tree = proto_tree_add_subtree(dpps_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
        }
        else
        {
            opid_tree = dpps_tree;
        }

        oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");

        next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset);
        opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);

        learn_sender_sid(api_data, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));
        if (packet_data->has_referenced_opid)
            learn_operation_sid(&packet_data->ref_op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));

        offset += opid_len;
    }

        if (packet_data->has_referenced_opid)
        {
            uint32_t opcnt;
            int opcnt_len;
            proto_item *pi;

            read_c4(tvb, offset, &opcnt, &opcnt_len);
            pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
            validate_c4(pinfo, pi, opcnt, opcnt_len);
            offset += opcnt_len;

            packet_data->ref_op.op_cnt = opcnt;
        }

        break;
    }
    return offset;
}

static int dissect_dpp_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;

    proto_item *ti = NULL;
    proto_item *tf = NULL;
    proto_item *opid = NULL;

    int opid_start = -1;
    uint8_t dpp_flags_included = 0;
    uint32_t dpp_flags = 0;
    uint8_t dpp_opid_keytype = 0;

    proto_tree *dpp_flags_tree;
    proto_tree *opid_tree = NULL;


    int offset = 0;

    proto_tree *dpp_tree = tree;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* We should have everything required for determining the SID ID. */
    assign_sid_id(api_data);

    offset = 0;
    col_clear(pinfo->cinfo, COL_INFO);

    /* Compute the DPP control information. This is the version and the flags byte.
    * The flags byte is either present, or is based on the version (and can be defaulted).
    */
    {
        uint8_t header = tvb_get_uint8(tvb, offset);
        dpp_flags_included = (header & 0x80) != 0;
        offset += 1;

        {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv2 ");

            ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_sid_num, tvb,
                                            0, 0, packet_data->sender_sid_id, "SID ID: %d", packet_data->sender_sid_id);
            proto_item_set_generated(ti);

            if (packet_data->sender_sid)
            {
                const char *SID = dof_oid_create_standard_string(pinfo->pool, packet_data->sender_sid[0], packet_data->sender_sid + 1, pinfo);
                ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_sid_str, tvb, 0, 0, packet_data->sender_sid, "%s", SID);
                proto_item_set_generated(ti);
            }

            ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_rid_num, tvb,
                                            0, 0, packet_data->receiver_sid_id, "RID ID: %d", packet_data->receiver_sid_id);
            proto_item_set_generated(ti);

            if (packet_data->receiver_sid)
            {
                const char *SID = dof_oid_create_standard_string(pinfo->pool, packet_data->receiver_sid[0], packet_data->receiver_sid + 1, pinfo);
                ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_rid_str, tvb, 0, 0, packet_data->receiver_sid, "%s", SID);
                proto_item_set_generated(ti);
            }

            if (dpp_flags_included)
            {
                dpp_flags = tvb_get_uint8(tvb, offset);
                if (((dpp_flags & 0x10) != 0) && ((dpp_flags & 0x0F) != 0))
                    expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero);
                if (((dpp_flags & 0x10) == 0) && ((dpp_flags & 0x09) != 0))
                    expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero);

                tf = proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_flags, tvb,
                                                offset, 1, dpp_flags, "Flags: 0x%02x", dpp_flags);

                dpp_flags_tree = proto_item_add_subtree(tf, ett_2009_12_dpp_2_1_flags);

                if (dpp_flags == DPP_V2_DEFAULT_FLAGS)
                    expert_add_info(pinfo, dpp_flags_tree, &ei_dpp_default_flags);

                proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_security, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_opid, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_cmdrsp, tvb, offset, 1, ENC_NA);
                if ((dpp_flags & 0x10) == 0)
                {
                    proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_seq, tvb, offset, 1, ENC_NA);
                    proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_retry, tvb, offset, 1, ENC_NA);
                }

                offset += 1;
            }
            else
                dpp_flags = DPP_V2_DEFAULT_FLAGS;

            packet_data->is_command = (dpp_flags & 0x10) == 0;

            /* We are allowed to be complete here if still negotiating. */
            /*if ( ! packet->negotiated && (offset == tvb_reported_length(tvb)) )
            {
            col_set_str( pinfo->cinfo, COL_INFO, "DPS Negotiation" );
            return 1;
            }*/

            dpp_opid_keytype = (dpp_flags & 0x60) >> 5;
            switch (dpp_opid_keytype)
            {
            case 0: /* No OPID */
                packet_data->has_opid = false;
                break;

            case 1: /* Implied sender. */
                packet_data->has_opid = true;
                packet_data->op.op_sid_id = packet_data->sender_sid_id;
                packet_data->op.op_sid = packet_data->sender_sid;
                break;

            case 2: /* Implied receiver. */
                packet_data->has_opid = true;
                packet_data->op.op_sid_id = packet_data->receiver_sid_id;
                packet_data->op.op_sid = packet_data->receiver_sid;
                break;

            case 3: /* Explicit. */
                packet_data->has_opid = true;
                break;
            }

            if (dpp_opid_keytype != 0)
            {
                opid_start = offset;
                opid_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
            }

            switch (dpp_opid_keytype)
            {
            case 0: /* We have no opid. */
                break;

            case 3: /* Explicit. */
            {
                proto_tree *oid_tree;
                tvbuff_t *next_tvb;
                int opid_len;

                oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");

                next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset);
                opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);
                proto_item_set_len(oid_tree, opid_len);

                learn_operation_sid(&packet_data->op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));

                /* Warn if Explicit SID could be optimized. */
                if (packet_data->op.op_sid_id == packet_data->sender_sid_id)
                    expert_add_info(pinfo, ti, &ei_dpp_explicit_sender_sid_included);
                if (packet_data->op.op_sid_id == packet_data->receiver_sid_id)
                    expert_add_info(pinfo, ti, &ei_dpp_explicit_receiver_sid_included);

                offset += opid_len;
            }

                /* FALL THROUGH */

            case 1: /* Implied sender. */
            case 2: /* Implied receiver. */
            {
                uint32_t opcnt;
                int opcnt_len;
                proto_item *pi;

                /* Display the SID if known. */
                if ((dpp_opid_keytype != 3) && packet_data->op.op_sid)
                {
                    proto_tree *oid_tree;

                    tvbuff_t *next_tvb = tvb_new_child_real_data(tvb, packet_data->op.op_sid + 1, packet_data->op.op_sid[0], packet_data->op.op_sid[0]);
                    oid_tree = proto_tree_add_subtree(opid_tree, tvb, 0, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");

                    call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);

                    proto_item_set_generated(ti);
                }

                read_c4(tvb, offset, &opcnt, &opcnt_len);
                pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
                validate_c4(pinfo, pi, opcnt, opcnt_len);
                offset += opcnt_len;

                proto_item_set_len(opid, offset - opid_start);

                packet_data->op.op_cnt = opcnt;

                /* At this point we have a packet with an operation identifier. We need to
                * update the master list of operation identifiers, and do any checking that
                * we can in order to validate things.
                */
                if (packet_data->has_opid && !packet_data->opid_first)
                {
                    dof_packet_data *first = (dof_packet_data *)g_hash_table_lookup(dpp_opid_to_packet_data, (const void *) & packet_data->op);
                    if (first == NULL)
                    {
                        /* First reference to this operation. */
                        g_hash_table_insert(dpp_opid_to_packet_data, (void *) & packet_data->op, (void *)packet_data);
                        packet_data->opid_first = packet_data;
                        packet_data->opid_last = packet_data;

                        /* The first opid must be a command. */
                    }
                    else
                    {
                        /* Operation exists, time to patch things in. */
                        packet_data->opid_first = first;
                        first->opid_last->opid_next = packet_data;
                        first->opid_last = packet_data;

                        if (!packet_data->is_command)
                        {
                            if (!first->opid_first_response)
                            {
                                first->opid_first_response = packet_data;
                                first->opid_last_response = packet_data;
                            }
                            else
                            {
                                first->opid_last_response->opid_next_response = packet_data;
                                first->opid_last_response = packet_data;
                            }
                        }
                    }
                }


                /* Add all the reference information to the tree. */
                if (globals.track_operations && tree)
                {
                    proto_tree *ophistory_tree = proto_tree_add_subtree(tree, tvb, 0, 0, ett_2009_12_dpp_2_opid_history, NULL, "Operation History");

                    dof_packet_data *ptr = packet_data->opid_first;

                    if (ptr)
                        proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_command,
                                                   tvb, 0, 0, ptr->frame,
                                                   "First Operation: %u",
                                                   ptr->frame);

                    if (ptr->opid_last && ptr->opid_last != ptr)
                        proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_command,
                                                   tvb, 0, 0, ptr->opid_last->frame,
                                                   "Last Operation: %u",
                                                   ptr->opid_last->frame);

                    if (ptr->opid_first_response)
                        proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_response,
                                                   tvb, 0, 0, ptr->opid_first_response->frame,
                                                   "First Response: %u",
                                                   ptr->opid_first_response->frame);

                    if (ptr->opid_last_response && ptr->opid_last_response != ptr->opid_first_response)
                        proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_response,
                                                   tvb, 0, 0, ptr->opid_last_response->frame,
                                                   "Last Response: %u",
                                                   ptr->opid_last_response->frame);

                    /* Determine the window start, then output the number of packets. Output the number of skipped packets before
                    * and after.
                    */
                    {
                        dof_packet_data *start = packet_data->opid_first;
                        unsigned diff = 0;
                        while (ptr)
                        {
                            if (ptr == packet_data)
                                break;

                            ptr = ptr->opid_next;
                            diff += 1;

                            if (diff > globals.track_operations_window)
                            {
                                start = start->opid_next;
                                diff -= 1;
                            }
                        }

                        ptr = start;
                        diff = 0;

                        while (ptr)
                        {
                            const char *THIS = "";

                            if (ptr == packet_data)
                            {
                                THIS = "this ";
                                diff = globals.track_operations_window + 1;
                            }

                            /* (DPS Frame) [ws WS Frame]: (SID)->(RID): (THIS) (SUMMARY) */
                            proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_related_frame,
                                                       tvb, 0, 0, ptr->frame,
                                                       "%u[ws %u]: %u->%u: %s%s",
                                                       ptr->dof_frame, ptr->frame,
                                                       ptr->sender_sid_id, ptr->receiver_sid_id,
                                                       THIS,
                                                       ptr->summary ? ptr->summary : "");

                            ptr = ptr->opid_next;
                            if (diff && !--diff)
                                break;
                        }
                    }
                }
            }
                break;
            }

            proto_item_set_len(opid_tree, offset - opid_start);

            {
                if ((dpp_flags & 0x10) == 0)
                {
                    uint8_t dpp_seq = 0;
                    uint8_t dpp_retry = 0;
                    uint16_t dpp_delay = 0;

                    /* Extract SEQ */
                    if (dpp_flags & 0x04)
                    {
                        dpp_seq = tvb_get_uint8(tvb, offset);
                        proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_seq, tvb, offset, 1, dpp_seq, "Sequence: %u", dpp_seq);
                        offset += 1;
                    }

                    /* Extract Retry */
                    if (dpp_flags & 0x02)
                    {
                        dpp_retry = tvb_get_uint8(tvb, offset);
                        proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_retry, tvb, offset, 1, dpp_retry, "Retry: %u", dpp_retry);
                        offset += 1;
                    }

                    /* Extract Delay */
                    {
                        dpp_delay = tvb_get_uint8(tvb, offset);
                        if (dpp_delay > 128)
                            dpp_delay = 128 + ((dpp_delay - 128) * 32);

                        proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_delay, tvb, offset, 1, dpp_delay, "Delay: %u seconds", dpp_delay);
                        offset += 1;
                    }

                    packet_data->summary = wmem_strdup_printf(wmem_file_scope(), "command seq %u, retry %u, delay %u", dpp_seq, dpp_retry, dpp_delay);
                }
                else
                    packet_data->summary = "response";
            }

            /* Extract session information. */
            if (dpp_flags & 0x80)
            {
                uint32_t sec_offset = offset;
                uint8_t sh_flags;
                uint32_t ssid;
                proto_tree *security_tree;
                proto_tree *sec_flags_tree;
                proto_item *item;

                security_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, -1, ett_2009_12_dpp_2_3_security, NULL, "Security Header");

                sh_flags = tvb_get_uint8(tvb, offset);
                item = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_flags, tvb,
                                                  offset, 1, sh_flags, "Flags: 0x%02x", sh_flags);

                sec_flags_tree = proto_item_add_subtree(item, ett_2009_12_dpp_2_3_sec_flags);
                proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_secure, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_rdid, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_partition, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_as, tvb, offset, 1, ENC_NA);
                proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_ssid, tvb, offset, 1, ENC_NA);
                offset += 1;

                ssid = 0;
                if (sh_flags & DPP_V2_SEC_FLAG_S)
                {
                    int s_offset = offset;
                    int ssid_len;
                    proto_item *pi;
                    offset = read_c4(tvb, offset, &ssid, &ssid_len);
                    pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_ssid, tvb, s_offset, offset - s_offset, ssid, "Security State Identifier: %u (0x%x)", ssid, ssid);
                    validate_c4(pinfo, pi, ssid, ssid_len);
                }

                /* At this point we know the transport information, DNP port information, and the
                * SSID. This means that we can isolate the session that this communication belongs
                * to. Note that all uses of an SSID are scoped by the transport.
                */
                if (sh_flags & DPP_V2_SEC_FLAG_A)
                    ssid |= AS_ASSIGNED_SSID;

                if (api_data->session && !api_data->secure_session)
                {
                    dof_secure_session_data *search = api_data->session->secure_sessions;
                    while (search)
                    {
                        if (ssid == search->ssid)
                            break;

                        search = search->next;
                    }

                    if (search)
                    {
                        api_data->session = search->parent;
                        api_data->secure_session = search;
                    }
                }

                if (sh_flags & DPP_V2_SEC_FLAG_D)
                {
                    int s_offset = offset;
                    uint32_t rdid;
                    int rdid_len;
                    proto_item *pi;
                    offset = read_c4(tvb, offset, &rdid, &rdid_len);
                    pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_rdid, tvb, s_offset, offset - s_offset, rdid, "Remote Domain Identifier: %u (0x%x)", rdid, rdid);
                    validate_c4(pinfo, pi, rdid, rdid_len);

                    offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree,
                                                      offset, hf_2009_12_dpp_2_3_sec_remote_partition, ett_2009_12_dpp_2_3_sec_remote_partition, NULL);
                }

                if (sh_flags & DPP_V2_SEC_FLAG_P)
                {
                    offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree,
                                                      offset, hf_2009_12_dpp_2_3_sec_partition, ett_2009_12_dpp_2_3_sec_partition, NULL);
                }

                if (sh_flags & DPP_V2_SEC_FLAG_E)
                {
                    /* If we get here without success, then we can only bail. */
                    if (packet_data->security_session_error)
                    {
                        col_set_str(pinfo->cinfo, COL_INFO, packet_data->security_session_error);
                        proto_item_set_end(tree, tvb, offset);
                        expert_add_info(pinfo, security_tree, &ei_dpp_no_security_context);
                        {
                            tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset);
                            call_data_dissector(data_tvb, pinfo, tree);
                        }
                        proto_item_set_len(security_tree, offset - sec_offset);
                        return offset;
                    }

                    if (!api_data->secure_session)
                    {
                        packet_data->security_session_error = "[Encrypted - No Session Available]";
                        proto_item_set_len(security_tree, offset - sec_offset);
                        return offset;
                    }

                    /* Security has not failed, and we have a security session. */
                    {
                        dissector_table_t sec_header = find_dissector_table("dof.secmode");
                        /* TODO: CCM is hardcoded. We should try all of the sessions, which could mean multiple security modes. */
                        dissector_handle_t dp = dissector_get_uint_handle(sec_header, 0x6001); /* packet_data->security_session->security_mode); */
                        if (dp)
                        {
                            dof_secmode_api_data sdata;

                            sdata.context = HEADER;
                            sdata.security_mode_offset = offset;
                            sdata.dof_api = api_data;
                            sdata.secure_session = api_data->secure_session;
                            sdata.session_key_data = NULL;

                            offset += call_dissector_only(dp, tvb, pinfo, security_tree, &sdata);

                            if (!packet_data->decrypted_buffer)
                            {
                                proto_item_set_end(tree, tvb, offset);
                                proto_item_set_len(security_tree, offset - sec_offset);
                                return offset;
                            }
                        }
                    }
                }
                proto_item_set_len(security_tree, offset - sec_offset);
            }

            /* The end of the packet must be called in the original tvb or chaos ensues... */
            proto_item_set_end(tree, tvb, offset);
        }


        if (packet_data->decrypted_tvb)
        {
            tvb = packet_data->decrypted_tvb;
            offset = packet_data->decrypted_offset;
        }

        /* Assuming there is more, it must be DPP. */
        /* We have a packet. We must handle the special case of this being *our* application
        * protocol (0x7FFF). If it is, then *we* are the dissector...
        */
        {
            uint16_t app;
            tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset);

            read_c2(tvb, offset, &app, NULL);
            if (app == 0x7FFF)
            {
                offset += dissect_dpp_v2_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
            }
            else
            {
                offset += dissect_app_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
            }
        }
    }

    col_set_fence(pinfo->cinfo, COL_PROTOCOL);
    col_set_fence(pinfo->cinfo, COL_INFO);
    return offset;
}

static int dissect_options(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    while (offset < (int)tvb_captured_length(tvb))
    {
        proto_tree *subtree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_2008_1_dsp_12_option, NULL, "Option");
        tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
        int len = dissect_2008_1_dsp_1(next_tvb, pinfo, subtree);
        proto_item_set_len(proto_tree_get_parent(subtree), len);
        offset += len;
    }

    return offset;
}

static int dissect_dsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;
    unsigned offset = 0;
    uint8_t opcode;
    uint16_t app;
    int app_len;
    proto_item *ti;
    proto_tree *dsp_tree;
    proto_tree *options_tree;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_2008_1_dsp, tvb, offset, -1, ENC_NA);
    dsp_tree = proto_item_add_subtree(ti, ett_2008_1_dsp_12);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);

#if 0
    if (!packet->is_streaming)
    {
        col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 ");

        if (tvb_captured_length(tvb) == offset)
        col_set_str(pinfo->cinfo, COL_INFO, "Query");
        else
        {
            col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
            while (offset < tvb_captured_length(tvb))
            {
                uint16_t app;
                int start = offset;
                offset = read_c2(tvb, offset, &app, NULL);
                proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, app);
            }
        }

        return offset;
    }
#endif

    if (offset == tvb_captured_length(tvb))
    {
        col_append_str(pinfo->cinfo, COL_INFO, "DSP [nop]");
        expert_add_info(pinfo, dsp_tree, &ei_implicit_no_op);

        return offset;
    }

    /* Determine the ESP opcode. */
    opcode = tvb_get_uint8(tvb, offset);

    if (!packet_data->is_command)
        opcode |= OP_2008_1_RSP;

    proto_tree_add_uint_format(dsp_tree, hf_2008_1_dsp_12_opcode, tvb, offset, 1, opcode, "Opcode: %s (%u)", val_to_str(pinfo->pool, opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"), opcode & 0x7F);
    offset += 1;
    col_append_sep_str(pinfo->cinfo, COL_INFO, "/", val_to_str(pinfo->pool, opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"));

    switch (opcode)
    {
    case OP_2008_1_OPEN_CMD: /* 2008.1 DSP.14.1 */
        break;

    case OP_2008_1_OPEN_RSP: /* 2008.1 DSP.14.2 */
    case OP_2008_1_OPEN_SECURE_RSP: /* 2008.1 DSP.14.3 */
    {
        while (offset < tvb_captured_length(tvb))
        {
            uint16_t ap;
            int length;
            proto_item *pi;
            int start = offset;
            offset = read_c2(tvb, offset, &ap, &length);
            pi = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, ap);
            validate_c2(pinfo, pi, ap, length);
        }
    }
        break;

    case OP_2008_1_QUERY_CMD:
        break;

    case OP_2008_1_QUERY_RSP:
        break;

    case OP_2008_1_CONFIG_ACK:
        break;

    case OP_2008_1_CONFIG_REQ:
        /* This will start a session if not existing... */
        /* FALL THROUGH */

    case OP_2008_1_CONFIG_NAK:
    {
        int length = tvb_captured_length(tvb) - offset;

        options_tree = proto_tree_add_subtree_format(dsp_tree, tvb, offset, length, ett_2008_1_dsp_12_options, NULL,
                                                     "DSP Options: (%d byte%s)", length, plurality(length, "", "s"));
        offset = dissect_options(tvb, offset, pinfo, options_tree, NULL);
    }
        break;

    case OP_2008_1_CONFIG_REJ:
        /* TODO: Handle reject. */
        break;

    case OP_2008_1_TERMINATE_CMD:
    case OP_2008_1_TERMINATE_RSP:
        /* Nothing */
        break;
    }

    return offset;
}

static int dissect_ccm_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    /* We are handed a buffer that starts with an option and our protocol id. Any options follow that. */
    int offset = 0;
    proto_item *parent = proto_tree_get_parent(tree);
    uint8_t len, strength_count, i;
    proto_item *ti;
    proto_tree *ccm_tree;

    /* Append description to the parent. */
    proto_item_append_text(parent, " (CCM)");

    /* Compute the version and flags, masking off other bits. */
    offset += 3; /* Skip the type and protocol. */
    len = tvb_get_uint8(tvb, offset++);

    ti = proto_tree_add_item(tree, hf_ccm_dsp_option, tvb, offset, len, ENC_NA);
    ccm_tree = proto_item_add_subtree(ti, ett_ccm_dsp_option);

    strength_count = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength_count, tvb, offset++, 1, ENC_NA);

    for (i = 0; i < strength_count; i++)
        proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength, tvb, offset++, 1, ENC_NA);

    proto_tree_add_item(ccm_tree, hf_ccm_dsp_e_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(ccm_tree, hf_ccm_dsp_m_flag, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmax, tvb, offset, 1, ENC_NA);
    proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmin, tvb, offset, 1, ENC_NA);

    offset += 1;
    return offset;
}

/**
 * This is the main entry point for the CCM dissector. It is always called from an DPS
 * dissector, and is always passed the dof_secmode_data structure.
 */
static int dissect_ccm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_secmode_api_data *secmode_api_data;
    dof_session_key_exchange_data *key_data;

    secmode_api_data = (dof_secmode_api_data *)data;
    if (secmode_api_data == NULL)
    {
        return 0;
    }

    key_data = secmode_api_data->session_key_data;

    /* Based on the context of the request, handle the work. */
    switch (secmode_api_data->context)
    {
    case INITIALIZE:
        /* Parse off the initialization fields, and if necessary create the security mode state
        * that is being initialized. This is passed the DPS data, DPS session data, and Key Exchange Data.
        */
    {
        ccm_session_data *ccm_data = (ccm_session_data *)key_data->security_mode_key_data;
        int offset = 0;
        uint8_t header;
        uint16_t length;

        if (!ccm_data)
        {
            /* We need to parse the initialization data. */
            ccm_data = wmem_new0(wmem_file_scope(), ccm_session_data);
            if (!ccm_data)
                return 0;
            wmem_register_callback(wmem_file_scope(), dof_sessions_destroy_cb, ccm_data);

            key_data->security_mode_key_data = ccm_data;

            if (!key_data->security_mode_data || key_data->security_mode_data_length < 3)
                return 0;

            /* TODO: Not sure that these are all right. */
            ccm_data->protocol_id = DOF_PROTOCOL_CCM;
            ccm_data->cipher = key_data->security_mode_data[1];
            ccm_data->encrypted = key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x80;
            ccm_data->mac_len = (key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x07) * 2 + 2;
            ccm_data->client_datagram_number = 0;
            ccm_data->server_datagram_number = 0;

            switch (ccm_data->protocol_id)
            {
            case DOF_PROTOCOL_CCM:
                if (gcry_cipher_open(&ccm_data->cipher_data, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
                    return 0;
                }
                break;

            default:
                return 0;
            }
        }

        if (secmode_api_data->dof_api->transport_session->is_2_node)
        {
            switch (ccm_data->protocol_id)
            {
            case DOF_PROTOCOL_CCM:
                if (gcry_cipher_setkey(ccm_data->cipher_data, key_data->session_key, 32)) {
                    gcry_cipher_close(ccm_data->cipher_data);
                    ccm_data->cipher_data = NULL;
                    return 0;
                }
                break;

            default:
                return 0;
            }

            /* This mode has a fixed size, so we can return here without parsing further. */
            return 2;
        }

        offset = read_c2(tvb, offset, &length, NULL);
        /* TODO validate C2 */
        header = tvb_get_uint8(tvb, offset);
        offset += 1;

        /* Determine the period, and store the key. */
        {
            uint8_t period = (header & 0x70) >> 4;
            if (ccm_data->cipher_data_table == NULL)
            {
                gcry_cipher_hd_t ekey;
                if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
                    return 0;
                }

                ccm_data->cipher_data_table = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, dof_cipher_data_destroy);
                ccm_data->period = 1;
                ccm_data->periods[period] = ccm_data->period;

                switch (ccm_data->protocol_id)
                {
                case DOF_PROTOCOL_CCM:
                    if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
                        gcry_cipher_close(ekey);
                        return 0;
                    }
                    break;

                default:
                    gcry_cipher_close(ekey);
                    return 0;
                }

                g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
            }
            else
            {
                uint32_t lookup = ccm_data->periods[period];

                if (!lookup)
                {
                    gcry_cipher_hd_t ekey;
                    if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
                        return 0;
                    }
                    switch (ccm_data->protocol_id)
                    {
                    case DOF_PROTOCOL_CCM:
                        if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
                            gcry_cipher_close(ekey);
                            return 0;
                        }
                        break;

                    default:
                        gcry_cipher_close(ekey);
                        return 0;
                    }

                    ccm_data->period += 1;
                    ccm_data->periods[period] = ccm_data->period;
                    g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
                }
                else
                {
                    uint8_t *in_table = (uint8_t *)g_hash_table_lookup(ccm_data->cipher_data_table, GUINT_TO_POINTER(lookup));
                    if (memcmp(key_data->session_key, in_table, 32) != 0)
                    {
                        gcry_cipher_hd_t ekey;
                        if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
                            return 0;
                        }
                        switch (ccm_data->protocol_id)
                        {
                        case DOF_PROTOCOL_CCM:
                            if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
                                gcry_cipher_close(ekey);
                                return 0;
                            }
                            break;

                        default:
                            gcry_cipher_close(ekey);
                            return 0;
                        }

                        ccm_data->period += 1;
                        ccm_data->periods[period] = ccm_data->period;
                        g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
                    }
                }
            }
        }

        return offset + length - 1;
    }

    case HEADER:
    {
        ccm_session_data *session;
        dof_transport_session *transport_session = (dof_transport_session *)secmode_api_data->dof_api->transport_session;
        dof_secure_session_data *secure_session = secmode_api_data->secure_session;
        dof_session_key_exchange_data *security_data = NULL;
        dof_packet_data *dof_packet = secmode_api_data->dof_api->packet;
        uint8_t ccm_flags;
        uint32_t nid;
        uint16_t slot = 0;
        uint32_t pn = 0;
        bool pn_present = false;
        uint32_t tnid;
        uint32_t nnid;
        proto_tree *ccm_flags_tree;
        proto_tree *header_tree;
        proto_item * item,*header;
        ccm_packet_data *pdata;
        int offset = 0;

        if (!dof_packet->security_session)
        {
            if (transport_session->is_streaming)
            {
                /* Find the first security data that is applicable - they are in order of packet sequence. */
                security_data = secure_session->session_security_data;
                while (security_data)
                {
                    if (dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->i_valid))
                        break;

                    if (!dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->r_valid))
                        break;

                    security_data = security_data->next;
                }

                if (security_data)
                    dof_packet->security_session = security_data;
                else
                {
                    dof_packet->security_session_error = "[Encrypted - No Session Available]";
                    return offset;
                }
            }
            else
            {
                dof_packet->security_session = secure_session->session_security_data;
                security_data = dof_packet->security_session;
            }
        }
        else
        {
            security_data = dof_packet->security_session;
        }

        if (!security_data || !security_data->session_key || !security_data->security_mode_key_data)
        {
            dof_packet->security_session_error = "[Encrypted - No Session Available]";
            return offset;
        }

        session = (ccm_session_data *)security_data->security_mode_key_data;
        offset = secmode_api_data->security_mode_offset;

        /* Add a master header for this protocol. */
        header = proto_tree_add_protocol_format(tree, proto_ccm, tvb, offset, 0,
                                                "CCM Security Mode, Version: 1");
        header_tree = proto_item_add_subtree(header, ett_header);
        tree = header_tree;

        ccm_flags = tvb_get_uint8(tvb, offset);
        item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_flags, tvb,
                                          offset, 1, ccm_flags, "Flags: 0x%02x", ccm_flags);

        ccm_flags_tree = proto_item_add_subtree(item, ett_epp_v1_ccm_flags);
        proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_manager, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_period, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_target, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_next_nid, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_packet, tvb, offset, 1, ENC_NA);
        offset += 1;

        if (ccm_flags & 0x01)
            pn_present = true;

        pdata = (ccm_packet_data *)dof_packet->security_packet;
        if (!pdata)
        {
            pdata = wmem_new0(wmem_file_scope(), ccm_packet_data);
            if (pdata)
            {
                dof_packet->security_packet = pdata;

                if (transport_session->is_2_node)
                {
                    if (dof_packet->is_sent_by_initiator)
                    {
                        pdata->nid = 0;
                        if (pn_present == false)
                            pdata->dn = ++session->client_datagram_number;
                        else
                            pdata->dn = pn;
                    }
                    else
                    {
                        pdata->nid = 1;
                        if (pn_present == 0)
                            pdata->dn = ++session->server_datagram_number;
                        else
                            pdata->dn = pn;
                    }
                }
                else
                {
                    uint8_t packet_period = (ccm_flags & 0x70) >> 4;
                    pdata->period = session->periods[packet_period];
                }
            }
        }

        if (!pdata)
            return offset - secmode_api_data->security_mode_offset;

        if (!secure_session->is_2_node)
        {
            int nid_len;
            proto_item *pi;
            read_c4(tvb, offset, &nid, &nid_len);
            /* TODO: Do this right, as offset from BNID. */
            nid /= 2;
            pdata->nid = nid;
            pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, offset, nid_len, nid, "Node ID: %u", nid);
            validate_c4(pinfo, pi, nid, nid_len);
            offset += nid_len;
        }
        else
        {
            item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, 0, 0, pdata->nid, "Node ID: %u", pdata->nid);
            proto_item_set_generated(item);
        }

        if (!secure_session->is_2_node)
        {
            int slot_len;
            proto_item *pi;
            read_c2(tvb, offset, &slot, &slot_len);
            pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, offset, slot_len, slot, "Slot: %hu", slot);
            validate_c2(pinfo, pi, slot, slot_len);
            offset += slot_len;
        }
        else
        {
            item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, 0, 0, 0, "Slot: %u", 0);
            proto_item_set_generated(item);
        }

        if (ccm_flags & 0x01)
        {
            int pn_len;
            proto_item *pi;
            read_c4(tvb, offset, &pn, &pn_len);
            pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, offset, pn_len, pn, "Packet Number: %u", pn);
            validate_c4(pinfo, pi, pn, pn_len);
            pdata->dn = pn;
            offset += pn_len;
        }
        else
        {
            item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, 0, 0, pdata->dn, "Packet Number: %u", pdata->dn);
            proto_item_set_generated(item);
        }

        if (ccm_flags & 0x08)
        {
            int tnid_len;
            proto_item *pi;
            read_c4(tvb, offset, &tnid, &tnid_len);
            pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_tnid, tvb, offset, tnid_len, tnid, "Target Node ID: %u", tnid);
            validate_c4(pinfo, pi, tnid, tnid_len);
            offset += tnid_len;
        }

        if (ccm_flags & 0x02)
        {
            int nnid_len;
            proto_item *pi;
            read_c4(tvb, offset, &nnid, &nnid_len);
            pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nnid, tvb, offset, nnid_len, nnid, "Next Node ID: %u", nnid);
            validate_c4(pinfo, pi, nnid, nnid_len);
            offset += nnid_len;
        }

        proto_item_set_len(header, offset - secmode_api_data->security_mode_offset);

        if (dof_packet->decrypted_buffer_error)
        {
            col_set_str(pinfo->cinfo, COL_INFO, dof_packet->decrypted_buffer_error);
            expert_add_info(pinfo, tree, &ei_decode_failure);
            return offset - secmode_api_data->security_mode_offset;
        }

        /* We have reached the encryption boundary. At this point the rest of the packet
        * is encrypted, and we may or may not be able to decrypt it.
        *
        * If we can decrypt it (which for now means that it uses a Session Key of [0]
        * the we switch to decoding the decrypted PDU. Otherwise we create an entry
        * for the encrypted bytes and move on...
        */

        {
            unsigned a_len = offset;
            const uint8_t *epp_buf = tvb_get_ptr(tvb, 0, offset);
            unsigned e_len = tvb_captured_length_remaining(tvb, offset);
            uint8_t *buf = (uint8_t *)tvb_memdup(pinfo->pool, tvb, offset, e_len);
            tvbuff_t *app;

            /* The default nonce is a function of whether or not this is the server
            * or the client and the packet count. The packet count either comes from
            * the PDU or is a function of the previous value (of the sending node).
            */
            uint8_t nonce[11];

            nonce[0] = (pdata->nid) >> 24;
            nonce[1] = (pdata->nid) >> 16;
            nonce[2] = (pdata->nid) >> 8;
            nonce[3] = (uint8_t)(pdata->nid);
            nonce[4] = slot >> 8;
            nonce[5] = (uint8_t)slot;
            nonce[7] = (pdata->dn) >> 24;
            nonce[8] = (pdata->dn) >> 16;
            nonce[9] = (pdata->dn) >> 8;
            nonce[10] = (uint8_t)(pdata->dn);

            /* Now the hard part. We need to determine the current packet number.
            * This is a function of the sending node, the previous state and the
            * current PDU.
            */

            app = NULL;

            proto_item_set_end(tree, tvb, offset);
            if (!session->encrypted)
            {
                /* There is still a MAC involved, and even though we don't need a new
                * buffer we need to adjust the length of the existing buffer.
                */
                app = tvb_new_subset_length(tvb, offset, e_len - session->mac_len);
                dof_packet->decrypted_tvb = app;
                dof_packet->decrypted_offset = 0;
            }
            else
            {
                if (dof_packet->decrypted_buffer)
                {
                    /* No need to decrypt, but still need to create buffer. */
                    app = tvb_new_real_data((const uint8_t *)dof_packet->decrypted_buffer, e_len - session->mac_len, e_len - session->mac_len);
                    tvb_set_child_real_data_tvbuff(tvb, app);
                    add_new_data_source(pinfo, app, "Decrypted DOF");
                    dof_packet->decrypted_tvb = app;
                    dof_packet->decrypted_offset = 0;
                }
                else
                {
                    if (decrypt(session, pdata, nonce, epp_buf, a_len, buf, e_len))
                    {
                        /* store decrypted buffer in file scope for reuse in next pass */
                        uint8_t *cache = (uint8_t *)wmem_alloc0(wmem_file_scope(), e_len - session->mac_len);
                        memcpy(cache, buf, e_len - session->mac_len);
                        app = tvb_new_real_data(cache, e_len - session->mac_len, e_len - session->mac_len);
                        tvb_set_child_real_data_tvbuff(tvb, app);
                        add_new_data_source(pinfo, app, "Decrypted DOF");
                        dof_packet->decrypted_buffer = cache;
                        dof_packet->decrypted_offset = 0;
                        dof_packet->decrypted_tvb = app;
                    }
                    else
                    {
                        /* Failure to decrypt or validate the MAC.
                        * The packet is secure, so there is nothing we can do!
                        */
                        dof_packet->decrypted_buffer_error = "[Encrypted packet - decryption failure]";
                    }
                }
            }
        }

        return offset - secmode_api_data->security_mode_offset;
    }
        break;

    case TRAILER:
       /* TODO check this case */
        break;

    }

    return 0;
}

static int dissect_ccm_app(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    int offset = 0;
    uint8_t opcode = 0;
    uint16_t app;
    int app_len;

    proto_item *ti;
    proto_tree *ccm_tree;

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "CCM ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_ccm_app, tvb, offset, -1, ENC_NA);
    ccm_tree = proto_item_add_subtree(ti, ett_ccm);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(ccm_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);

    /* Retrieve the opcode. */
    opcode = tvb_get_uint8(tvb, offset);

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, opcode, ccm_opcode_strings, "Unknown Opcode (%d)"));

    if (tree)
    {
        /* Opcode */
        proto_tree_add_item(ccm_tree, hf_ccm_opcode, tvb, offset, 1, ENC_NA);
#if 0  /* this needs completion */
        offset += 1;

        switch (opcode)
        {
        case CCM_PDU_PROBE:
        {
        }
            break;

        }
#endif
    }

    return 1;
}

#if 0 /* TODO not used yet */
static int dissect_ccm_validate(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet;
    ccm_session_data *session;
    int offset;
    uint8_t ccm_flags;
    uint32_t nid;
    uint16_t slot;
    uint32_t pn;
    uint32_t tnid;

    if (api_data == NULL)
    {
        fprintf(stderr, "api_data is NULL.");
        return 0;
    }

    packet = api_data->packet;
    if (packet == NULL)
    {
        fprintf(stderr, "api_data->packet is NULL.");
        return 0;
    }

    if (!packet->security_session)
    {
        fprintf(stderr, "packet->security_session is NULL");
        return 0;
    }

    if (packet->security_session->security_mode != DOF_PROTOCOL_CCM)
    {
        fprintf(stderr, "packet->security_session->security_mode != DOF_PROTOCOL_CCM");
        return 0;
    }

    session = (ccm_session_data *)packet->security_session->security_mode_key_data;

    /* The buffer we have been passed includes the entire EPP frame. The packet
    * structure gives us the offset to our header.
    */
    offset = 0;

    ccm_flags = tvb_get_uint8(tvb, offset);
    offset += 1;

    /* TODO validate the C2 and C4 fields below? */
    if (ccm_flags & 0x04)
        offset = read_c4(tvb, offset, &nid, NULL);

    if (ccm_flags & 0x02)
        offset = read_c2(tvb, offset, &slot, NULL);

    if (ccm_flags & 0x01)
        offset = read_c4(tvb, offset, &pn, NULL);

    if (ccm_flags & 0x08)
        offset = read_c4(tvb, offset, &tnid, NULL);


    /* We have reached the encryption boundary. At this point the rest of the packet
    * is encrypted, and we may or may not be able to decrypt it.
    *
    * If we can decrypt it (which for now means that it uses a Session Key of [0]
    * the we switch to decoding the decrypted PDU. Otherwise we create an entry
    * for the encrypted bytes and move on...
    */

    {
        unsigned a_len = offset;
        const uint8_t *epp_buf = tvb_get_ptr(tvb, 0, offset);
        unsigned e_len = tvb_captured_length_remaining(tvb, offset);
        uint16_t e_off;
        uint8_t *buf = (uint8_t *)g_malloc(e_len);

        /* The default nonce is a function of whether or not this is the server
        * or the client and the packet count. The packet count either comes from
        * the PDU or is a function of the previous value (of the sending node).
        */
        uint8_t nonce[] = { 0x00, 0x00, 0x00, 0x01,
            0x00, 0x00,
            0x00,
            0x00, 0x00, 0x00, 0x00 };

        nonce[0] = nid >> 24;
        nonce[1] = nid >> 16;
        nonce[2] = nid >> 8;
        nonce[3] = (uint8_t)nid;
        nonce[4] = slot >> 8;
        nonce[5] = (uint8_t)slot;
        nonce[7] = pn >> 24;
        nonce[8] = pn >> 16;
        nonce[9] = pn >> 8;
        nonce[10] = (uint8_t)pn;

        /* Now the hard part. We need to determine the current packet number.
        * This is a function of the sending node, the previous state and the
        * current PDU.
        */
        for (e_off = 0; e_off < e_len; e_off++)
            buf[e_off] = tvb_get_uint8(tvb, offset + e_off);

        /* TODO: This is hardcoded for a 4-byte MAC */

        proto_item_set_end(tree, tvb, offset);
        if (decrypt(session, (ccm_packet_data *)packet->security_packet, nonce, epp_buf, a_len, buf, e_len))
        {
            g_free(buf);
            return 1;
        }
        else
        {
            /* Failure to decrypt or validate the MAC.
            * The packet is secure, so there is nothing we can do!
            */
            g_free(buf);
            return 1;
        }
    }
}
#endif

static int dissect_oap_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    /* We are handed a buffer that starts with our protocol id. Any options follow that. */
    int offset = 0;

    /* We don't care except for the treeview. */
    if (!tree)
        return 0;

    /* Compute the version and flags, masking off other bits. */
    offset += 4; /* Skip the type and protocol. */

    proto_tree_add_item(tree, hf_oap_1_dsp_option, tvb, 0, -1, ENC_NA);
    return offset;
}

static int dissect_oap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;

    int offset = 0;
    uint8_t opcode = 0;
    uint8_t flags = 0;
    uint16_t item_id = 0;
    uint16_t app;
    int app_len;

    oap_1_packet_data *oap_packet = NULL;

    proto_item *ti;
    proto_tree *oap_tree;

    if (api_data == NULL)
    {
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        return 0;
    }


    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "OAPv1 ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_oap_1, tvb, offset, -1, ENC_NA);
    oap_tree = proto_item_add_subtree(ti, ett_oap_1);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(oap_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);

    if ((unsigned)app_len == tvb_captured_length(tvb))
    {
        col_append_str(pinfo->cinfo, COL_INFO, "OAP [nop]");
        expert_add_info(pinfo, oap_tree, &ei_implicit_no_op);

        return app_len;
    }

    oap_packet = (oap_1_packet_data *)dof_packet_get_proto_data(packet_data, proto_oap_1);
    if (!oap_packet)
    {
        oap_packet = wmem_new0(wmem_file_scope(), oap_1_packet_data);
        dof_packet_add_proto_data(packet_data, proto_oap_1, oap_packet);
    }

    /* Compute the version and flags, masking off other bits. */
    opcode = tvb_get_uint8(tvb, offset) & 0x1F;
    if (!packet_data->is_command)
        opcode |= OAP_1_RESPONSE;

    flags = tvb_get_uint8(tvb, offset) & 0xE0;

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, opcode, oap_opcode_strings, "Unknown Opcode (%d)"));


    /* Opcode */
    {
        uint8_t mask = 0x10;
        char str[20];
        uint8_t no_of_bits = 5;
        uint8_t i;
        uint8_t bit = 3;
        (void) g_strlcpy(str, "...", 20);

        /* read the bits for the int */
        for (i = 0; i < no_of_bits; i++)
        {
            if (bit && (!(bit % 4)))
                (void) g_strlcat(str, " ", 20);

            bit++;

            if (opcode & mask)
                (void) g_strlcat(str, "1", 20);
            else
                (void) g_strlcat(str, "0", 20);

            mask = mask >> 1;
        }

        proto_tree_add_uint_format(oap_tree, hf_oap_1_opcode, tvb, offset, 1, opcode & 0x1F, "%s = Opcode: %s (%u)", str, val_to_str(pinfo->pool, opcode, oap_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x1F);
    }


    /* Flags, based on opcode.
    * Each opcode needs to define the flags, however, the fall into major categories...
    */
    switch (opcode)
    {
        /* Both alias and a flag that equals command control. */
    case OAP_1_CMD_ACTIVATE:
    case OAP_1_CMD_CONNECT:
    case OAP_1_CMD_FULL_CONNECT:
    case OAP_1_CMD_GET:
    case OAP_1_CMD_INVOKE:
    case OAP_1_CMD_REGISTER:
    case OAP_1_CMD_SET:
    case OAP_1_CMD_SUBSCRIBE:
    case OAP_1_CMD_WATCH:
        proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
        if (flags & 0x20)
        {
            offset += 1;
            offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, offset);
        }
        else
            offset += 1;

        break;

        /* No alias, but flags for command control. */
    case OAP_1_CMD_ADVERTISE:
        /* TODO: Expert info on top two bits.*/
        proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
        if (flags & 0x20)
        {
            offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, ENC_BIG_ENDIAN);
        }
        else
            offset += 1;

        break;

        /* No alias, but flag for provider. */
    case OAP_1_RSP_GET:
    case OAP_1_RSP_INVOKE:
    case OAP_1_RSP_REGISTER:
    case OAP_1_RSP_SET:
    case OAP_1_RSP_SUBSCRIBE:
        /* TODO: Expert info on top two bits.*/
        proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
        if (flags & 0x20)
        {
            offset += 1;
            offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
                                              offset, hf_oap_1_providerid, ett_oap_1_1_providerid, NULL);
        }
        else
            offset += 1;
        if ((opcode == OAP_1_RSP_GET) || (opcode == OAP_1_RSP_INVOKE))
        {
            proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
            offset += tvb_reported_length_remaining(tvb, offset);
        }

        break;

        /* Alias, but no flags. */
    case OAP_1_CMD_CHANGE:
    case OAP_1_CMD_OPEN:
    case OAP_1_CMD_PROVIDE:
    case OAP_1_CMD_SIGNAL:
        proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA);
        offset += 1;
        break;

        /* Special flags. */
    case OAP_1_RSP_EXCEPTION:
        proto_tree_add_item(oap_tree, hf_oap_1_exception_internal_flag, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(oap_tree, hf_oap_1_exception_final_flag, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(oap_tree, hf_oap_1_exception_provider_flag, tvb, offset, 1, ENC_NA);
        offset += 1;
        break;

        /* No flags. */
    case OAP_1_CMD_DEFINE:
    case OAP_1_RSP_DEFINE:
    case OAP_1_RSP_OPEN:
        /* TODO: Non-zero not allowed.*/
        offset += 1;
        break;

    default:
        /* TODO: Illegal opcode.*/
        return offset;
    }

    /* Parse off arguments based on opcodes. */
    switch (opcode)
    {
    case OAP_1_CMD_SUBSCRIBE:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        /* The item identifier comes first, but it is compressed. */
        {
            int item_id_len;
            proto_item *pi;

            read_c2(tvb, offset, &item_id, &item_id_len);
            pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
            validate_c2(pinfo, pi, item_id, item_id_len);
            offset += item_id_len;
        }

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);

        /* Read the minimum delta. */
        {
            int delta_len;
            uint16_t delta;
            proto_item *pi;

            read_c2(tvb, offset, &delta, &delta_len);
            pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_subscription_delta, tvb, offset, delta_len, delta, "Minimum Delta: %u", delta);
            validate_c2(pinfo, pi, delta, delta_len);
            offset += delta_len;
        }
    }
        break;

    case OAP_1_CMD_REGISTER:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        /* The item identifier comes first, but it is compressed. */
        {
            int item_id_len;
            proto_item *pi;

            read_c2(tvb, offset, &item_id, &item_id_len);
            pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
            validate_c2(pinfo, pi, item_id, item_id_len);
            offset += item_id_len;
        }

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
    }
        break;

    case OAP_1_RSP_REGISTER:
    {
        if (flags & 0x20)
        {
            /* offset = add_oid( tvb, offset, NULL, oap_tree ); */
        }

        /* Sequence is next. */
        proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN);
        offset += 2;
    }
        break;

    case OAP_1_CMD_WATCH:
    case OAP_1_CMD_ACTIVATE:
    case OAP_1_CMD_CONNECT:
    case OAP_1_CMD_FULL_CONNECT:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
    }
        break;

    case OAP_1_CMD_ADVERTISE:
        offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
        break;

    case OAP_1_CMD_GET:
    case OAP_1_CMD_INVOKE:
    case OAP_1_CMD_SET:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        /* The item identifier comes first, but it is compressed. */
        {
            int item_id_len;
            proto_item *pi;

            read_c2(tvb, offset, &item_id, &item_id_len);
            pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
            validate_c2(pinfo, pi, item_id, item_id_len);
            offset += item_id_len;
        }

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);

        if ((opcode == OAP_1_CMD_SET) || (opcode == OAP_1_CMD_INVOKE))
        {
            proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
            offset += tvb_reported_length_remaining(tvb, offset);
        }
    }
        break;

    case OAP_1_CMD_OPEN:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);

        offset = oap_1_tree_add_interface(oap_tree, tvb, offset);

        offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
                                          offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);
    }
        break;

    case OAP_1_CMD_PROVIDE:
    {
        uint8_t alias_length = flags >> 6;
        int alias_offset;
        int iid_offset;
        int oid_offset;

        if (alias_length == 3)
            alias_length = 4;

        alias_offset = offset;
        if (alias_length == 0)
        {
            expert_add_info_format(pinfo, ti, &ei_malformed, "alias_length == 0");
            return offset;
        }
        if (api_data->session == NULL)
        {
            expert_add_info(pinfo, ti, &ei_oap_no_session);
            return offset;
        }
        offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_length, false);

        iid_offset = offset;
        offset = oap_1_tree_add_interface(oap_tree, tvb, offset);

        oid_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
                                          offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);

        if (alias_length && !packet_data->processed)
        {
            uint32_t alias;
            oap_1_binding *binding = wmem_new0(wmem_file_scope(), oap_1_binding);
            int i;

            alias = 0;
            for (i = 0; i < alias_length; i++)
                alias = (alias << 8) | tvb_get_uint8(tvb, alias_offset + i);

            binding->iid_length = oid_offset - iid_offset;
            binding->iid = (uint8_t *)wmem_alloc0(wmem_file_scope(), binding->iid_length);
            tvb_memcpy(tvb, binding->iid, iid_offset, binding->iid_length);

            binding->oid_length = offset - oid_offset;
            binding->oid = (uint8_t *)wmem_alloc0(wmem_file_scope(), binding->oid_length);
            tvb_memcpy(tvb, binding->oid, oid_offset, binding->oid_length);

            binding->frame = pinfo->fd->num;
            oap_1_define_alias(api_data, alias, binding);
        }
    }
        break;

    case OAP_1_CMD_CHANGE:
    case OAP_1_CMD_SIGNAL:
    {
        uint8_t alias_len = (flags & 0xC0) >> 6;
        if (alias_len == 3)
            alias_len = 4;

        /* The item identifier comes first, but it is compressed. */
        {
            int item_id_len;
            proto_item *pi;

            read_c2(tvb, offset, &item_id, &item_id_len);
            pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
            validate_c2(pinfo, pi, item_id, item_id_len);
            offset += item_id_len;
        }

        if (alias_len > 0)
        {
            if (api_data->session == NULL)
            {
                expert_add_info(pinfo, ti, &ei_oap_no_session);
                return offset;
            }
            offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
        }
        else
            offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);

        /* Sequence is next. */
        proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN);
        offset += 2;

        proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
        offset += tvb_reported_length_remaining(tvb, offset);
    }
        break;

    case OAP_1_RSP_EXCEPTION:
    {
        if (flags & 0x20)
        {
            /* offset = add_oid( tvb, offset, NULL, oap_tree );*/
        }

        /* The response code, compressed. */
        {
            int rsp_len;
            uint16_t rsp;

            /* TODO: Validate*/
            read_c2(tvb, offset, &rsp, &rsp_len);
            /* TODO: Add to tree with error codes. */
            offset += rsp_len;
        }
        proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
        offset += tvb_reported_length_remaining(tvb, offset);
    }
        break;

    default:
        /* TODO: Bad opcode!*/
        break;
    }

    return offset;
}

static int dissect_sgmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;
    unsigned offset = 0;
    uint8_t opcode;
    uint16_t app;
    int app_len;
    proto_item *ti;
    proto_tree *sgmp_tree;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "SGMPv1 ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_sgmp, tvb, offset, -1, ENC_NA);
    sgmp_tree = proto_item_add_subtree(ti, ett_sgmp);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(sgmp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);

    if (offset == tvb_captured_length(tvb))
    {
        col_append_str(pinfo->cinfo, COL_INFO, "SGMP [nop]");
        expert_add_info(pinfo, sgmp_tree, &ei_implicit_no_op);

        return offset;
    }


    /* Retrieve the opcode. */
    opcode = tvb_get_uint8(tvb, offset);
    if (!packet_data->is_command)
        opcode |= SGMP_RESPONSE;

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, opcode, sgmp_opcode_strings, "Unknown Opcode (%d)"));

    /* Opcode */
    proto_tree_add_item(sgmp_tree, hf_opcode, tvb, offset, 1, ENC_NA);
    offset += 1;

    switch (opcode)
    {
    case SGMP_CMD_EPOCH_CHANGED:
    {
        /* TMIN - 2 bytes */
        {
            proto_tree_add_item(sgmp_tree, hf_sgmp_tmin, tvb, offset, 2, ENC_BIG_ENDIAN);
            offset += 2;
        }

        /* EPOCH - 2 bytes */
        {
            proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
            offset += 2;
        }
    }
        break;

    case SGMP_CMD_HEARTBEAT:
    {
        int start_offset;

        /* Latest SGMP Version - Type.1 */
        {
            uint16_t version;
            int length;
            proto_item *pi;

            start_offset = offset;
            offset = read_c2(tvb, offset, &version, &length);
            pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
            validate_c2(pinfo, pi, version, length);
        }

        /* Desire - 1 byte */
        {
            proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA);
            offset += 1;
        }

        /* Tie Breaker - 4 bytes */
        {
            proto_tree_add_item(sgmp_tree, hf_tie_breaker, tvb, offset, 4, ENC_BIG_ENDIAN);
            offset += 4;
        }
    }
        break;

    case SGMP_CMD_REKEY:
    case SGMP_CMD_REKEY_EPOCH:
    case SGMP_CMD_REKEY_MERGE:
    {
#if 0 /*TODO check this */
        int start_offset;
        tvbuff_t *initial_state;
#endif
        uint8_t key[32];

        /* Delay - one byte */
        if (opcode != SGMP_CMD_REKEY_MERGE)
        {
            proto_tree_add_item(sgmp_tree, hf_delay, tvb, offset, 1, ENC_NA);
            offset += 1;
        }

        /* Initial State - Security.9 (not REKEY_MERGE) */
        {
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree,
                                              offset, hf_initial_state, ett_initial_state, NULL);
#if 0 /*TODO check this */
            initial_state = tvb_new_subset_length(tvb, start_offset, offset - start_offset);
#endif
        }

        /* Epoch - 2 bytes (only REKEY_EPOCH) */
        if (opcode == SGMP_CMD_REKEY_EPOCH)
        {
            proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
            offset += 2;
        }

        /* Kgm - 32 bytes */
        {
            proto_tree_add_item(sgmp_tree, hf_key, tvb, offset, 32, ENC_NA);
            tvb_memcpy(tvb, key, offset, 32);
            offset += 32;
        }

        /* Handle the initialization block. */
        if (!packet_data->processed && api_data->session)
        {
            /*dof_session_data* session = (dof_session_data*)api_data->session;*/

            /* Look up the field-dissector table, and determine if it is registered. */
            dissector_table_t field_dissector = find_dissector_table("dof.secmode");
            if (field_dissector != NULL)
            {
#if 0
                dissector_handle_t field_handle = dissector_get_port_handle(field_dissector, packet_data->security_mode);
                if (field_handle != NULL)
                {
                    void *saved_private = pinfo->private_data;
                    dof_secmode_api_data setup_data;
                    int block_length;

                    setup_data.version = DOF_API_VERSION;
                    setup_data.context = INITIALIZE;
                    setup_data.dof_api = api_data;
                    setup_data.secure_session = rekey_data->security_session;
                    /* TODO FIX THIS setup_data.session_key = session_key; */
                    pinfo->private_data = &setup_data;
                    block_length = call_dissector_only(field_handle, NULL, pinfo, NULL);
                    pinfo->private_data = saved_private;
                }
#endif
            }
        }
    }
        break;

    case SGMP_CMD_REQUEST_GROUP:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;
        unsigned I_offset = offset;
        sgmp_packet_data *sgmp_data = NULL;
        uint16_t epoch;

        /* START OF I BLOCK */
        /* Domain - Security.7 */
        {
            start_offset = offset;
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, sgmp_tree,
                                              offset, hf_sgmp_domain, ett_sgmp_domain, NULL);
            if (!packet_data->processed)
            {
                domain_length = offset - start_offset;
                domain_buf = (uint8_t *)wmem_alloc0(pinfo->pool, domain_length);
                tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
            }
        }

        /* Epoch - 2 bytes */
        {
            epoch = tvb_get_ntohs(tvb, offset);
            proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
            offset += 2;
        }

        /* Initiator Block - SGMP.6.3 */
        {
            /* SGMP Key Request - Security.4 */
            {
                dof_2008_16_security_4 response;
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, sgmp_tree,
                                                  offset, hf_initiator_block, ett_initiator_block, &response);
                if (!packet_data->processed)
                {
                    tvbuff_t *identity = response.identity;
                    uint8_t identity_length = tvb_reported_length(identity);
                    uint8_t *identity_buf = (uint8_t *)wmem_alloc0(wmem_file_scope(), identity_length);

                    /* Get the buffer. */
                    tvb_memcpy(identity, identity_buf, 0, identity_length);

                    {
                        sgmp_data = wmem_new0(wmem_file_scope(), sgmp_packet_data);
                        dof_packet_add_proto_data(packet_data, proto_sgmp, sgmp_data);

                        sgmp_data->domain_length = domain_length;
                        sgmp_data->domain = (uint8_t *)wmem_alloc0(wmem_file_scope(), domain_length);
                        memcpy(sgmp_data->domain, domain_buf, domain_length);

                        sgmp_data->group_length = identity_length;
                        sgmp_data->group = (uint8_t *)wmem_alloc0(wmem_file_scope(), identity_length);
                        memcpy(sgmp_data->group, identity_buf, identity_length);

                        sgmp_data->epoch = epoch;
                        sgmp_data->request_session = api_data->session;
                    }
                }
            }
        }

        /* Security Scope - Security.10 */
        {
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, sgmp_tree,
                                              offset, hf_sgmp_security_scope, ett_sgmp_security_scope, NULL);
        }

        /* END OF I BLOCK */
        if (sgmp_data && !sgmp_data->I)
        {
            sgmp_data->I_length = offset - I_offset;
            sgmp_data->I = (uint8_t *)wmem_alloc0(wmem_file_scope(), sgmp_data->I_length);
            tvb_memcpy(tvb, sgmp_data->I, I_offset, sgmp_data->I_length);
        }
    }
        break;

    case SGMP_RSP_REQUEST_GROUP:
    {
        int start_offset;
#if 0 /*TODO check this */
        unsigned A_offset;
        tvbuff_t *initial_state;
        unsigned A_end;
#endif

        /* START OF A BLOCK */
        /* Initial State - SGMP.6.2.1 */
        {
         /*   A_offset = offset;*/

            /* Initial State - Security.9 */
            {
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree,
                                                  offset, hf_initial_state, ett_initial_state, NULL);
#if 0 /*TODO check this */
                initial_state = tvb_new_subset_length(tvb, start_offset, offset - start_offset);
#endif
            }

            /* Latest SGMP Version - Type.1 */
            {
                uint16_t version;
                int length;
                proto_item *pi;

                start_offset = offset;
                offset = read_c2(tvb, offset, &version, &length);
                pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
                validate_c2(pinfo, pi, version, length);
            }

            /* Desire - 1 byte */
            {
                proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA);
                offset += 1;
            }
        }

        /* END OF A BLOCK */
        /* A block data handled in first part of the next block. */
#if 0 /*TODO check this */
        A_end = offset;
#endif

        /* Ticket - Security.5 */
        {
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, sgmp_tree,
                                              offset, hf_ticket, ett_ticket, NULL);
        }

        /* Try to match up the information learned here with any groups that exist.
        * Note that we do not know the SSID, and so we can only match based on the
        * domain and group identifier. We will learn the SSID based on a successful
        * match to a secure session.
        */
        if (packet_data->opid_first && !api_data->secure_session)
        {
#if 0
            sgmp_packet_data* cmd_data = (sgmp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_sgmp);
            extern struct BlockCipher BlockCipher_AES_256;
            struct BlockCipher* cipher = &BlockCipher_AES_256;
            uint8_t* ekey = (uint8_t*)ep_alloc(cipher->keyStateSize);

            if (cmd_data && !cmd_data->A)
            {
                cmd_data->A_length = A_end - A_offset;
                cmd_data->A = (uint8_t*)wmem_alloc0(wmem_file_scope(), cmd_data->A_length);
                tvb_memcpy(tvb, cmd_data->A, A_offset, cmd_data->A_length);
            }

            /* Search through the appropriate keks to find a match. */
            {
                dof_learned_group_data* group = globals.learned_group_data;
                struct list;
                struct list
                { dof_learned_group_data *group;
                    struct list *next; };
                struct list *to_try = NULL;
                uint8_t confirmation[32];
                uint8_t* discovered_kek = NULL;
                dof_learned_group_auth_data *auth = NULL;

                tvb_memcpy(tvb, confirmation, start_offset, 32);

                while (group)
                {
                    if ((cmd_data->domain_length == group->domain_length) &&
                        (memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) &&
                        (cmd_data->group_length == group->group_length) &&
                        (memcmp(cmd_data->group, group->group, group->group_length) == 0))
                    {
                        struct list *n = (struct list *) ep_alloc0(sizeof(struct list));
                        n->group = group;
                        n->next = to_try;
                        to_try = n;
                    }

                    group = group->next;
                }

                /* At this point we may be able to learn the session key. */
                while (to_try && !discovered_kek)
                {
                    group = to_try->group;

                    auth = group->keys;

                    while (auth && !discovered_kek)
                    {
                        uint8_t mac[32];
                        uint8_t key[32];
                        int j;

                        /* It only makes sense to check matching epochs. */
                        if (auth->epoch == cmd_data->epoch)
                        {
                            tvb_memcpy(tvb, mac, start_offset, 32);
                            tvb_memcpy(tvb, key, start_offset + 32, 32);

                            if (cipher != NULL)
                            {
                                cipher->GenerateKeyState(ekey, auth->kek);
                                cipher->Encrypt(ekey, mac);
                                cipher->Encrypt(ekey, mac + 16);
                            }

                            for (j = 0; j < 32; j++)
                            key[j] ^= mac[j];

                            if (sgmp_validate_session_key(cmd_data, confirmation, auth->kek, key))
                            {
                                discovered_kek = (uint8_t*)se_alloc0(32);
                                memcpy(discovered_kek, key, 32);
                                break;
                            }
                        }

                        auth = auth->next;
                    }

                    to_try = to_try->next;
                }

                /* Determine if there is already a secure session for this information. If there is, then
                * EPP will find it to decode any packets. If there is not, then we must create a secure
                * session and initialize it so that future packets can be decoded.
                * NOTE: None of the actual decoding is done here, because this packet is not encrypted
                * in the session that it defines.
                * NOTE: SGMP secure sessions are always attached to the DPS session, which is always
                * associated with the transport session (server address).
                */
                if (discovered_kek)
                {
                    dissector_table_t field_dissector;
                    dissector_handle_t field_handle;
                    dof_session_key_exchange_data *key_exchange = NULL;

                    dof_secure_session_data *dof_secure_session = cmd_data->request_session->secure_sessions;
                    while (dof_secure_session)
                    {
                        if ((dof_secure_session->ssid == group->ssid) &&
                            (dof_secure_session->domain_length == group->domain_length) &&
                            (memcmp(dof_secure_session->domain, group->domain, group->domain_length) == 0))
                        break;

                        dof_secure_session = dof_secure_session->next;
                    }

                    if (!dof_secure_session)
                    {
                        dof_session_data *dof_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_data));
                        dof_session->session_id = globals.next_session++;
                        dof_session->dof_id = api_data->session->dof_id;

                        dof_secure_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_secure_session_data));
                        dof_secure_session->ssid = group->ssid;
                        dof_secure_session->domain_length = group->domain_length;
                        dof_secure_session->domain = group->domain;
                        dof_secure_session->original_session_id = cmd_data->request_session->session_id;
                        dof_secure_session->parent = dof_session;
                        dof_secure_session->is_2_node = false;
                        dof_secure_session->next = cmd_data->request_session->secure_sessions;
                        cmd_data->request_session->secure_sessions = dof_secure_session;
                    }

                    /* This packet represents a new key exchange, and so a new key exchange data
                    * structure needs to be created.
                    */
                    {
                        key_exchange = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_key_exchange_data));
                        if (!key_exchange)
                        return offset;

                        key_exchange->i_valid = packet_data->opid_first->dof_frame;
                        key_exchange->r_valid = packet_data->dof_frame;
                        key_exchange->security_mode = auth->security_mode;
                        key_exchange->security_mode_data = auth->mode;
                        key_exchange->security_mode_data_length = auth->mode_length;
                        key_exchange->session_key = discovered_kek;

                        /* Insert the new key information at the front of the list. */
                        if (!dof_secure_session->session_security_data_last)
                        dof_secure_session->session_security_data = key_exchange;
                        else
                        dof_secure_session->session_security_data_last->next = key_exchange;

                        dof_secure_session->session_security_data_last = key_exchange;
                    }

                    /* Look up the field-dissector table, and determine if it is registered. */
                    field_dissector = find_dissector_table("dps.secmode");
                    if (field_dissector != NULL)
                    {
                        field_handle = dissector_get_uint_handle(field_dissector, auth->security_mode);
                        if (field_handle != NULL)
                        {
                            dof_secmode_api_data setup_data;
                            int block_length;
                            tvbuff_t *ntvb = tvb_new_subset_remaining(tvb, A_offset);

                            setup_data.context = INITIALIZE;
                            setup_data.security_mode_offset = 0;
                            setup_data.dof_api = api_data;
                            setup_data.secure_session = dof_secure_session;
                            setup_data.session_key_data = key_exchange;
                            block_length = call_dissector_only(field_handle, ntvb, pinfo, tree, &setup_data);
                        }
                    }
                }
            }
#endif
        }
    }
        break;

    default:
        break;
    }

    return offset;
}

static bool validate_session_key(tep_rekey_data *rekey, unsigned S_length, uint8_t *S, uint8_t *confirmation, uint8_t *key)
{
    uint8_t pad[16];
    gcry_mac_hd_t hmac;
    gcry_error_t result;

    memset(pad, 0, sizeof(pad));
    result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL);
    if (result != 0)
        return false;

    gcry_mac_setkey(hmac, key, 32);
    gcry_mac_write(hmac, pad, 16 - rekey->i_nonce_length);
    gcry_mac_write(hmac, rekey->i_nonce, rekey->i_nonce_length);
    gcry_mac_write(hmac, pad, 16 - rekey->r_nonce_length);
    gcry_mac_write(hmac, rekey->r_nonce, rekey->r_nonce_length);
    gcry_mac_write(hmac, S, S_length);
    gcry_mac_write(hmac, rekey->r_identity, rekey->r_identity_length);
    result = gcry_mac_verify(hmac, confirmation, 32);
    return result == 0;
}

static int dissect_tep_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    /* We are handed a buffer that starts with our protocol id. Any options follow that. */
    int offset = 0;

    /* We don't care except for the treeview. */
    if (!tree)
        return 0;

    /* Compute the version and flags, masking off other bits. */
    offset += 4; /* Skip the type and protocol. */

    proto_tree_add_item(tree, hf_dsp_option, tvb, 0, -1, ENC_NA);
    return offset;
}

static int dissect_2008_4_tep_2_2_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, uint32_t *ssid, void *data)
{
    int offset = 0;
    proto_item *ti;
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* State Identifier - Only if Unsecured */
    if (packet_data->decrypted_buffer == NULL)
    {
        proto_item *pi;
        int ssid_len;
        int start = offset;
        offset = read_c4(tvb, offset, ssid, &ssid_len);
        pi = proto_tree_add_uint(tree, hf_tep_2_2_1_state_identifier, tvb, start, offset - start, *ssid);
        validate_c4(pinfo, pi, *ssid, ssid_len);
    }

    /* Initial State */
    {
        int block_length;
        tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
        ti = proto_tree_add_item(tree, hf_tep_2_2_1_initial_state, tvb, offset, 0, ENC_NA);
        ti = proto_item_add_subtree(ti, ett_tep_2_2_1_initial_state);
        block_length = dof_dissect_pdu(dissect_2008_16_security_9, start, pinfo, ti, NULL);
        proto_item_set_len(ti, block_length);
        offset += block_length;
    }

    return offset;
}

/**
 * This is the main entry point for the CCM dissector.
 * TEP operations create security periods.
 * They can also create sessions when used with "None" sessions.
 * In any case, these PDUs need to pass information between
 * them.
 * They also must maintain state for each rekey request, some of
 * which modify the session key, some of which create new
 * sessions, and others that determine new session information
 * like permission sets.
 *
 * In order to store information appropriately, the following structures are
 * used:
 *   1. api_data (dof_api_data*) source for all other state.
 *   2. packet (dof_packet_data*) dps packet information.
 *   3. rekey_data (tep_rekey_data*) tep information for rekey/accept/confirm.
 */
static int dissect_tep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet;
    tep_rekey_data *rekey_data;

    unsigned offset = 0;
    uint8_t operation;
    uint16_t app;
    int app_len;
    proto_item *ti;
    proto_tree *tep_tree, *operation_tree;

    if (api_data == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    packet = api_data->packet;
    if (packet == NULL)
    {
        /* TODO: Output error. */
        return 0;
    }

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "TEPv1 ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_tep, tvb, offset, -1, ENC_NA);
    tep_tree = proto_item_add_subtree(ti, ett_tep);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(tep_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo,ti, app, app_len);

    /* Check for empty packet. */
    if (offset == tvb_captured_length(tvb))
    {
        col_append_str(pinfo->cinfo, COL_INFO, "TEP [nop]");
        expert_add_info(pinfo, tep_tree, &ei_implicit_no_op);

        return offset;
    }

    /* Retrieve the opcode. */
    operation = tvb_get_uint8(tvb, offset);
    if (!packet->is_command)
        operation |= TEP_OPCODE_RSP;

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, operation, tep_opcode_strings, "Unknown Opcode (%d)"));

    ti = proto_tree_add_uint_format(tep_tree, hf_tep_operation, tvb, offset, 1, operation, "Operation: %s (%u)", val_to_str(pinfo->pool, operation, tep_opcode_strings, "Unknown Opcode (%d)"), operation);

    operation_tree = proto_item_add_subtree(ti, ett_tep_operation);
    ti = proto_tree_add_boolean(operation_tree, hf_tep_operation_type, tvb, offset, 0, operation);
    proto_item_set_generated(ti);

    /* The flags are reserved except for OPCODE=1 & COMMAND */
    if ((operation & 0x8F) == 0x01)
    {
        proto_tree_add_item(operation_tree, hf_tep_c, tvb, offset, 1, ENC_NA);
        proto_tree_add_item(operation_tree, hf_tep_k, tvb, offset, 1, ENC_NA);
    }

    proto_tree_add_item(operation_tree, hf_tep_opcode, tvb, offset, 1, ENC_NA);
    offset += 1;

    switch (operation)
    {
    case TEP_PDU_REQUEST_KEY:
        /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */

        /* Remember the current request. */
        rekey_data = (tep_rekey_data *)packet->opid_data;
        if (!rekey_data)
        {
            packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data);
        }

        rekey_data->key_data = wmem_new0(wmem_file_scope(), dof_session_key_exchange_data);
        rekey_data->is_rekey = true;

        /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */
        if (packet->decrypted_buffer == NULL)
        {
            int start_offset = offset;

            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, tep_tree,
                                              offset, hf_tep_2_1_domain, ett_tep_2_1_domain, NULL);

            if (!rekey_data->domain)
            {
                rekey_data->domain_length = offset - start_offset;
                rekey_data->domain = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->domain_length);

                /* Get the buffer. */
                tvb_memcpy(tvb, rekey_data->domain, start_offset, rekey_data->domain_length);
            }
        }
        else
        {
            /* The domain is not present, but this is a secure packet and so the domain can be obtained
            * through the session.
            */
            if (!rekey_data->domain)
            {
                rekey_data->domain_length = api_data->secure_session->domain_length;
                rekey_data->domain = api_data->secure_session->domain;
            }
        }

        /* FALL THROUGH */

    case TEP_PDU_REQUEST:

        /* Remember the current request. */
        rekey_data = (tep_rekey_data *)packet->opid_data;
        if (!rekey_data)
        {
            if (api_data->secure_session == NULL)
            {
                /* TODO: Output error. */
                return 0;
            }
            packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data);
            rekey_data->domain_length = api_data->secure_session->domain_length;
            rekey_data->domain = api_data->secure_session->domain;
        }

        /* The C bit must be clear, so there is an Initiator Block. */
        {
            dof_2008_16_security_6_1 response;
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, tep_tree,
                                              offset, hf_tep_2_1_initiator_block, ett_tep_2_1_initiator_block, &response);
            if (!packet->processed)
            {
                tvbuff_t *inonce = response.i_nonce;
                tvbuff_t *iidentity = response.i_identity;

                rekey_data->i_nonce_length = tvb_reported_length(inonce);
                rekey_data->i_nonce = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->i_nonce_length);
                tvb_memcpy(inonce, rekey_data->i_nonce, 0, rekey_data->i_nonce_length);

                rekey_data->i_identity_length = tvb_reported_length(iidentity);
                rekey_data->i_identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->i_identity_length);
                tvb_memcpy(iidentity, rekey_data->i_identity, 0, rekey_data->i_identity_length);

                rekey_data->security_mode = response.security_mode;
                rekey_data->security_mode_data_length = response.security_mode_data_length;
                rekey_data->security_mode_data = response.security_mode_data;
            }
        }
        break;

    case TEP_PDU_ACCEPT:
    {
        uint32_t ssid = 0;
        uint8_t *S = NULL;
        uint8_t S_length = 0;
        uint8_t confirmation[32];
        typedef struct identity_key
        {
            uint8_t *session_key;
            struct identity_key *next;
        } identity_key;
        identity_key *identity_key_list = NULL;
        dof_secure_session_data *dof_secure_session = NULL;

        if (!packet->opid_first)
        {
            /* TODO: Print error */
            return 0;
        }

        rekey_data = (tep_rekey_data *)packet->opid_first->opid_data;
        if (!rekey_data)
            return tvb_captured_length(tvb);

        /* Initiator Ticket */
        {
            int start_offset;
            uint8_t ticket[64];

            start_offset = offset;
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, tep_tree,
                                              offset, hf_tep_2_2_initiator_ticket, ett_tep_2_2_initiator_ticket, NULL);

            if (!packet->processed && rekey_data)
            {
                int i;

                /* Produce a (possibly empty) list of potential keys based on our
                * initiator secrets based on identity. These will be validated
                * later on.
                */
                for (i = 0; i < globals.global_security->identity_data_count; i++)
                {
                    dof_identity_data *identity = globals.global_security->identity_data + i;
                    gcry_cipher_hd_t rijndael_handle;
                    int j;

                    if (identity->domain_length != rekey_data->domain_length)
                        continue;
                    if (memcmp(identity->domain, rekey_data->domain, identity->domain_length) != 0)
                        continue;
                    if (identity->identity_length != rekey_data->i_identity_length)
                        continue;
                    if (memcmp(identity->identity, rekey_data->i_identity, identity->identity_length) != 0)
                        continue;

                    tvb_memcpy(tvb, ticket, start_offset, 64);

                    if (!gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
                        if (!gcry_cipher_setkey(rijndael_handle, identity->secret, 32)) {
                            gcry_cipher_encrypt(rijndael_handle, ticket, 16, NULL, 0);
                            gcry_cipher_encrypt(rijndael_handle, ticket + 16, 16, NULL, 0);
                        }
                        gcry_cipher_close(rijndael_handle);
                    }

                    for (j = 0; j < 32; j++)
                        ticket[j + 32] = ticket[j + 32] ^ ticket[j];

                    /* Add the key to the list - ep memory. */
                    {
                        identity_key *key = (identity_key *)wmem_alloc0(wmem_file_scope(), sizeof(*key));
                        key->session_key = (uint8_t *)wmem_alloc0(wmem_file_scope(), 32);
                        memcpy(key->session_key, ticket + 32, 32);
                        key->next = identity_key_list;
                        identity_key_list = key;
                    }
                }
            }
        }

        /* Ticket Confirmation */
        {
            if (!packet->processed)
                tvb_memcpy(tvb, confirmation, offset, sizeof(confirmation));
            proto_tree_add_item(tep_tree, hf_tep_2_2_ticket_confirmation, tvb, offset, 32, ENC_NA);
            offset += 32;
        }

        /* Add a field to show the session key that has been learned. */
        if (rekey_data->key_data && rekey_data->key_data->session_key && tep_tree)
        {
            ti = proto_tree_add_bytes_with_length(tree, hf_tep_session_key, tvb, 0, 0, rekey_data->key_data->session_key, 32);
            proto_item_set_generated(ti);
        }

        /* Responder Initialization - present based on whether the command was a rekey */
        {

            if (rekey_data && rekey_data->is_rekey)
            {
                int block_length;
                tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
                ti = proto_tree_add_item(tep_tree, hf_tep_2_2_responder_initialization, tvb, offset, 0, ENC_NA);
                ti = proto_item_add_subtree(ti, ett_tep_2_2_responder_initialization);
                block_length = dissect_2008_4_tep_2_2_1(start, pinfo, ti, &ssid, data);
                proto_item_set_len(ti, block_length);
                offset += block_length;

                if (!packet->processed)
                {
                    S_length = block_length;
                    S = (uint8_t *)wmem_alloc0(wmem_file_scope(), S_length);
                    tvb_memcpy(start, S, 0, S_length);
                }

                /* TEP can create new sessions when not used inside an existing secure
                * session. Each session can use an SSID, present in TEP.2.2.1.
                * Note that in this case there may be no existing session, and so
                * we need to "backpedal" and create one.
                */
                if (packet->decrypted_buffer == NULL && !packet->processed)
                {
#if 0
                    if (api_data->session)
                    tep_session = (tep_session_data*)dof_session_get_proto_data((dof_session_data*)api_data->session, proto_tep);
                    if (!tep_session && api_data->session)
                    {
                        tep_session = (tep_session_data*)se_alloc0(sizeof(*tep_session));
                        dof_session_add_proto_data((dof_session_data*)api_data->session, proto_tep, tep_session);
                    }

                    tep_session->pending_rekey = cmd;
                    tep_session->pending_confirm = packet;
#endif
                }
            }
        }

        /* Responder Block */
        {
            dof_2008_16_security_6_2 response;
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, tep_tree,
                                              offset, hf_tep_2_2_responder_block, ett_tep_2_2_responder_block, &response);
            if (!packet->processed)
            {
                tvbuff_t *rnonce = response.r_nonce;
                tvbuff_t *ridentity = response.r_identity;

                rekey_data->r_nonce_length = tvb_reported_length(rnonce);
                rekey_data->r_nonce = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->r_nonce_length);
                tvb_memcpy(rnonce, rekey_data->r_nonce, 0, rekey_data->r_nonce_length);

                rekey_data->r_identity_length = tvb_reported_length(ridentity);
                rekey_data->r_identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->r_identity_length);
                tvb_memcpy(ridentity, rekey_data->r_identity, 0, rekey_data->r_identity_length);
            }
        }

        /* Authentication Initialization */
        {
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, tep_tree,
                                              offset, hf_tep_2_2_authenticator_initialization, ett_tep_2_2_authenticator_initialization, NULL);
        }


        /* The request was accepted, and so a new secure session exists. We define the session,
        * add it to the list of secure sessions for the unsecure session, and EPP will do the
        * rest.
        */
        if (packet->decrypted_buffer == NULL)
        {
            /* This triggers the creation of the corresponding secure DPS session if it is not already
            * created. This allows information to be stored in that session even though no packets
            * have used it yet. There is a problem, however, because at this point we do not know
            * the SSID that (may) be associated with this session.
            */
            {
                dof_session_data *dof_session = api_data->session;

                dof_secure_session = dof_session->secure_sessions;
                while (dof_secure_session != NULL)
                {
                    /* Determine matching session. The session list already is scoped by transport and DPS
                    * session, so the only thing remaining is the domain and secure session ID.
                    */
                    if ((dof_secure_session->ssid == ssid) &&
                        (dof_secure_session->domain_length == rekey_data->domain_length) &&
                        (memcmp(dof_secure_session->domain, rekey_data->domain, rekey_data->domain_length) == 0))
                        break;

                    dof_secure_session = dof_secure_session->next;
                }

                if (!dof_secure_session)
                {
                    dof_session = wmem_new0(wmem_file_scope(), dof_session_data);
                    dof_session->session_id = globals.next_session++;
                    dof_session->dof_id = api_data->session->dof_id;

                    dof_secure_session = wmem_new0(wmem_file_scope(), dof_secure_session_data);
                    dof_secure_session->ssid = ssid;
                    dof_secure_session->domain_length = rekey_data->domain_length;
                    dof_secure_session->domain = rekey_data->domain;
                    dof_secure_session->original_session_id = api_data->session->session_id;
                    dof_secure_session->parent = dof_session;
                    dof_secure_session->is_2_node = true;
                    dof_secure_session->next = api_data->session->secure_sessions;
                    api_data->session->secure_sessions = dof_secure_session;

                    if (!dof_secure_session->session_security_data_last)
                        dof_secure_session->session_security_data = rekey_data->key_data;
                    else
                        dof_secure_session->session_security_data_last->next = rekey_data->key_data;

                    dof_secure_session->session_security_data_last = rekey_data->key_data;
                }
            }
        }

        /* This PDU indicates the beginning of security for the responder. The next PDU
        * sent will be encrypted with these settings. This means that we must determine
        * the security settings and set them in the session.
        */
        if (!packet->processed && rekey_data->is_rekey)
        {
            int i;
            uint8_t *session_key = NULL;

            /* We have everything that we need. Determine the session secret if we can. */

            /* Check any keys determined above by initiator identity. */
            while (session_key == NULL && identity_key_list)
            {
                if (validate_session_key(rekey_data, S_length, S, confirmation, identity_key_list->session_key))
                {
                    session_key = (uint8_t *)wmem_alloc0(wmem_file_scope(), 32);
                    memcpy(session_key, identity_key_list->session_key, 32);
                }

                identity_key_list = identity_key_list->next;
            }

            /* For each key in the global configuration, see if we can validate the confirmation. */
            for (i = 0; session_key == NULL && i < globals.global_security->session_key_count; i++)
            {
                if (validate_session_key(rekey_data, S_length, S, confirmation, globals.global_security->session_key[i].session_key))
                    session_key = globals.global_security->session_key[i].session_key;
            }


            /* Whether or not this can be decrypted, the security mode information
            * should be kept with the session.
            */
            {
                rekey_data->key_data->r_valid = packet->dof_frame;
                rekey_data->key_data->i_valid = UINT32_MAX;
                rekey_data->key_data->session_key = session_key;
                rekey_data->key_data->security_mode = rekey_data->security_mode;
                rekey_data->key_data->security_mode_data_length = rekey_data->security_mode_data_length;
                rekey_data->key_data->security_mode_data = rekey_data->security_mode_data;

                if (session_key && dof_secure_session)
                {
                    /* Look up the field-dissector table, and determine if it is registered. */
                    dissector_table_t field_dissector = find_dissector_table("dof.secmode");
                    if (field_dissector != NULL)
                    {
                        dissector_handle_t field_handle = dissector_get_uint_handle(field_dissector, rekey_data->key_data->security_mode);
                        if (field_handle != NULL)
                        {
                            dof_secmode_api_data setup_data;

                            setup_data.context = INITIALIZE;
                            setup_data.security_mode_offset = 0;
                            setup_data.dof_api = api_data;
                            setup_data.secure_session = dof_secure_session;
                            setup_data.session_key_data = rekey_data->key_data;

                            call_dissector_only(field_handle, NULL, pinfo, NULL, &setup_data);
                        }
                    }
                }
            }
        }
    }
        break;

    case TEP_PDU_CONFIRM:
    {
        /* C is set, K is clear. */
        /* Ticket Confirmation */
        proto_tree_add_item(tep_tree, hf_tep_2_1_ticket_confirmation, tvb, offset, 32, ENC_NA);
        offset += 32;

        if (!packet->processed && api_data->session && packet->opid_first && packet->opid_first->opid_data)
        {
            dof_session_key_exchange_data *sk_data;

            rekey_data = (tep_rekey_data *)packet->opid_first->opid_data;
            sk_data = rekey_data->key_data;

            /* TODO: Error if not found or if already set. */
            if (sk_data)
                sk_data->i_valid = packet->dof_frame;
        }
    }
        break;

    case TEP_PDU_END_SESSION:
    case TEP_PDU_SESSION_ENDING:
        break;

    case TEP_PDU_REJECT:
    {
        /* Error Code */
        proto_tree_add_item(tep_tree, hf_tep_reject_code, tvb, offset, 1, ENC_NA);
        offset += 1;

        /* Error Description */
        if (tvb_captured_length(tvb) > offset)
            proto_tree_add_item(tep_tree, hf_tep_reject_data, tvb, offset, -1, ENC_NA);
    }
        break;

    default:
        break;
    }
    return offset;
}

static int dissect_trp_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    /* We are handed a buffer that starts with our protocol id. Any options follow that. */
    int offset = 0;

    /* We don't care except for the treeview. */
    if (!tree)
        return 0;

    /* Compute the version and flags, masking off other bits. */
    offset += 4; /* Skip the type and protocol. */

    proto_tree_add_item(tree, hf_trp_dsp_option, tvb, 0, -1, ENC_NA);
    return offset;
}

static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    dof_api_data *api_data = (dof_api_data *)data;
    dof_packet_data *packet_data;
    unsigned offset = 0;
    uint8_t opcode;
    uint16_t app;
    int app_len;
    proto_item *ti;
    proto_tree *trp_tree;
    trp_packet_data *trp_data;

    /* Make entries in Protocol column and Info column on summary display */
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "TRP ");

    /* Create the protocol tree. */
    offset = 0;
    ti = proto_tree_add_item(tree, proto_trp, tvb, offset, -1, ENC_NA);
    trp_tree = proto_item_add_subtree(ti, ett_trp);

    /* Add the APPID. */
    offset = read_c2(tvb, offset, &app, &app_len);
    ti = proto_tree_add_uint(trp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
    validate_c2(pinfo, ti, app, app_len);

    if (api_data == NULL)
    {
        expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL");
        return offset;
    }

    packet_data = api_data->packet;
    if (packet_data == NULL)
    {
        expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL");
        return offset;
    }

    trp_data = (trp_packet_data *)dof_packet_get_proto_data(packet_data, proto_trp);

    if (offset == tvb_captured_length(tvb))
    {
        col_append_str(pinfo->cinfo, COL_INFO, "TRP [nop]");
        expert_add_info(pinfo, trp_tree, &ei_implicit_no_op);

        return offset;
    }

    /* Retrieve the opcode. */
    opcode = tvb_get_uint8(tvb, offset);
    if (!packet_data->is_command)
        opcode |= TRP_RESPONSE;

    col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(pinfo->pool, opcode, trp_opcode_strings, "Unknown Opcode (%d)"));

    /* Opcode */
    ti = proto_tree_add_uint_format(trp_tree, hf_trp_opcode, tvb, offset, 1, opcode & 0x7F, "Opcode: %s (%u)", val_to_str(pinfo->pool, opcode, trp_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x7F);
    offset += 1;

    switch (opcode)
    {
    case TRP_RSP_REJECT:
    {
        /* Error Code */
        proto_tree_add_item(trp_tree, hf_trp_errorcode, tvb, offset, 1, ENC_NA);
        offset += 1;
    }
        break;

    case TRP_CMD_REQUEST_KEK:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;

        if (trp_data && trp_data->identity_length)
        {
            expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
        }

        /* Domain - Security.7 */
        start_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL);
        if (!packet_data->processed)
        {
            domain_length = offset - start_offset;
            domain_buf = (uint8_t *)wmem_alloc0(wmem_file_scope(), domain_length);
            tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
        }

        /* Initiator Block - TRP.4.1.1 */
        {
            dof_2008_16_security_4 response;
            trp_packet_data *trp_pkt_data = NULL;

            start_offset = offset;

            /* Initiator Key Request - Security.4 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
                                              offset, hf_initiator_request, ett_initiator_request, &response);
            if (!packet_data->processed)
            {
                tvbuff_t *identity = response.identity;
                uint8_t identity_length = tvb_reported_length(identity);
                uint8_t *identity_buf = (uint8_t *)wmem_alloc0(pinfo->pool, identity_length);
                int i;

                /* Get the buffer. */
                tvb_memcpy(identity, identity_buf, 0, identity_length);

                /* Check to see if there is a matching identity. */
                for (i = 0; i < globals.global_security->identity_data_count; i++)
                {
                    dof_identity_data *gidentity = globals.global_security->identity_data + i;

                    if (domain_length != gidentity->domain_length ||
                        memcmp(domain_buf, gidentity->domain, domain_length) != 0)
                        continue;

                    if (identity_length == gidentity->identity_length &&
                        memcmp(identity_buf, gidentity->identity, identity_length) == 0)
                    {
                        trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data);
                        dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data);

                        trp_pkt_data->domain_length = domain_length;
                        trp_pkt_data->domain = (uint8_t *)wmem_alloc0(wmem_file_scope(), domain_length);
                        memcpy(trp_pkt_data->domain, domain_buf, domain_length);

                        trp_pkt_data->identity_length = identity_length;
                        trp_pkt_data->identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), identity_length);
                        memcpy(trp_pkt_data->identity, identity_buf, identity_length);

                        trp_pkt_data->secret = gidentity->secret;
                    }
                }
            }

            /* Group Identifier - Security.8 */
            {
                int gid_start = offset;
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree,
                                                  offset, hf_group_identifier, ett_group_identifier, NULL);

                if (trp_pkt_data)
                {
                    trp_pkt_data->group_length = offset - gid_start;
                    trp_pkt_data->group = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->group_length);
                    tvb_memcpy(tvb, trp_pkt_data->group, gid_start, trp_pkt_data->group_length);
                }
            }

            if (trp_pkt_data)
            {
                /* We need to store the entire block_I for later use. */
                trp_pkt_data->block_I_length = offset - start_offset;
                trp_pkt_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
                tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length);
            }
        }
    }
        break;

    case TRP_RSP_REQUEST_KEK:
    {
        int start_offset;
        uint32_t ssid;
        uint8_t *mode;
        uint8_t mode_length;
        uint8_t *block_A;
        uint8_t block_A_length;

        if (trp_data && trp_data->kek_known)
        {
            expert_add_info(pinfo, ti, &ei_trp_kek_discovered);
        }

        /* Initiator Ticket - Security.5 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
                                          offset, hf_initiator_ticket, ett_initiator_ticket, NULL);

        /* Initialization Block - TRP.4.2.1 */
        /* A BLOCK */
        {
            start_offset = offset;

            /* THB */
            {
                proto_tree_add_item(trp_tree, hf_thb, tvb, offset, 1, ENC_NA);
                offset += 1;
            }

            /* TMIN */
            {
                proto_tree_add_item(trp_tree, hf_tmin, tvb, offset, 1, ENC_NA);
                offset += 1;
            }

            /* TMAX */
            {
                proto_tree_add_item(trp_tree, hf_tmax, tvb, offset, 1, ENC_NA);
                offset += 1;
            }

            /* Epoch */
            {
                proto_tree_add_item(trp_tree, hf_trp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
                offset += 2;
            }

            /* SIDg - Type.4 */
            {
                offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, trp_tree,
                                                  offset, hf_sidg, ett_sidg, NULL);
            }

            /* Initiator Node Security Scope - Security.10 */
            {
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree,
                                                  offset, hf_security_scope, ett_security_scope, NULL);
            }

            /* Security Mode - Security.13 */
            {
                int mode_start = offset;
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_13, tvb, pinfo, trp_tree,
                                                  offset, hf_security_mode, ett_security_mode, NULL);
                if (!packet_data->processed)
                {
                    mode_length = offset - mode_start;
                    mode = (uint8_t *)wmem_alloc0(pinfo->pool, mode_length);
                    tvb_memcpy(tvb, mode, mode_start, mode_length);
                }
            }

            /* State Identifier - Type.3 */
            {
                int s_offset = offset;
                int ssid_len;
                proto_item *pi;
                offset = read_c4(tvb, offset, &ssid, &ssid_len);
                ssid |= AS_ASSIGNED_SSID;   /* TRP SSID are *always* assigned by the AS. */
                pi = proto_tree_add_uint_format(trp_tree, hf_ssid, tvb, s_offset, offset - s_offset, ssid, "SSID: %u", ssid);
                validate_c4(pinfo, pi, ssid, ssid_len);
            }

            /* PG - Security.2 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_2, tvb, pinfo, trp_tree,
                                              offset, hf_responder_pg, ett_responder_pg, NULL);

            /* Group Validation - Security.11 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
                                              offset, hf_responder_validation, ett_responder_validation, NULL);

            /* Initiator Validation - Security.11 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
                                              offset, hf_initiator_validation, ett_initiator_validation, NULL);

            block_A_length = offset - start_offset;
            block_A = (uint8_t *)wmem_alloc0(pinfo->pool, block_A_length);
            tvb_memcpy(tvb, block_A, start_offset, block_A_length);
        }

        /* Determine the KEK, if possible. This requires that either the initiator node's secret
        * is known or that the group has been configured. In either case this requires knowledge
        * from the matching command, including the domain, identity, and group information.
        */
        if (packet_data->opid_first && !packet_data->processed)
        {
#if 0
            trp_packet_data* cmd_data = (trp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_trp);
            uint8_t mac[32];
            extern struct BlockCipher BlockCipher_AES_256;
            struct BlockCipher* cipher = &BlockCipher_AES_256;
            uint8_t* ekey = (uint8_t*)ep_alloc(cipher->keyStateSize);

            int i;

            if (cmd_data)
            {
                uint8_t kek[32];

                tvb_memcpy(tvb, mac, mac_offset, 32);
                tvb_memcpy(tvb, kek, mac_offset + 32, 32);

                if (cipher != NULL)
                {
                    cipher->GenerateKeyState(ekey, cmd_data->secret);
                    cipher->Encrypt(ekey, mac);
                    cipher->Encrypt(ekey, mac + 16);
                }

                for (i = 0; i < 32; i++)
                kek[i] ^= mac[i];

                {
                    OALSecureHMACContext ctx;
                    OALSecureHMACDigest digest;

                    OALSecureHMAC_Start(&ctx, cmd_data->secret);
                    OALSecureHMAC_Digest(&ctx, cmd_data->domain_length, cmd_data->domain);
                    OALSecureHMAC_Digest(&ctx, cmd_data->block_I_length, cmd_data->block_I);
                    OALSecureHMAC_Digest(&ctx, block_A_length, block_A);
                    OALSecureHMAC_Digest(&ctx, 32, kek);
                    OALSecureHMAC_Finish(&ctx, digest);

                    tvb_memcpy(tvb, mac, mac_offset, 32);
                    if (memcmp(mac, digest, 32) == 0)
                    {
                        dof_learned_group_data* group = globals.learned_group_data;
                        dof_learned_group_auth_data *auth = NULL;

                        /* The KEK has been discovered, flag this for output on the PDU. */
                        if (!trp_data)
                        {
                            trp_data = wmem_alloc0(wmem_file_scope(), sizeof(trp_packet_data));
                            dof_packet_add_proto_data(packet_data, proto_trp, trp_data);
                        }

                        trp_data->kek_known = true;

                        while (group)
                        {
                            if ((cmd_data->domain_length == group->domain_length) &&
                                (memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) &&
                                (cmd_data->group_length == group->group_length) &&
                                (memcmp(cmd_data->group, group->group, group->group_length) == 0) &&
                                (ssid == group->ssid))
                            break;

                            group = group->next;
                        }

                        if (group == NULL)
                        {
                            group = wmem_alloc0(wmem_file_scope, sizeof(dof_learned_group_data));
                            group->domain_length = cmd_data->domain_length;
                            group->domain = cmd_data->domain;
                            group->group_length = cmd_data->group_length;
                            group->group = cmd_data->group;
                            group->ssid = ssid;
                            group->next = globals.learned_group_data;
                            globals.learned_group_data = group;
                        }

                        auth = group->keys;

                        while (auth)
                        {
                            if (epoch == auth->epoch)
                            break;

                            auth = auth->next;
                        }

                        if (auth == NULL)
                        {
                            auth = wmem_alloc0(wmem_file_scope(), sizeof(dof_learned_group_auth_data));
                            auth->epoch = epoch;
                            auth->next = group->keys;
                            group->keys = auth;

                            auth->kek = (uint8_t*)wmem_alloc0(wmem_file_scope(), 32);
                            memcpy(auth->kek, kek, 32);

                            auth->mode_length = mode_length;
                            auth->mode = (uint8_t*)wmem_alloc0(wmem_file_scope(), mode_length);
                            memcpy(auth->mode, mode, mode_length);

                            auth->security_mode = (mode[1] * 256) | mode[2];
                            auth->parent = group;
                        }
                    }
                }
            }
#endif
        }
    }
        break;

    case TRP_CMD_REQUEST_RANDOM:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;

        if (trp_data && trp_data->identity_length)
        {
            expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
        }

        /* Domain - Security.7 */
        start_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
                                          offset, hf_domain, ett_domain, NULL);
        if (!packet_data->processed)
        {
            domain_length = offset - start_offset;
            domain_buf = (uint8_t *)wmem_alloc0(pinfo->pool, domain_length);
            tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
        }

        /* Initiator Block - TRP.6.1.1 */
        {
            dof_2008_16_security_4 response;
            trp_packet_data *trp_pkt_data = NULL;

            start_offset = offset;

            /* Initiator Key Request - Security.4 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
                                              offset, hf_initiator_request, ett_initiator_request, &response);
            if (!packet_data->processed)
            {
                tvbuff_t *identity = response.identity;
                uint8_t identity_length = tvb_reported_length(identity);
                uint8_t *identity_buf = (uint8_t *)wmem_alloc0(pinfo->pool, identity_length);
                int i;

                /* Get the buffer. */
                tvb_memcpy(identity, identity_buf, 0, identity_length);

                /* Check to see if there is a matching identity. */
                for (i = 0; i < globals.global_security->identity_data_count; i++)
                {
                    dof_identity_data *gidentity = globals.global_security->identity_data + i;

                    if (domain_length != gidentity->domain_length ||
                        memcmp(domain_buf, gidentity->domain, domain_length) != 0)
                        continue;

                    if (identity_length == gidentity->identity_length &&
                        memcmp(identity_buf, gidentity->identity, identity_length) == 0)
                    {
                        trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data);
                        dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data);

                        trp_pkt_data->domain_length = domain_length;
                        trp_pkt_data->domain = (uint8_t *)wmem_alloc0(wmem_file_scope(), domain_length);
                        memcpy(trp_pkt_data->domain, domain_buf, domain_length);

                        trp_pkt_data->identity_length = identity_length;
                        trp_pkt_data->identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), identity_length);
                        memcpy(trp_pkt_data->identity, identity_buf, identity_length);

                        trp_pkt_data->secret = gidentity->secret;
                    }
                }
            }

            if (trp_pkt_data)
            {
                /* We need to store the entire block_I for later use. */
                trp_pkt_data->block_I_length = offset - start_offset;
                trp_pkt_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
                tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length);
            }
        }
    }
        break;

    case TRP_RSP_REQUEST_RANDOM:
    {
        /* Initiator Ticket - Security.5 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
                                          offset, hf_initiator_ticket, ett_initiator_ticket, NULL);
    }
        break;

    case TRP_CMD_REQUEST_SECURITY_SCOPES:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;

        if (trp_data && trp_data->identity_length)
        {
            expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
        }

        /* Domain - Security.7 */
        start_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
                                          offset, hf_domain, ett_domain, NULL);
        if (!packet_data->processed)
        {
            domain_length = offset - start_offset;
            domain_buf = (uint8_t *)wmem_alloc0(pinfo->pool, domain_length);
            tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
        }

        /* Initiator Block - TRP.5.1.1 */
        {
            dof_2008_16_security_4 response;
            trp_packet_data *trp_pk_data = NULL;

            start_offset = offset;

            /* Initiator Duration Request */
            proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA);
            offset += 1;

            /* Initiator Key Request - Security.4 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
                                              offset, hf_initiator_request, ett_initiator_request, &response);
            if (!packet_data->processed)
            {
                tvbuff_t *identity = response.identity;
                uint8_t identity_length = tvb_reported_length(identity);
                uint8_t *identity_buf = (uint8_t *)wmem_alloc0(pinfo->pool, identity_length);
                int i;

                /* Get the buffer. */
                tvb_memcpy(identity, identity_buf, 0, identity_length);

                /* Check to see if there is a matching identity. */
                for (i = 0; i < globals.global_security->identity_data_count; i++)
                {
                    dof_identity_data *gidentity = globals.global_security->identity_data + i;

                    if (domain_length != gidentity->domain_length ||
                        memcmp(domain_buf, gidentity->domain, domain_length) != 0)
                        continue;

                    if (identity_length == gidentity->identity_length &&
                        memcmp(identity_buf, gidentity->identity, identity_length) == 0)
                    {
                        trp_pk_data = wmem_new0(wmem_file_scope(), trp_packet_data);
                        dof_packet_add_proto_data(packet_data, proto_trp, trp_pk_data);

                        trp_pk_data->domain_length = domain_length;
                        trp_pk_data->domain = (uint8_t *)wmem_alloc0(wmem_file_scope(), domain_length);
                        memcpy(trp_pk_data->domain, domain_buf, domain_length);

                        trp_pk_data->identity_length = identity_length;
                        trp_pk_data->identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), identity_length);
                        memcpy(trp_pk_data->identity, identity_buf, identity_length);

                        trp_pk_data->secret = gidentity->secret;
                    }
                }
            }

            /* Node - Security.8 */
            {
                int gid_start = offset;
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree,
                                                  offset, hf_node_identifier, ett_node_identifier, NULL);

                if (trp_pk_data)
                {
                    trp_pk_data->group_length = offset - gid_start;
                    trp_pk_data->group = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pk_data->group_length);
                    tvb_memcpy(tvb, trp_pk_data->group, gid_start, trp_pk_data->group_length);
                }
            }

            if (trp_pk_data)
            {
                /* We need to store the entire block_I for later use. */
                trp_pk_data->block_I_length = offset - start_offset;
                trp_pk_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pk_data->block_I_length);
                tvb_memcpy(tvb, trp_pk_data->block_I, start_offset, trp_pk_data->block_I_length);
            }
        }
    }
        break;

    case TRP_RSP_REQUEST_SECURITY_SCOPES:
    {
        int start_offset;
        uint8_t *block_A;
        uint8_t block_A_length;

        /* Initiator Ticket - Security.5 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
                                          offset, hf_initiator_ticket, ett_initiator_ticket, NULL);

        /* Initialization Block - TRP.5.2.1 */
        /* A BLOCK */
        {
            start_offset = offset;

            /* Initiator Duration Request */
            proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA);
            offset += 1;

            /* Initiator Node Security Scope - Security.10 */
            {
                offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree,
                                                  offset, hf_security_scope, ett_security_scope, NULL);
            }

            /* Validation - Security.11 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
                                              offset, hf_initiator_validation, ett_initiator_validation, NULL);

            block_A_length = offset - start_offset;
            block_A = (uint8_t *)wmem_alloc0(pinfo->pool, block_A_length);
            tvb_memcpy(tvb, block_A, start_offset, block_A_length);
        }
    }
        break;

    case TRP_CMD_RESOLVE_CREDENTIAL:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;

        /* Domain - Security.7 */
        start_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
                                          offset, hf_domain, ett_domain, NULL);
        if (!packet_data->processed)
        {
            domain_length = offset - start_offset;
            domain_buf = (uint8_t *)wmem_alloc0(pinfo->pool, domain_length);
            tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
        }

        /* Identity Resolution - Security.3.2 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree,
                                          offset, hf_identity_resolution, ett_identity_resolution, NULL);
    }
        break;

    case TRP_RSP_RESOLVE_CREDENTIAL:
    {
        /* Identity Resolution - Security.3.2 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree,
                                          offset, hf_identity_resolution, ett_identity_resolution, NULL);
    }
        break;

    case TRP_CMD_REQUEST_SESSION:
    {
        uint8_t *domain_buf = NULL;
        uint8_t domain_length = 0;
        int start_offset;

        if (trp_data && trp_data->identity_length)
        {
            expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
        }

        /* Domain - Security.7 */
        start_offset = offset;
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
                                          offset, hf_domain, ett_domain, NULL);
        if (!packet_data->processed)
        {
            domain_length = offset - start_offset;
            domain_buf = (uint8_t *)wmem_alloc0(pinfo->pool, domain_length);
            tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
        }

        /* Responder Block - Security.6.2 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, trp_tree,
                                          offset, hf_responder_request, ett_responder_request, NULL);

        /* Initiator Block - Security.6.1 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, trp_tree,
                                          offset, hf_initiator_request, ett_initiator_request, NULL);
    }
        break;

    case TRP_RSP_REQUEST_SESSION:
    {
        int start_offset;
        uint8_t *block_A;
        uint8_t block_A_length;

        /* Responder Ticket - Security.5 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
                                          offset, hf_responder_ticket, ett_responder_ticket, NULL);

        /* Initiator Ticket - Security.5 */
        offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
                                          offset, hf_initiator_ticket, ett_initiator_ticket, NULL);


        /* Initialization Block - Security.6.3 */
        /* A BLOCK */
        {
            start_offset = offset;

            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, trp_tree,
                                              offset, hf_authentication_block, ett_authentication_block, NULL);

            block_A_length = offset - start_offset;
            block_A = (uint8_t *)wmem_alloc0(pinfo->pool, block_A_length);
            tvb_memcpy(tvb, block_A, start_offset, block_A_length);
        }
    }
        break;

    case TRP_CMD_VALIDATE_CREDENTIAL:
        {
            tvbuff_t *data_tvb;

            /* Domain - Security.7 */
            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
                                              offset, hf_domain, ett_domain, NULL);

            offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_1, tvb, pinfo, trp_tree,
                                              offset, hf_identity_resolution, ett_identity_resolution, NULL);
            data_tvb = tvb_new_subset_remaining(tvb, offset);
            call_data_dissector(data_tvb, pinfo, trp_tree);
        }
        break;

    case TRP_RSP_VALIDATE_CREDENTIAL:
    {
        tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset);
        call_data_dissector(data_tvb, pinfo, trp_tree);
    }
       break;
    }

    return offset;
}

/* Initialize Core Tunnel Functionality */
static void dof_tun_register(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2012_1_tunnel_1_version,
            { "Version", "dof.2012_1.tunnel_1.version", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }
        },
        { &hf_2012_1_tunnel_1_length,
            { "Length", "dof.2012_1.tunnel_1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }
        },
    };

    static int *ett[] = {
        &ett_2012_1_tunnel,
    };

    proto_2012_1_tunnel = proto_register_protocol(TUNNEL_PROTOCOL_STACK, "DTPS", "dtps");
    proto_register_field_array(proto_2012_1_tunnel, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));

    register_dissector_with_description("dof.tunnel", TUNNEL_PROTOCOL_STACK, dissect_tunnel_common, proto_2012_1_tunnel);
    dof_tun_app_dissectors = register_dissector_table("dof.tunnel.app", "DOF Tunnel Version", proto_2012_1_tunnel, FT_UINT8, BASE_DEC);
}

static void dof_tun_reset(void)
{
}

static void dof_tun_cleanup(void)
{
}

/* The registration hand-off routine */
static void dof_tun_handoff(void)
{
    static dissector_handle_t tcp_handle;

    register_dissector_with_description("dof.app", TUNNEL_APPLICATION_PROTOCOL, dissect_tun_app_common, proto_2008_1_app);

    tcp_handle = create_dissector_handle(dissect_tunnel_tcp, proto_2012_1_tunnel);

    dissector_add_uint_with_preference("tcp.port", DOF_TUN_NON_SEC_TCP_PORT, tcp_handle);
}

/* Main DOF Registration Support */

static void dof_reset(void)
{
    globals.next_session = 1;
    globals.next_transport_session = 1;
    globals.dof_packet_head = globals.dof_packet_tail = NULL;
    globals.global_security = &global_security;
    globals.learned_group_data = NULL;
    globals.decrypt_all_packets = decrypt_all_packets;
    globals.track_operations = track_operations;
    globals.track_operations_window = track_operations_window;

    init_addr_port_tables();

    /* Reset the packet counter. */
    next_dof_frame = 1;

    /* Load the template values for different groups. */
    {
        secmode_field_t *list = secmode_list;
        unsigned i;

        global_security.group_data = g_new0(dof_group_data, num_secmode_list);
        global_security.group_data_count = num_secmode_list;
        for (i = 0; i < num_secmode_list; i++)
        {
            uint8_t kek_len;
            dof_group_data *group_data = global_security.group_data + i;
            parse_hex_string(list[i].domain, &(group_data->domain), &(group_data->domain_length));
            parse_hex_string(list[i].identity, &(group_data->identity), &(group_data->identity_length));
            parse_hex_string(list[i].kek, &(group_data->kek), &kek_len);
        }
    }

    /* Load the template values for different secrets. */
    {
        seckey_field_t *list = seckey_list;
        unsigned i;

        /* Clear existing. */
        for (i = 0; i < global_security.session_key_count; i++)
        {
            dof_session_key_data *session_data = &global_security.session_key[i];
            g_free(session_data->session_key);
        }

        g_free(global_security.session_key);
        global_security.session_key = NULL;
        global_security.session_key_count = 0;

        global_security.session_key = g_new0(dof_session_key_data, num_seckey_list);
        global_security.session_key_count = num_seckey_list;
        for (i = 0; i < num_seckey_list; i++)
        {
            uint8_t key_len;
            dof_session_key_data *session_data = global_security.session_key + i;
            parse_hex_string(list[i].key, &(session_data->session_key), &key_len);
        }
    }

    /* Load the template values for different identities. */
    {
        identsecret_field_t *list = identsecret_list;
        unsigned i;

        /* Clear existing. */
        for (i = 0; i < global_security.identity_data_count; i++)
        {
            dof_identity_data *identity_data = &global_security.identity_data[i];
            g_free(identity_data->domain);
            g_free(identity_data->identity);
            g_free(identity_data->secret);
        }

        g_free(global_security.identity_data);
        global_security.identity_data = NULL;
        global_security.identity_data_count = 0;

        global_security.identity_data = g_new0(dof_identity_data, num_identsecret_list);
        global_security.identity_data_count = num_identsecret_list;
        for (i = 0; i < num_identsecret_list; i++)
        {
            uint8_t key_len;
            uint32_t size;

            dof_identity_data *identity_data = global_security.identity_data + i;
            if (VALIDHEX(list[i].domain[0]))
            {
                parse_hex_string(list[i].domain, &(identity_data->domain), &(identity_data->domain_length));
            }
            else
            {
                size = (uint32_t)strlen(list[i].domain);
                dof_oid_new_standard_string(list[i].domain, &size, &(identity_data->domain));
                identity_data->domain_length = size;
            }

            if (VALIDHEX(list[i].identity[0]))
            {
                parse_hex_string(list[i].identity, &(identity_data->identity), &(identity_data->identity_length));
            }
            else
            {
                size = (uint32_t)strlen(list[i].identity);
                dof_oid_new_standard_string(list[i].identity, &size, &(identity_data->identity));
                identity_data->identity_length = size;
            }

            parse_hex_string(list[i].secret, &(identity_data->secret), &key_len);
        }
    }
}

static void dof_cleanup(void)
{
    unsigned i;

    /* Clear existing. */
    for (i = 0; i < global_security.group_data_count; i++)
    {
        dof_group_data *group_data = &global_security.group_data[i];
        g_free(group_data->domain);
        g_free(group_data->identity);
        g_free(group_data->kek);
    }

    g_free(global_security.group_data);
    global_security.group_data = NULL;
    global_security.group_data_count = 0;

}

/**
 * Initialize Core DPS Functionality
 */
static void dof_register(void)
{
    static hf_register_info hf[] =
    {
        { &hf_security_1_permission_type,
            { "Permission Type", "dof.2008.16.security.1.desired-duration", FT_UINT16, BASE_DEC, VALS(dof_2008_16_permission_type), 0, NULL, HFILL } },

        { &hf_security_1_length,
            { "Length", "dof.2008.16.security.1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_1_data,
            { "Data", "dof.2008.16.security.1.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.2 */
        { &hf_security_2_count,
            { "Count", "dof.2008.16.security.2.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_2_permission,
            { "Permission", "dof.2008.16.security.2.permission", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.3.1 */
        { &hf_security_3_1_credential_type,
            { "Credential Type", "dof.2008.16.security.3.1.credential_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_3_1_stage,
            { "Stage", "dof.2008.16.security.3.1.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_3_1_security_node_identifier,
            { "Security Node Identifier", "dof.2008.16.security.3.1.security_node_identifier", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security 3.2 */
        { &hf_security_3_2_credential_type,
            { "Credential Type", "dof.2008.16.security.3.2.credential_type", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_3_2_stage,
            { "Stage", "dof.2008.16.security.3.2.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_3_2_length,
            { "Length", "dof.2008.16.security.3.2.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_3_2_public_data,
            { "Public Data", "dof.2008.16.security.3.2.public_data", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.4 */
        { &hf_security_4_l,
            { "L", "dof.2008.16.security.4.l", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },

        { &hf_security_4_f,
            { "F", "dof.2008.16.security.4.f", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } },

        { &hf_security_4_ln,
            { "Ln", "dof.2008.16.security.4.ln", FT_UINT8, BASE_DEC, NULL, 0x0F, NULL, HFILL } },

        { &hf_security_4_identity,
            { "Identity", "dof.2008.16.security.4.identity", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_4_nonce,
            { "Nonce", "dof.2008.16.security.4.nonce", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_4_permission_set,
            { "Permission Set", "dof.2008.16.security.4.permission_set", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.5 */
        { &hf_security_5_mac,
            { "MAC", "dof.2008.16.security.5.mac", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_5_key,
            { "KEY", "dof.2008.16.security.5.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.6.1 */
        { &hf_security_6_1_desired_duration,
            { "Desired Duration", "dof.2008.16.security.6.1.desired_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_6_1_desired_security_mode,
            { "Desired Security Mode", "dof.2008.16.security.6.1.desired_security_mode", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_6_1_initiator_request,
            { "Initiator Request", "dof.2008.16.security.6.1.initiator_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.6.2 */
        { &hf_security_6_2_responder_request,
            { "Responder Request", "dof.2008.16.security.6.2.responder_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.6.3 */
        { &hf_security_6_3_granted_duration,
            { "Granted Duration", "dof.2008.16.security.6.3.granted_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_6_3_session_security_scope,
            { "Session Security Scope", "dof.2008.16.security.6.3.session_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_6_3_initiator_validation,
            { "Initiator Validation", "dof.2008.16.security.6.3.initiator_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_security_6_3_responder_validation,
            { "Responder Validation", "dof.2008.16.security.6.3.responder_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.9 */
        { &hf_security_9_length,
            { "Length", "dof.2008.16.security.9.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_9_initial_state,
            { "Initial State", "dof.2008.16.security.9.initial_state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.10 */
        { &hf_security_10_count,
            { "Count", "dof.2008.16.security.10.count", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_security_10_permission_group_identifier,
            { "Permission Group Identifier", "dof.2008.16.security.10.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        /* Security.11 */
        { &hf_security_11_count,
            { "Count", "dof.2008.16.security.11.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },

        { &hf_security_11_permission_security_scope,
            { "Permission Security Scope", "dof.2008.16.security.11.permission_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },

        /* Security.12 */
        { &hf_security_12_m,
            { "M", "dof.2008.16.security.12.m", FT_UINT8, BASE_DEC, VALS(dof_2008_16_security_12_m), 0xC0, NULL, HFILL } },

        { &hf_security_12_count,
            { "Count", "dof.2008.16.security.12.count", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL } },

        { &hf_security_12_permission_group_identifier,
            { "Permission Group Identifier", "dof.2008.16.security.12.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_2008_1_dof_session_transport,
            { "Transport Session", "dof.transport_session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
        },
        { &hf_2008_1_dof_session,
            { "DPS Session", "dof.session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
        },
        { &hf_2008_1_dof_frame,
            { "DPS Frame", "dof.frame", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
        },
        { &hf_2008_1_dof_is_2_node,
            { "DPS Is 2 Node", "dof.is_2_node", FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL }
        },
        { &hf_2008_1_dof_is_streaming,
            { "DPS Is Streaming", "dof.is_streaming", FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL }
        },
        { &hf_2008_1_dof_is_from_client,
            { "DPS Is From Client", "dof.is_from_client", FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL }
        }
    };

    static int *ett[] = {
        /* Security.2 */
        &ett_security_2_permission,
        &ett_security_3_1_security_node_identifier,

        /* Security.11 */
        &ett_security_11_permission_security_scope,

        &ett_security_6_1_desired_security_mode,
        &ett_security_6_1_initiator_request,

        &ett_security_6_2_responder_request,
        &ett_security_6_3_session_security_scope,
        &ett_security_6_3_initiator_validation,
        &ett_security_6_3_responder_validation,

        &ett_security_4_identity,
        &ett_security_4_permission_set,

        &ett_2008_1_dof,
    };

    static ei_register_info ei[] =
    {
#if 0
        { &ei_undecoded, { "dof.undecoded", PI_UNDECODED, PI_WARN, "DOF: Some protocol octets were not decoded", EXPFILL } },
#endif
        { &ei_malformed, { "dof.malformed", PI_MALFORMED, PI_ERROR, "Malformed:", EXPFILL } },
        { &ei_implicit_no_op, { "dof.implicit_no_op", PI_PROTOCOL, PI_COMMENT, "Implicit No-op", EXPFILL } },
        { &ei_c2_c3_c4_format, { "dof.c2_c3_c4_format", PI_MALFORMED, PI_WARN, "DOF: Cx IE format", EXPFILL } },
        { &ei_security_3_1_invalid_stage, { "dof.security.3.1.invalid_stage", PI_MALFORMED, PI_ERROR, "DPS: Security.3.1: Stage invalid.", EXPFILL } },
        { &ei_security_4_invalid_bit, { "dof.security.4.invalid_bit", PI_MALFORMED, PI_WARN, "DPS: Security.4: Reserved bit set.", EXPFILL } },
        { &ei_security_13_out_of_range, { "dof.security.13.out_of_range", PI_MALFORMED, PI_ERROR, "DPS: Security.13: Attribute Data out of range.", EXPFILL } },
    };

    /* Security mode of operation templates. */
    static uat_field_t secmode_uat_fields[] = {
        UAT_FLD_CSTRING(secmode_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
        UAT_FLD_CSTRING(secmode_list, identity, "Group ID", "The group identifier, coded as hex digits of PDU Security.8."),
        UAT_FLD_CSTRING(secmode_list, kek, "KEK", "The KEK, coded as hex digits representing the KEK (256-bit)."),
        UAT_END_FIELDS
    };

    /* Security keys. */
    static uat_field_t seckey_uat_fields[] = {
        UAT_FLD_CSTRING(seckey_list, key, "Session Key", "The session key to try to use, coded as hex digits representing the key (256-bit)."),
        UAT_END_FIELDS
    };

    /* Identity secrets. */
    static uat_field_t identsecret_uat_fields[] = {
        UAT_FLD_CSTRING(identsecret_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
        UAT_FLD_CSTRING(identsecret_list, identity, "Identity", "The group identifier, coded as hex digits of PDU Security.8."),
        UAT_FLD_CSTRING_OTHER(identsecret_list, secret, "Secret", identsecret_chk_cb, "The resolved secret for a given identity, coded as hex digits representing the secret (256-bit)."),
        UAT_END_FIELDS
    };

    module_t *dof_module;
    uat_t *secmode_uat;
    uat_t *seckey_uat;
    uat_t *identsecret_uat;
    expert_module_t *expert_security;

    dsp_option_dissectors = register_dissector_table("dof.dsp.options", "DSP Protocol Options", proto_2008_1_dsp, FT_UINT32, BASE_DEC);
    dof_sec_dissectors = register_dissector_table("dof.secmode", "DOF Security Mode of Operation", proto_2008_1_dof, FT_UINT16, BASE_DEC);
    register_dissector_table("dof.2008.1", "DOF Common PDU", proto_2008_1_dof, FT_STRING, BASE_DEC);

    proto_2008_1_dof = proto_register_protocol(DOF_PROTOCOL_STACK, "DOF", "dof");

    proto_2008_1_dof_tcp = proto_register_protocol(DOF_PROTOCOL_STACK" TCP", "DOF-TCP", "dof-tcp");
    proto_2008_1_dof_udp = proto_register_protocol(DOF_PROTOCOL_STACK" UDP", "DOF-UDP", "dof-udp");

    proto_register_field_array(proto_2008_1_dof, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));

    expert_security = expert_register_protocol(proto_2008_1_dof);
    expert_register_field_array(expert_security, ei, array_length(ei));

    dof_module = prefs_register_protocol(proto_2008_1_dof, dof_reset);
    secmode_uat = uat_new("DPS Security Mode Templates",
                          sizeof(secmode_field_t),
                          "custom_dof_secmode_list",
                          true,
                          &secmode_list,
                          &num_secmode_list,
                          (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
                          NULL,
                          secmode_list_copy_cb,
                          secmode_list_update_cb,
                          secmode_list_free_cb,
                          secmode_list_post_update_cb,
                          NULL,
                          secmode_uat_fields
                          );

    seckey_uat = uat_new("DPS Session Keys",
                         sizeof(seckey_field_t),
                         "custom_dof_seckey_list",
                         true,
                         &seckey_list,
                         &num_seckey_list,
                         (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
                         NULL,
                         seckey_list_copy_cb,
                         seckey_list_update_cb,
                         seckey_list_free_cb,
                         seckey_list_post_update_cb,
                         NULL,
                         seckey_uat_fields
                         );

    identsecret_uat = uat_new("DPS Identity Secrets",
                              sizeof(identsecret_field_t),
                              "custom_dof_identsecret_list",
                              true,
                              &identsecret_list,
                              &num_identsecret_list,
                              (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
                              NULL,
                              identsecret_list_copy_cb,
                              identsecret_list_update_cb,
                              identsecret_list_free_cb,
                              identsecret_list_post_update_cb,
                              NULL,
                              identsecret_uat_fields
                              );

    prefs_register_bool_preference(dof_module, "custom_dof_decrypt_all",
                                   "Attempt to decrypt all packets",
                                   "Specifies that decryption should be attempted on all packets, even if the session initialization wasn't captured.",
                                   &decrypt_all_packets);

    prefs_register_bool_preference(dof_module, "custom_dof_track_operations",
                                   "Track DPS operations",
                                   "Specifies that operations should be tracked across multiple packets, providing summary lists. This takes time and memory.",
                                   &track_operations);

    prefs_register_uint_preference(dof_module, "custom_dof_track_operations_window",
                                   "Track DPS window",
                                   "Limits the number of operations shown before and after the current operations",
                                   10, &track_operations_window);

    prefs_register_static_text_preference(dof_module, "name4567", "The following are tables not preferences.", "These tables are not controlled by OK, Apply, and Cancel of this dialog.");

    prefs_register_uat_preference(dof_module, "custom_dof_secmode_list", "DPS Security Mode Templates",
                                  "A table of security modes and initialization data that will be tried if no security mode is found.",
                                  secmode_uat);

    prefs_register_uat_preference(dof_module, "custom_dof_seckey_list", "DPS Session Keys",
                                  "A table of session keys to attempt if none is known.",
                                  seckey_uat);

    prefs_register_uat_preference(dof_module, "custom_dof_identsecret_list", "DPS Identity Secrets",
                                  "A table of secrets for different identities.",
                                  identsecret_uat);
}

static void dof_handoff(void)
{
    static dissector_handle_t tcp_handle;

    dof_oid_handle = register_dissector_with_description("dof.oid", DOF_OBJECT_IDENTIFIER, dissect_2009_11_type_4, oid_proto);

    tcp_handle = create_dissector_handle(dissect_dof_tcp, proto_2008_1_dof);
    dof_udp_handle = create_dissector_handle(dissect_dof_udp, proto_2008_1_dof);

    dissector_add_uint_with_preference("tcp.port", DOF_P2P_NEG_SEC_TCP_PORT, tcp_handle);
    dissector_add_uint_range_with_preference("udp.port", DOF_NEG_SEC_UDP_PORT_RANGE, dof_udp_handle);
}

/* OID Registration Support */

static void oid_reset(void)
{
}

static void oid_cleanup(void)
{
}

/* Initialize OID */
static void oid_register(void)
{
    static hf_register_info hf[] = {
        { &hf_oid_class,
            { "Class", "dof.oid.class", FT_UINT32, BASE_DEC, NULL, 0, "DPS Object Identifier Class", HFILL }
        },
        { &hf_oid_header,
            { "Header", "dof.oid.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
        { &hf_oid_attribute,
            { "Attribute", "dof.oid.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL }
        },
        { &hf_oid_length,
            { "Length", "dof.oid.length", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL }
        },
        { &hf_oid_data,
            { "Data", "dof.oid.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },
        { &hf_oid_all_attribute_data,
            { "Attribute Data", "dof.oid.attribute-data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },
        { &hf_oid_attribute_header,
            { "Header", "dof.attribute.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
        { &hf_oid_attribute_attribute,
            { "Attribute", "dof.attribute.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL }
        },
        { &hf_oid_attribute_id,
            { "ID", "dof.attribute.id", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
        },
        { &hf_oid_attribute_length,
            { "Length", "dof.attribute.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }
        },
        { &hf_oid_attribute_data,
            { "Data", "dof.attribute.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },
        { &hf_oid_attribute_oid,
            { "OID", "dof.attribute.oid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },
    };

    static int *ett[] = {
        &ett_oid,
        &ett_oid_header,
        &ett_oid_attribute,
        &ett_oid_attribute_header,
        &ett_oid_attribute_oid,
    };

    static ei_register_info ei[] =
    {
        { &ei_type_4_header_zero, { "dof.oid.header_zero", PI_MALFORMED, PI_ERROR, "DOF Violation: Type.4: Header bit mandated 0.", EXPFILL } },
    };

    if (oid_proto == -1)
    {
        expert_module_t *expert_oid;

        oid_proto = proto_register_protocol(DOF_OBJECT_IDENTIFIER, "DPS.OID", "dof.oid");
        proto_register_field_array(oid_proto, hf, array_length(hf));
        proto_register_subtree_array(ett, array_length(ett));
        expert_oid = expert_register_protocol(oid_proto);
        expert_register_field_array(expert_oid, ei, array_length(ei));
    }
}

static void oid_handoff(void)
{
}

/* DNP Registration Support */

static unsigned dof_ns_session_key_hash_fn(const void *key)
{
    const dof_ns_session_key *session_key = (const dof_ns_session_key *)key;
    unsigned result = 0;

    result += g_int_hash(&session_key->transport_session_id);
    result += g_int_hash(&session_key->client);
    result += g_int_hash(&session_key->server);

    return result;
}

static gboolean dof_ns_session_key_equal_fn(const void *key1, const void *key2)
{
    const dof_ns_session_key *session_key_ptr1 = (const dof_ns_session_key *)key1;
    const dof_ns_session_key *session_key_ptr2 = (const dof_ns_session_key *)key2;

    if (session_key_ptr1->transport_session_id != session_key_ptr2->transport_session_id)
        return FALSE;

    if (session_key_ptr1->client != session_key_ptr2->client)
        return FALSE;

    if (session_key_ptr1->server != session_key_ptr2->server)
        return FALSE;

    return TRUE;
}

static void dof_dnp_reset(void)
{
    dof_ns_session_lookup = g_hash_table_new_full(dof_ns_session_key_hash_fn, dof_ns_session_key_equal_fn, g_free, NULL);
}

static void dof_dnp_cleanup(void)
{
    g_hash_table_destroy(dof_ns_session_lookup);
    dof_ns_session_lookup = NULL;
}

static void dof_register_dnp_0(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2008_1_dnp_0_1_1_padding,
            { "Padding", "dof.dnp.v0.padding", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },
        { &hf_2008_1_dnp_0_1_1_version,
            { "Version", "dof.dnp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
    };

    if (proto_2008_1_dnp_0 <= 0)
    {
        proto_2008_1_dnp_0 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V0", "DPS.DNP.V0", "dof.dnp.v0");

        proto_register_field_array(proto_2008_1_dnp_0, hf, array_length(hf));
    }
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_dnp_0(void)
{
    dissector_handle_t dnp_handle;
    dnp_handle = create_dissector_handle(dissect_dnp_0, proto_2008_1_dnp_0);

    dissector_add_uint("dof.dnp", 0, dnp_handle);
}

static void dof_register_dnp_1(void)
{
    expert_module_t *expert_dnp;

    static hf_register_info hf[] =
    {
        { &hf_2009_9_dnp_1_flags,
            { "Flags", "dof.2009_9.dnp_1.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2009_9_dnp_1_flag_length,
            { "Length Size", "dof.2009_9.dnp_1.flags.lengthsize", FT_UINT8, BASE_DEC, NULL, 0x03, NULL, HFILL }
        },
        { &hf_2009_9_dnp_1_flag_srcport,
            { "Source Port", "dof.2009_9.dnp_1.flags.srcport", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL }
        },
        { &hf_2009_9_dnp_1_flag_dstport,
            { "Destination Port", "dof.2009_9.dnp_1.flags.dstport", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL }
        },

        { &hf_2009_9_dnp_1_length,
            { "Length", "dof.2009_9.dnp_1.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2009_9_dnp_1_srcport,
            { "Source Port", "dof.2009_9.dnp_1.srcport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2009_9_dnp_1_dstport,
            { "Destination Port", "dof.2009_9.dnp_1.dstport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
        },
    };

    static int *ett[] =
    {
        &ett_2009_9_dnp_1_flags,
    };

    static ei_register_info ei[] =
    {
        { &ei_dof_10_flags_zero, { "dof.dnp.v1.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
#if 0
        { &ei_dof_13_length_specified, { "dof.dnp.v1.length_specified", PI_UNDECODED, PI_ERROR, "DPS-13: Length must be specified on a connection.", EXPFILL } },
#endif
    };

    if (proto_2009_9_dnp_1 <= 0)
    {
        proto_2009_9_dnp_1 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V1", "DOF.DNP.V1", "dof.dnp.v1");

        proto_register_field_array(proto_2009_9_dnp_1, hf, array_length(hf));
        proto_register_subtree_array(ett, array_length(ett));

        expert_dnp = expert_register_protocol(proto_2009_9_dnp_1);
        expert_register_field_array(expert_dnp, ei, array_length(ei));
    }
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_dnp_1(void)
{
    dissector_handle_t dnp_handle, dnp_frame_handle;
    dnp_handle = create_dissector_handle(dissect_dnp_1, proto_2009_9_dnp_1);
    dnp_frame_handle = create_dissector_handle(determine_packet_length_1, proto_2009_9_dnp_1);

    dissector_add_uint("dof.dnp", 1, dnp_handle);
    dissector_add_uint("dof.dnp.frame", 1, dnp_frame_handle);
}

static void dof_dnp_handoff(void)
{
    dof_reg_handoff_dnp_0();
    dof_reg_handoff_dnp_1();
}

/**
 * Initialize Core DNP Functionality
 */
static void dof_dnp_register(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2008_1_dnp_1_flag,
            { "Flag", "dof.2008_1.dnp_1.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL }
        },
        { &hf_2008_1_dnp_1_version,
            { "Version", "dof.2008_1.dnp_1.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
        },
    };

    static int *ett[] =
    {
        &ett_2008_1_dnp,
        &ett_2008_1_dnp_header,
    };

    proto_2008_1_dnp = proto_register_protocol(DOF_NETWORK_PROTOCOL, "DPS.DNP", "dof.dnp");

    proto_register_field_array(proto_2008_1_dnp, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));
    dnp_dissectors = register_dissector_table("dof.dnp", "DOF DNP Version", proto_2008_1_dnp, FT_UINT8, BASE_DEC);
    dnp_framing_dissectors = register_dissector_table("dof.dnp.frame", "DOF DNP Framing", proto_2008_1_dnp, FT_UINT8, BASE_DEC);

    dof_register_dnp_0();
    dof_register_dnp_1();
}

/* DPP Registration Support */

/**
 * This routine is called each time the system is reset (file load, capture)
 * and so it should take care of freeing any of our persistent stuff.
 */
static void dof_dpp_reset(void)
{
    dpp_reset_opid_support();
    dpp_reset_sid_support();
}

static void dof_dpp_cleanup(void)
{
}

static void dof_register_dpp_0(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2008_1_dpp_0_1_1_version,
            { "Version", "dof.dpp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
    };

    if (proto_2008_1_dpp_0 <= 0)
    {
        proto_2008_1_dpp_0 = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V0", "DPS.DPP.V0", "dof.dpp.v0");

        proto_register_field_array(proto_2008_1_dpp_0, hf, array_length(hf));
    }
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_dpp_0(void)
{
    dissector_handle_t dpp_handle;
    dpp_handle = create_dissector_handle(dissect_dpp_0, proto_2008_1_dpp_0);

    dissector_add_uint("dof.dpp", 0, dpp_handle);
}

static void dof_register_dpp_2(void)
{
    expert_module_t *expert_dpp;

    static hf_register_info hf[] =
    {
        { &hf_2009_12_dpp_2_1_flags,
            { "Flags", "dof.dpp.v2.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2009_12_dpp_2_1_flag_security,
            { "Secure", "dof.dpp.v2.flags.security", FT_BOOLEAN, 8, NULL, 0x80, NULL, HFILL }
        },
        { &hf_2009_12_dpp_2_1_flag_opid,
            { "Operation ID Type", "dof.dpp.v2.flags.opidtype", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_opid_types), 0x60, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_flag_cmdrsp,
            { "Command/Response", "dof.dpp.v2.flags.cmdrsp", FT_BOOLEAN, 8, TFS(&tfs_response_command), 0x10, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_flag_seq,
            { "Sequence", "dof.dpp.v2.flags.sequence", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x04, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_flag_retry,
            { "Retry", "dof.dpp.v2.flags.retry", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x02, NULL, HFILL } },

        { &hf_2009_12_dpp_2_3_sec_flags,
            { "Flags", "dof.dpp.v2.security.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_flag_secure,
            { "Security Mode Header", "dof.dpp.v2.security.flags.securitymodeheader", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_flag_rdid,
            { "Remote Domain ID", "dof.dpp.v2.security.flags.rdid", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_flag_partition,
            { "Partition Present", "dof.dpp.v2.security.flags.partition", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_flag_ssid,
            { "SSID Present", "dof.dpp.v2.security.flags.ssid", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_flag_as,
            { "AS Present", "dof.dpp.v2.security.flags.as", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_ssid,
            { "Security State Identifier", "dof.dpp.v2.security.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_rdid,
            { "Remote Domain Identifier", "dof.dpp.v2.security.rdid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_remote_partition,
            { "Remote Security Scope", "dof.dpp.v2.security.remote-scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_3_sec_partition,
            { "Security Scope", "dof.dpp.v2.security.scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_2009_12_dpp_2_1_opcnt,
            { "Operation Count", "dof.dpp.v2.opcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_seq,
            { "Sequence", "dof.dpp.v2.sequence", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_retry,
            { "Retry", "dof.dpp.v2.retry", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_2009_12_dpp_2_1_delay,
            { "Delay", "dof.dpp.v2.delay", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
    };

    static hf_register_info shf[] =
    {
        { &hf_2009_12_dpp_2_14_opcode,
            { "Opcode", "dof.dpp.v2s.opcode", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_common_opcodes), 0x0, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_2009_12_dpp_2_1_flags,
        &ett_2009_12_dpp_2_opid,
        &ett_2009_12_dpp_2_opid_history,
        &ett_2009_12_dpp_2_3_security,
        &ett_2009_12_dpp_2_3_sec_flags,
        &ett_2009_12_dpp_2_3_sec_remote_partition,
        &ett_2009_12_dpp_2_3_sec_partition,
    };

    static ei_register_info ei[] =
    {
        { &ei_dpp2_dof_10_flags_zero, { "dof.dpp.v2.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
        { &ei_dpp_default_flags, { "dof.dpp.v2.flags_included", PI_COMMENTS_GROUP, PI_NOTE, "Default flag value is included explicitly.", EXPFILL } },
        { &ei_dpp_explicit_sender_sid_included, { "dof.dpp.v2.sender_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as sender.", EXPFILL } },
        { &ei_dpp_explicit_receiver_sid_included, { "dof.dpp.v2.receiver_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as receiver.", EXPFILL } },
        { &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "No security context to enable packet decryption.", EXPFILL } },
    };

    static int *sett[] =
    {
        &ett_2009_12_dpp_common,
    };

    if (proto_2009_12_dpp <= 0)
    {
        proto_2009_12_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2", "DPS.DPP.V2", "dof.dpp.v2");
        proto_register_field_array(proto_2009_12_dpp, hf, array_length(hf));
        proto_register_subtree_array(ett, array_length(ett));
    }

    if (proto_2009_12_dpp_common <= 0)
    {
        proto_2009_12_dpp_common = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2 Support", "DPS.DPP.V2S", "dof.dpp.v2s");

        proto_register_field_array(proto_2009_12_dpp, shf, array_length(shf));
        proto_register_subtree_array(sett, array_length(sett));

        expert_dpp = expert_register_protocol(proto_2009_12_dpp);
        expert_register_field_array(expert_dpp, ei, array_length(ei));
    }
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_dpp_2(void)
{
    dissector_handle_t dpp_handle;
    dpp_handle = create_dissector_handle(dissect_dpp_2, proto_2009_12_dpp);
    dissector_add_uint("dof.dpp", 2, dpp_handle);
}

/**
 * Initialize Core DPP Functionality
 */
static void dof_dpp_register(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2008_1_dpp_sid_num,
            { "SID ID", "dof.dpp.v2.sid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2008_1_dpp_sid_str,
            { "SID", "dof.dpp.v2.sid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2008_1_dpp_rid_num,
            { "RID ID", "dof.dpp.v2.rid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2008_1_dpp_rid_str,
            { "RID", "dof.dpp.v2.rid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
        },
        { &hf_2008_1_dpp_first_command,
            { "First Operation", "dof.dpp.v2.first-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2008_1_dpp_last_command,
            { "Last Operation", "dof.dpp.v2.last-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2008_1_dpp_first_response,
            { "First Response", "dof.dpp.v2.first-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2008_1_dpp_last_response,
            { "Last Response", "dof.dpp.v2.last-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2008_1_dpp_related_frame,
            { "Related Frame", "dof.dpp.v2.related-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_2008_1_dpp_1_flag,
            { "Flags", "dof.dpp.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL }
        },
        { &hf_2008_1_dpp_1_version,
            { "Version", "dof.dpp.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
        },
    };

    static int *ett[] =
    {
        &ett_2008_1_dpp,
        &ett_2008_1_dpp_1_header,
    };

    static ei_register_info ei[] =
    {
        { &ei_dof_6_timeout, { "dof.dpp.timeout", PI_PROTOCOL, PI_ERROR, "DOF Violation: DPS.6: Negotiation not complete within 10 seconds.", EXPFILL } },
    };

    if (proto_2008_1_dpp <= 0)
    {
        expert_module_t *expert_dpp;

        proto_2008_1_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL, "DPS.DPP", "dof.dpp");

        proto_register_field_array(proto_2008_1_dpp, hf, array_length(hf));
        proto_register_subtree_array(ett, array_length(ett));
        dof_dpp_dissectors = register_dissector_table("dof.dpp", "DOF DPP Version", proto_2008_1_dpp, FT_UINT8, BASE_DEC);

        expert_dpp = expert_register_protocol(proto_2008_1_dpp);
        expert_register_field_array(expert_dpp, ei, array_length(ei));
    }

    dof_register_dpp_0();
    dof_register_dpp_2();
}

static void dof_dpp_handoff(void)
{
    dof_reg_handoff_dpp_0();
    dof_reg_handoff_dpp_2();
}

/* General Application Registration Support */

static void app_reset(void)
{
}

static void app_cleanup(void)
{
}

/**
 * Initialize Core DPP Functionality
 */
static void app_register(void)
{
    if (proto_2008_1_app <= 0)
    {
        proto_2008_1_app = proto_register_protocol(DOF_APPLICATION_PROTOCOL, "DPS.APP", "dof.app");
        app_dissectors = register_dissector_table("dof.app", "DOF APP Version", proto_2008_1_app, FT_UINT16, BASE_DEC);
    }
}

static void app_handoff(void)
{
}

/* DSP Registration Support */

static void dof_dsp_reset(void)
{
}

static void dof_dsp_cleanup(void)
{
}

static void dof_register_dsp_0(void)
{
    static hf_register_info hf[] =
    {
        { &hf_2008_1_app_version,
            { "APPID", "dof.app.v0.appid", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
        },

        { &hf_2008_1_dsp_12_opcode,
            { "Opcode", "dof.dsp.opcode", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_opcodes), 0x0, NULL, HFILL } },

        { &hf_2008_1_dsp_attribute_code,
            { "Attribute Code", "dof.dsp.avp.attribute-code", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_attribute_codes), 0x00, NULL, HFILL } },

        { &hf_2008_1_dsp_attribute_data,
            { "Attribute Data", "dof.dsp.avp.attribute-data", FT_UINT16, BASE_HEX, NULL, 0x00, NULL, HFILL } },

        { &hf_2008_1_dsp_value_length,
            { "Value Length", "dof.dsp.avp.value-length", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_2008_1_dsp_value_data,
            { "Value Data", "dof.dsp.avp.value-data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_2008_1_dsp_12,
        &ett_2008_1_dsp_12_options,
        &ett_2008_1_dsp_12_option,
    };

    proto_2008_1_dsp = proto_register_protocol("DOF Session Protocol", "DOF.ESP", "dof.esp");

    proto_register_field_array(proto_2008_1_dsp, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_dsp_0(void)
{
    dissector_handle_t dsp_handle = create_dissector_handle(dissect_dsp, proto_2008_1_dsp);
    dissector_add_uint("dof.app", 0, dsp_handle);
}

static void dof_dsp_register(void)
{
    dof_register_dsp_0();
}

static void dof_dsp_handoff(void)
{
    dof_reg_handoff_dsp_0();
}

/* CCM Registration Support */

static void dof_ccm_reset(void)
{
}

static void dof_ccm_cleanup(void)
{
}

static void dof_register_ccm_24577(void)
{
    expert_module_t *expert_ccm;

    static hf_register_info hfdsp[] =
    {
        { &hf_ccm_dsp_option,
            { "CCM Security Mode", "dof.ccm.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
        { &hf_ccm_dsp_strength_count,
            { "CCM Strength Count", "dof.ccm.strength-count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
        { &hf_ccm_dsp_strength,
            { "CCM Strength", "dof.ccm.strength", FT_UINT8, BASE_DEC, VALS(ccm_strengths), 0x0, NULL, HFILL } },
        { &hf_ccm_dsp_e_flag,
            { "CCM Minimum Encrypt", "dof.ccm.encrypt.min", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x80, NULL, HFILL } },
        { &hf_ccm_dsp_m_flag,
            { "CCM Maximum Encrypt", "dof.ccm.encrypt.max", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x40, NULL, HFILL } },
        { &hf_ccm_dsp_tmax,
            { "CCM Maximum MAC", "dof.ccm.mac.max", FT_UINT8, BASE_DEC, NULL, 0x38, NULL, HFILL } },
        { &hf_ccm_dsp_tmin,
            { "CCM Minimum MAC", "dof.ccm.mac.min", FT_UINT8, BASE_DEC, NULL, 0x07, NULL, HFILL } },
    };

    static hf_register_info hf[] =
    {
        { &hf_ccm_opcode,
            { "Opcode", "dof.ccm.opcode", FT_UINT8, BASE_DEC, VALS(ccm_opcode_strings), 0x0, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_ccm_dsp_option,
        &ett_ccm_dsp,
        &ett_ccm,
    };

    static hf_register_info hfheader[] =
    {
        { &hf_epp_v1_ccm_flags,
            { "Flags", "dof.epp.v1.ccm.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
        { &hf_epp_v1_ccm_flags_manager,
            { "Manager", "dof.epp.v1.ccm.flags.manager", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
        { &hf_epp_v1_ccm_flags_period,
            { "Period", "dof.epp.v1.ccm.flags.period", FT_UINT8, BASE_DEC, NULL, 0x70, NULL, HFILL } },
        { &hf_epp_v1_ccm_flags_target,
            { "Target", "dof.epp.v1.ccm.flags.target", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } },
        { &hf_epp_v1_ccm_flags_next_nid,
            { "Next Node Identifier", "dof.epp.v1.ccm.flags.next-nid", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
        { &hf_epp_v1_ccm_flags_packet,
            { "Packet", "dof.epp.v1.ccm.flags.packet", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } },
        { &hf_epp_v1_ccm_nid,
            { "Node ID", "dof.epp.v1.ccm.nodeid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        { &hf_epp_v1_ccm_slot,
            { "Slot", "dof.epp.v1.ccm.slot", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        { &hf_epp_v1_ccm_pn,
            { "Packet", "dof.epp.v1.ccm.packet", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        { &hf_epp_v1_ccm_tnid,
            { "Target Node ID", "dof.epp.v1.ccm.target", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        { &hf_epp_v1_ccm_nnid,
            { "Next Node ID", "dof.epp.v1.ccm.nnid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
    };

    static int *ettheader[] =
    {
        &ett_epp_v1_ccm_flags,
        &ett_header,
    };

    static ei_register_info ei[] =
    {
        { &ei_decode_failure, { "dof.ccm.decode_failure", PI_UNDECODED, PI_WARN, "Failure to decrypt packet.", EXPFILL } },
    };

    /* No Configuration options to register? */

    proto_ccm_app = proto_register_protocol("DOF CCM Security Mode App", "DOF.CCM.APP", "dof.ccm.app");
    proto_ccm = proto_register_protocol("DOF CCM Security Mode of Operation", "DOF.CCM", "dof.ccm");
    proto_ccm_dsp = proto_register_protocol("DOF CCM Security Mode DSP Options", "DOF.CCM.DSP", "dof.ccm.dsp");

    proto_register_field_array(proto_ccm_app, hf, array_length(hf));
    proto_register_field_array(proto_ccm_dsp, hfdsp, array_length(hfdsp));
    proto_register_subtree_array(ett, array_length(ett));

    proto_register_field_array(proto_ccm, hfheader, array_length(hfheader));
    proto_register_subtree_array(ettheader, array_length(ettheader));

    expert_ccm = expert_register_protocol(proto_ccm);
    expert_register_field_array(expert_ccm, ei, array_length(ei));
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_ccm_24577(void)
{
    static dissector_handle_t ccm_app_handle;
    static dissector_handle_t dsp_handle;
    static dissector_handle_t ccm_handle;

    ccm_app_handle = create_dissector_handle(dissect_ccm_app, proto_ccm_app);
    dsp_handle = create_dissector_handle(dissect_ccm_dsp, proto_ccm_dsp);
    ccm_handle = create_dissector_handle(dissect_ccm, proto_ccm);

    dissector_add_uint("dof.app", DOF_PROTOCOL_CCM, ccm_app_handle);
    dissector_add_uint("dof.dsp.options", DSP_CCM_FAMILY | DOF_PROTOCOL_CCM, dsp_handle);
    dissector_add_uint("dof.secmode", DOF_PROTOCOL_CCM, ccm_handle);
}

static void dof_ccm_register(void)
{
    dof_register_ccm_24577();
}

static void dof_ccm_handoff(void)
{
    dof_reg_handoff_ccm_24577();
}

/* OAP Registration Support */

static void dof_oap_reset(void)
{
    /* The value is not allocated, so does not need to be freed. */
    oap_1_alias_to_binding = g_hash_table_new_full(oap_1_alias_hash_func, oap_1_alias_equal_func, NULL, NULL);
}

static void dof_oap_cleanup(void)
{
    g_hash_table_destroy(oap_1_alias_to_binding);
    oap_1_alias_to_binding = NULL;
}

static void dof_register_oap_1(void)
{
    expert_module_t *expert_oap;

    static hf_register_info hfdsp[] =
    {
        { &hf_oap_1_dsp_option,
            { "Object Access Protocol", "dof.oap.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
    };

    static hf_register_info hf[] =
    {
        { &hf_oap_1_opcode,
            { "Opcode", "dof.oap.opcode", FT_UINT8, BASE_DEC, VALS(oap_opcode_strings), 0x1F, NULL, HFILL } },

        { &hf_oap_1_alias_size,
            { "Alias Length", "dof.oap.aliaslen", FT_UINT8, BASE_DEC, NULL, 0xC0, NULL, HFILL } },

        { &hf_oap_1_flags,
            { "Flags", "dof.oap.flags", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },

        { &hf_oap_1_exception_internal_flag,
            { "Internal Exception", "dof.oap.exception.internal", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },

        { &hf_oap_1_exception_final_flag,
            { "Final Exception", "dof.oap.exception.final", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } },

        { &hf_oap_1_exception_provider_flag,
            { "Exception Provider", "dof.oap.exception.provider", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol,
            { "Command Control", "dof.oap.cmdcontrol", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_cache_flag,
            { "Cache Delay Flag", "dof.oap.cmdcontrol.flag.cache", FT_UINT8, BASE_HEX, NULL, 0x40, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_cache,
            { "Cache Delay", "dof.oap.cmdcontrol.cache", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_verbosity_flag,
            { "Verbosity Flag", "dof.oap.cmdcontrol.flag.verbosity", FT_UINT8, BASE_HEX, NULL, 0x30, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_noexecute_flag,
            { "No Execute Flag", "dof.oap.cmdcontrol.flag.noexecute", FT_UINT8, BASE_HEX, NULL, 0x08, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_ack_flag,
            { "Ack List Flag", "dof.oap.cmdcontrol.flag.ack", FT_UINT8, BASE_HEX, NULL, 0x04, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_ackcnt,
            { "Ack List Count", "dof.oap.cmdcontrol.ackcnt", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_ack,
            { "Ack", "dof.oap.cmdcontrol.ack", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_delay_flag,
            { "Execution Delay Flag", "dof.oap.cmdcontrol.flag.delay", FT_UINT8, BASE_HEX, NULL, 0x02, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_heuristic_flag,
            { "Heuristic Flag", "dof.oap.cmdcontrol.flag.heuristic", FT_UINT8, BASE_HEX, NULL, 0x01, NULL, HFILL } },

        { &hf_oap_1_cmdcontrol_heuristic,
            { "Heuristic", "dof.oap.cmdcontrol.heuristic", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },

        { &hf_oap_1_providerid,
            { "Provider ID", "dof.oap.provider-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_objectid,
            { "Object ID", "dof.oap.object-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_interfaceid,
            { "Interface ID", "dof.oap.interface-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_itemid,
            { "Item ID", "dof.oap.item-id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },

#if 0 /* not used yet */
        { &hf_oap_1_distance,
            { "Distance", "dof.oap.distance", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
#endif

        { &hf_oap_1_alias,
            { "Alias", "dof.oap.alias", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_alias_frame,
            { "Alias Frame", "dof.oap.alias-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },

#if 0 /* not used yet */
        { &hf_oap_1_opinfo_start_frame,
            { "Command Frame", "dof.oap.command-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_opinfo_end_frame,
            { "Response Frame", "dof.oap.response-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_opinfo_timeout,
            { "Operation Timeout", "dof.oap.opid.timeout", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif

        { &hf_oap_1_subscription_delta,
            { "Minimum Delta", "dof.oap.subscription.min-delta", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_update_sequence,
            { "Sequence", "dof.oap.sequence", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },

        { &hf_oap_1_value_list,
            { "OAP Value List", "dof.oap.value_list", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_oap_1_dsp,
        &ett_oap_1_dsp_options,
        &ett_oap_1,
        &ett_oap_1_opinfo,
        &ett_oap_1_cmdcontrol,
        &ett_oap_1_cmdcontrol_flags,
        &ett_oap_1_cmdcontrol_ack,
        &ett_oap_1_alias,
        &ett_oap_1_objectid,
        &ett_oap_1_1_providerid,
    };

    static ei_register_info ei[] =
    {
        { &ei_oap_no_session, { "dof.oap.no_session", PI_PROTOCOL, PI_ERROR, "Session not found", EXPFILL } },
    };

    proto_oap_1 = proto_register_protocol("DOF Object Access Protocol", "DOF.OAP", "dof.oap");
    proto_oap_1_dsp = proto_register_protocol("DOF Object Access Protocol DSP Options", "DOF.OAP.DSP", "dof.oap.dsp");

    proto_register_field_array(proto_oap_1, hf, array_length(hf));
    proto_register_field_array(proto_oap_1_dsp, hfdsp, array_length(hfdsp));
    proto_register_subtree_array(ett, array_length(ett));

    expert_oap = expert_register_protocol(proto_oap_1);
    expert_register_field_array(expert_oap, ei, array_length(ei));
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_oap_1(void)
{
    dissector_handle_t oap_handle = create_dissector_handle(dissect_oap, proto_oap_1);
    dissector_handle_t dsp_handle = create_dissector_handle(dissect_oap_dsp, proto_oap_1_dsp);

    dissector_add_uint("dof.app", DOF_PROTOCOL_OAP_1, oap_handle);
    dissector_add_uint("dof.dsp.options", DSP_OAP_FAMILY | DOF_PROTOCOL_OAP_1, dsp_handle);
}

static void dof_oap_register(void)
{
    dof_register_oap_1();
}

static void dof_oap_handoff(void)
{
    dof_reg_handoff_oap_1();
}

/* SGMP Registration Support */

static void dof_register_sgmp_130(void);
static void dof_reg_handoff_sgmp_130(void);

static void dof_sgmp_reset(void)
{
}

static void dof_sgmp_cleanup(void)
{
}

static void dof_register_sgmp_130(void)
{
    static hf_register_info hf[] =
    {
        { &hf_opcode,
            { "Opcode", "dof.sgmp.v1.opcode", FT_UINT8, BASE_DEC, VALS(sgmp_opcode_strings), 0x0, NULL, HFILL } },

        { &hf_sgmp_domain,
            { "Domain", "dof.sgmp.v1.domain", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_sgmp_epoch,
            { "Epoch", "dof.sgmp.v1.epoch", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_initiator_block,
            { "Initiator Block", "dof.sgmp.v1.initiator-block", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_sgmp_security_scope,
            { "Security Scope", "dof.sgmp.v1.security-scope", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_initial_state,
            { "Initial State", "dof.sgmp.v1.initial-state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_latest_version,
            { "Latest SGMP Version", "dof.sgmp.v1.latest-sgmp-version", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_desire,
            { "Desire", "dof.sgmp.v1.desire", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_ticket,
            { "Ticket", "dof.sgmp.v1.ticket", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },

        { &hf_sgmp_tmin,
            { "TMIN", "dof.sgmp.v1.tmin", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_tie_breaker,
            { "Tie Breaker", "dof.sgmp.v1.tie-breaker", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_delay,
            { "Delay", "dof.sgmp.v1.delay", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },

        { &hf_key,
            { "Key", "dof.sgmp.v1.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_sgmp,
        &ett_sgmp_domain,
        &ett_initiator_block,
        &ett_sgmp_security_scope,
        &ett_initial_state,
        &ett_ticket,
    };

    proto_sgmp = proto_register_protocol("DOF Secure Group Management Protocol", "DOF.SGMP", "dof.sgmp");

    proto_register_field_array(proto_sgmp, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_sgmp_130(void)
{
    dissector_handle_t sgmp_handle = create_dissector_handle(dissect_sgmp, proto_sgmp);

    dissector_add_uint("dof.app", DOF_PROTOCOL_SGMP, sgmp_handle);
}

static void dof_sgmp_register(void)
{
    dof_register_sgmp_130();
}

static void dof_sgmp_handoff(void)
{
    dof_reg_handoff_sgmp_130();
}

/* TEP Registration Support */

static void dof_tep_reset(void)
{
}

static void dof_tep_cleanup(void)
{
}

static void dof_register_tep_128(void)
{
    static hf_register_info hfdsp[] =
    {
        { &hf_dsp_option,
            { "Ticket Exchange Protocol Version 1", "dof.tep1.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
    };

    static hf_register_info hf[] =
    {
        { &hf_tep_operation,
            { "Operation", "dof.tep1.operation", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x00, NULL, HFILL } },

        { &hf_tep_operation_type,
            { "Operation Type", "dof.tep1.operation_type", FT_BOOLEAN, 8, TFS(&tep_optype_vals), TEP_OPCODE_RSP, NULL, HFILL } },

        { &hf_tep_opcode,
            { "Opcode", "dof.tep1.opcode", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x0F, NULL, HFILL } },

        { &hf_tep_k,
            { "K", "dof.tep1.k", FT_UINT8, BASE_DEC, NULL, 0x10, NULL, HFILL } },

        { &hf_tep_c,
            { "C", "dof.tep1.c", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },

        { &hf_tep_reject_code,
            { "Code", "dof.tep1.reject.code", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_reject_data,
            { "Data", "dof.tep1.reject.data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        /* TEP.2.1 */
        { &hf_tep_2_1_domain,
            { "Domain", "dof.2008.4.tep1.2.1.domain", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_tep_2_1_initiator_block,
            { "Initiator Block", "dof.2008.4.tep1.2.1.initiator_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_1_ticket_confirmation,
            { "Ticket Confirmation", "dof.2008.4.tep1.2.1.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        /* TEP.2.2 */
        { &hf_tep_2_2_initiator_ticket,
            { "Initiator Ticket", "dof.2008.4.tep1.2.2.initiator_ticket", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_2_ticket_confirmation,
            { "Ticket Confirmation", "dof.2008.4.tep1.2.2.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_2_responder_initialization,
            { "Responder Initialization", "dof.2008.4.tep1.2.2.responder_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_2_responder_block,
            { "Responder Block", "dof.2008.4.tep1.2.2.responder_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_2_authenticator_initialization,
            { "Authenticator Initialization", "dof.2008.4.tep1.2.2.authenticator_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        /* TEP.2.2.1 */
        { &hf_tep_2_2_1_state_identifier,
            { "State Identifier", "dof.2008.4.tep1.2.2.1.state_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_2_2_1_initial_state,
            { "Initial State", "dof.2008.4.tep1.2.2.1.initial_state", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },

        { &hf_tep_session_key,
            { "Session Key", "dof.session_key", FT_BYTES, SEP_COLON, NULL, 0x00, NULL, HFILL } },
    };

    static int *ett[] =
    {
        &ett_tep_dsp,
        &ett_tep_dsp_options,
        &ett_tep,
        &ett_tep_operation,

        &ett_tep_2_1_domain,
        &ett_tep_2_1_initiator_block,

        &ett_tep_2_2_initiator_ticket,
        &ett_tep_2_2_responder_initialization,
        &ett_tep_2_2_responder_block,
        &ett_tep_2_2_authenticator_initialization,

        &ett_tep_2_2_1_initial_state,
    };

    /* module_t *tep_module;*/

    /* No Configuration options to register? */

    proto_tep = proto_register_protocol("DOF Ticket Exchange Protocol Version 1", "DOF.TEP1", "dof.tep1");

    proto_tep_dsp = proto_register_protocol("DOF Ticket Exchange Protocol DSP Options", "DOF.TEP1.DSP", "dof.tep1.dsp");

    proto_register_field_array(proto_tep, hf, array_length(hf));
    proto_register_field_array(proto_tep_dsp, hfdsp, array_length(hfdsp));
    proto_register_subtree_array(ett, array_length(ett));

    /* tep_module = prefs_register_protocol( proto_tep, NULL );*/
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_tep_128(void)
{
    dissector_handle_t tep_handle = create_dissector_handle(dissect_tep, proto_tep);
    dissector_handle_t dsp_handle = create_dissector_handle(dissect_tep_dsp, proto_tep_dsp);

    dissector_add_uint("dof.app", DOF_PROTOCOL_TEP, tep_handle);
    dissector_add_uint("dof.dsp.options", DSP_TEP_FAMILY | DOF_PROTOCOL_TEP, dsp_handle);
}

static void dof_tep_register(void)
{
    dof_register_tep_128();
}

static void dof_tep_handoff(void)
{
    dof_reg_handoff_tep_128();
}

/* TRP Registration Support */

static void dof_trp_reset(void)
{
}

static void dof_trp_cleanup(void)
{
}

static void dof_register_trp_129(void)
{
    expert_module_t *expert_trp;

    static hf_register_info hfdsp[] =
    {
        { &hf_trp_dsp_option,
            { "Ticket Request Protocol", "dof.trp.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
    };

    static hf_register_info hf[] =
    {
        { &hf_trp_opcode,
            { "Opcode", "dof.trp.opcode", FT_UINT8, BASE_DEC, VALS(trp_opcode_strings), 0x0, NULL, HFILL } },

        { &hf_domain,
            { "Domain", "dof.trp.domain", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_identity_resolution,
            { "Identity Resolution", "dof.trp.identity_resolution", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_initiator_request,
            { "Initiator Request", "dof.trp.initiator_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_responder_request,
            { "Responder Request", "dof.trp.responder_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_initiator_ticket,
            { "Initiator Ticket", "dof.trp.initiator_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_responder_ticket,
            { "Responder Ticket", "dof.trp.responder_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_authentication_block,
            { "Authentication Block", "dof.trp.authentication_block", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_group_identifier,
            { "Group Identifier", "dof.trp.group_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_node_identifier,
            { "Node Identifier", "dof.trp.node_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_thb,
            { "Thb", "dof.trp.thb", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_tmin,
            { "Tmin", "dof.trp.tmin", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_tmax,
            { "Tmax", "dof.trp.tmax", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_trp_epoch,
            { "Epoch", "dof.trp.epoch", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } },

        { &hf_sidg,
            { "SIDg", "dof.trp.sid_g", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_security_scope,
            { "Security Scope", "dof.trp.security_scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_security_mode,
            { "Security Mode", "dof.trp.security_mode", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_ssid,
            { "SSID", "dof.trp.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },

#if 0 /* not used yet */
        { &hf_initiator_pg,
            { "Initiator Permissions", "dof.trp.initiator_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif

        { &hf_initiator_validation,
            { "Initiator Validation", "dof.trp.initiator_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_responder_pg,
            { "Responder Permissions", "dof.trp.responder_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_responder_validation,
            { "Responder Validation", "dof.trp.responder_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_errorcode,
            { "Error Code", "dof.trp.errorcode", FT_UINT8, BASE_DEC, VALS(trp_error_strings), 0x0, NULL, HFILL } },

        { &hf_trp_duration,
            { "Duration", "dof.trp.duration", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },

#if 0 /* not used yet */
        { &hf_trp_rnonce,
            { "Requestor Nonce", "dof.trp.rnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_pnonce,
            { "Provider Nonce", "dof.trp.pnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_reqid,
            { "Requestor ID", "dof.trp.reqid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_provid,
            { "Provider ID", "dof.trp.provid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_count,
            { "Permission Count", "dof.trp.perm.count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_type,
            { "Permission Type", "dof.trp.perm.type", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_rflags,
            { "Requestor SRP Flags", "dof.trp.rflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_rcache,
            { "Requestor SRP Cache", "dof.trp.rcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } },

        { &hf_trp_perm_rsrp,
            { "Requestor SRP", "dof.trp.rsrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } },

        { &hf_trp_perm_rsrp_a,
            { "Requestor SRP A", "dof.trp.rsrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_rsrp_u,
            { "Requestor SRP u", "dof.trp.rsrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_pflags,
            { "Provider SRP Flags", "dof.trp.pflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_pcache,
            { "Provider SRP Cache", "dof.trp.pcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } },

        { &hf_trp_perm_psrp,
            { "Provider SRP", "dof.trp.psrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } },

        { &hf_trp_perm_psrp_a,
            { "Provider SRP A", "dof.trp.psrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_psrp_u,
            { "Provider SRP u", "dof.trp.psrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_psrp_b,
            { "Provider SRP B", "dof.trp.psrp.b", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_psrp_s,
            { "Provider SRP S", "dof.trp.psrp.s", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_confirmation,
            { "Confirmation", "dof.trp.confirmation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_pke,
            { "Provider Key Expression", "dof.trp.pke", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },

        { &hf_trp_perm_pka,
            { "Provider Key Authenticator", "dof.trp.pka", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif
    };

    static int *ett[] =
    {
        &ett_trp_dsp,
        &ett_trp,
        &ett_domain,
        &ett_identity_resolution,
        &ett_initiator_request,
        &ett_initiator_ticket,
        &ett_responder_request,
        &ett_responder_ticket,
        &ett_authentication_block,
        &ett_group_identifier,
        &ett_node_identifier,
        &ett_sidg,
        &ett_security_scope,
        &ett_security_mode,
        &ett_initiator_pg,
        &ett_initiator_validation,
        &ett_responder_pg,
        &ett_responder_validation,
        &ett_trp_permset,
        &ett_srp_flags,
        &ett_trp_ticket,
    };

    static ei_register_info ei[] =
    {
        { &ei_trp_initiator_id_known, { "dof.trp.initiator_id_known", PI_PROTOCOL, PI_COMMENT, "Initiator identity known", EXPFILL } },
        { &ei_trp_kek_discovered, { "dof.trp.kek_discovered", PI_PROTOCOL, PI_COMMENT, "KEK discovered", EXPFILL } },
    };

    /* No Configuration options to register? */

    proto_trp = proto_register_protocol("DOF Ticket Request Protocol", "DOF.TRP", "dof.trp");

    proto_trp_dsp = proto_register_protocol("DOF Ticket Request Protocol DSP Options", "DOF.TRP.DSP", "dof.trp.dsp");

    proto_register_field_array(proto_trp, hf, array_length(hf));
    proto_register_field_array(proto_trp_dsp, hfdsp, array_length(hfdsp));
    proto_register_subtree_array(ett, array_length(ett));
    expert_trp = expert_register_protocol(proto_trp);
    expert_register_field_array(expert_trp, ei, array_length(ei));
}

/**
 * The registration hand-off routine
 */
static void dof_reg_handoff_trp_129(void)
{
    dissector_handle_t trp_handle = create_dissector_handle(dissect_trp, proto_trp);
    dissector_handle_t dsp_handle = create_dissector_handle(dissect_trp_dsp, proto_trp_dsp);

    dissector_add_uint("dof.app", DOF_PROTOCOL_TRP, trp_handle);
    dissector_add_uint("dof.dsp.options", DSP_TRP_FAMILY | DOF_PROTOCOL_TRP, dsp_handle);
}

static void dof_trp_register(void)
{
    dof_register_trp_129();
}

static void dof_trp_handoff(void)
{
    dof_reg_handoff_trp_129();
}

/* Wireshark Dissector Registration Proper */

/**
 * This is called only during reset (file load, reload, etc.).
 */
static void dof_reset_routine(void)
{
    dof_tun_reset();
    dof_reset();
    oid_reset();
    dof_dnp_reset();
    dof_dpp_reset();
    app_reset();
    dof_dsp_reset();
    dof_ccm_reset();
    dof_oap_reset();
    dof_sgmp_reset();
    dof_tep_reset();
    dof_trp_reset();
}

static void dof_cleanup_routine(void)
{
    dof_tun_cleanup();
    dof_cleanup();
    oid_cleanup();
    dof_dnp_cleanup();
    dof_dpp_cleanup();
    app_cleanup();
    dof_dsp_cleanup();
    dof_ccm_cleanup();
    dof_oap_cleanup();
    dof_sgmp_cleanup();
    dof_tep_cleanup();
    dof_trp_cleanup();
}

static void
dof_shutdown_routine(void)
{
    unsigned i;

    for (i = 0; i < global_security.identity_data_count; i++) {
        g_free(global_security.identity_data[i].identity);
        g_free(global_security.identity_data[i].domain);
        g_free(global_security.identity_data[i].secret);
    }
    g_free(global_security.identity_data);

    for (i = 0; i < global_security.group_data_count; i++) {
        g_free(global_security.group_data[i].domain);
        g_free(global_security.group_data[i].identity);
        g_free(global_security.group_data[i].kek);
    }

    if (addr_port_to_id)
        g_hash_table_destroy(addr_port_to_id);
    if (dpp_opid_to_packet_data)
        g_hash_table_destroy(dpp_opid_to_packet_data);
    if (node_key_to_sid_id)
        g_hash_table_destroy(node_key_to_sid_id);
    if (sid_buffer_to_sid_id)
        g_hash_table_destroy(sid_buffer_to_sid_id);
    if (sid_id_to_sid_buffer)
        g_hash_table_destroy(sid_id_to_sid_buffer);
}

/**
 * This is the first entry point into the dissector, called on program launch.
 */
void proto_register_dof(void)
{
    dof_tun_register();
    dof_register();
    oid_register();
    dof_dnp_register();
    dof_dpp_register();
    app_register();
    dof_dsp_register();
    dof_ccm_register();
    dof_oap_register();
    dof_sgmp_register();
    dof_tep_register();
    dof_trp_register();

    register_init_routine(&dof_reset_routine);
    register_cleanup_routine(&dof_cleanup_routine);
    register_shutdown_routine(&dof_shutdown_routine);
}

/**
 * This routine is called after initialization and whenever the preferences are changed.
 */
void proto_reg_handoff_dof(void)
{
    dof_tun_handoff();
    dof_handoff();
    oid_handoff();
    dof_dnp_handoff();
    dof_dpp_handoff();
    app_handoff();
    dof_dsp_handoff();
    dof_ccm_handoff();
    dof_oap_handoff();
    dof_sgmp_handoff();
    dof_tep_handoff();
    dof_trp_handoff();
}

/**
 * Protocol-specific data attached to a conversation_t structure - protocol
 * index and opaque pointer.
 */
typedef struct _dof_proto_data {
    int     proto;
    void    *proto_data;
} dof_proto_data;

static int p_compare(const void *a, const void *b)
{
    const dof_proto_data *ap = (const dof_proto_data *)a;
    const dof_proto_data *bp = (const dof_proto_data *)b;

    if (ap->proto > bp->proto)
        return 1;
    else if (ap->proto == bp->proto)
        return 0;
    else
        return -1;
}

#if 0 /* TODO not used yet */
static void dof_session_add_proto_data(wmem_allocator_t* allocator, dof_session_data *session, int proto, void *proto_data)
{
    dof_proto_data *p1 = wmem_new0(allocator, dof_proto_data);

    p1->proto = proto;
    p1->proto_data = proto_data;

    /* Add it to the list of items for this conversation. */

    session->data_list = g_slist_insert_sorted(session->data_list, (void * *)p1, p_compare);
}

static void *dof_session_get_proto_data(dof_session_data *session, int proto)
{
    dof_proto_data temp, *p1;
    GSList *item;

    temp.proto = proto;
    temp.proto_data = NULL;

    item = g_slist_find_custom(session->data_list, (void * *)&temp,
                               p_compare);

    if (item != NULL)
    {
        p1 = (dof_proto_data *)item->data;
        return p1->proto_data;
    }

    return NULL;
}

static void dof_session_delete_proto_data(dof_session_data *session, int proto)
{
    dof_proto_data temp;
    GSList *item;

    temp.proto = proto;
    temp.proto_data = NULL;

    item = g_slist_find_custom(session->data_list, (void * *)&temp,
                               p_compare);

    while (item)
    {
        session->data_list = g_slist_remove(session->data_list, item->data);
        item = item->next;
    }
}
#endif

static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data)
{
    dof_proto_data *p1 = wmem_new0(wmem_file_scope(), dof_proto_data);

    p1->proto = proto;
    p1->proto_data = proto_data;

    /* Add it to the list of items for this conversation. */

    wmem_list_insert_sorted(packet->data_list, (void * *)p1, p_compare);
}

static void *dof_packet_get_proto_data(dof_packet_data *packet, int proto)
{
    dof_proto_data temp, *p1;
    wmem_list_frame_t *item;

    temp.proto = proto;
    temp.proto_data = NULL;

    item = wmem_list_find_custom(packet->data_list, (void * *)&temp,
                               p_compare);

    if (item != NULL)
    {
        p1 = (dof_proto_data *)wmem_list_frame_data(item);
        return p1->proto_data;
    }

    return NULL;
}

static int dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result)
{
    int block_length;
    tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
    proto_tree *my_tree;
    proto_item *ti = proto_tree_add_item(tree, item, tvb, offset, -1, ENC_NA);
    my_tree = proto_item_add_subtree(ti, ett);
    block_length = dof_dissect_pdu(dissector, start, pinfo, my_tree, result);
    return offset + block_length;
}

static int dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result)
{
    int len = dissector(tvb, pinfo, tree, result);
    proto_item_set_len(proto_tree_get_parent(tree), len);

    return len;
}

static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, uint8_t version, int *offset)
{
    dissector_handle_t dp;

    dp = dissector_get_uint_handle(dnp_framing_dissectors, version);
    if (!dp)
        return -1;

    return call_dissector_only(dp, tvb, pinfo, NULL, offset);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 4
 * tab-width: 8
 * indent-tabs-mode: nil
 * End:
 *
 * vi: set shiftwidth=4 tabstop=8 expandtab:
 * :indentSize=4:tabSize=8:noTabs=true:
 */

Coverage Report

Created: 2026-01-02 06:13