]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba44b75)
CVE-2017-12990/Fix printing of ISAKMPv1 Notification payload data.
authorGuy Harris <[email protected]>
Mon, 6 Feb 2017 22:33:50 +0000 (14:33 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
The closest thing to a specification for the contents of the payload
data is draft-ietf-ipsec-notifymsg-04, and nothing in there says that it
is ever a complete ISAKMP message, so don't dissect types we don't have
specific code for as a complete ISAKMP message.

While we're at it, fix a comment, and clean up printing of V1 Nonce,
V2 Authentication payloads, and v2 Notice payloads.

This fixes an infinite loop discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).

print-isakmp.c patch | blob | history
tests/TESTLIST patch | blob | history
tests/isakmp-no-none-np.out [new file with mode: 0644] patch | blob
tests/isakmp-no-none-np.pcap [new file with mode: 0644] patch | blob

diff --git a/print-isakmp.c b/print-isakmp.c
index 2fa15b861a141033c98587719022bb8cc2aacbf8..9de9b75d21e74156a74f0708a5b2fa636861b803 100644 (file)
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -428,7 +428,7 @@ struct notify_messages {
        char     *msg;
 };
 
-/* 3.8 Notification Payload */
+/* 3.8 Authentication Payload */
 struct ikev2_auth {
        struct isakmp_gen h;
        uint8_t  auth_method;  /* Protocol-ID */
@@ -1590,15 +1590,20 @@ ikev1_nonce_print(netdissect_options *ndo, u_char tpay _U_,
 
        ND_TCHECK(*ext);
        UNALIGNED_MEMCPY(&e, ext, sizeof(e));
-       ND_PRINT((ndo," n len=%d", ntohs(e.len) - 4));
-       if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
-               ND_PRINT((ndo," "));
-               if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
-                       goto trunc;
-       } else if (1 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
-               ND_PRINT((ndo," "));
-               if (!ike_show_somedata(ndo, (const u_char *)(const uint8_t *)(ext + 1), ep))
-                       goto trunc;
+       /*
+        * Our caller has ensured that the length is >= 4.
+        */
+       ND_PRINT((ndo," n len=%u", ntohs(e.len) - 4));
+       if (ntohs(e.len) > 4) {
+               if (ndo->ndo_vflag > 2) {
+                       ND_PRINT((ndo, " "));
+                       if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
+                               goto trunc;
+               } else if (ndo->ndo_vflag > 1) {
+                       ND_PRINT((ndo, " "));
+                       if (!ike_show_somedata(ndo, (const u_char *)(ext + 1), ep))
+                               goto trunc;
+               }
        }
        return (const u_char *)ext + ntohs(e.len);
 trunc:
@@ -1609,8 +1614,8 @@ trunc:
 static const u_char *
 ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,
              const struct isakmp_gen *ext, u_int item_len,
-             const u_char *ep, uint32_t phase, uint32_t doi0 _U_,
-             uint32_t proto0 _U_, int depth)
+             const u_char *ep, uint32_t phase _U_, uint32_t doi0 _U_,
+             uint32_t proto0 _U_, int depth _U_)
 {
        const struct ikev1_pl_n *p;
        struct ikev1_pl_n n;
@@ -1712,35 +1717,41 @@ ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,
        ep2 = (const u_char *)p + item_len;
 
        if (cp < ep) {
-               ND_PRINT((ndo," orig=("));
                switch (ntohs(n.type)) {
                case IPSECDOI_NTYPE_RESPONDER_LIFETIME:
                    {
                        const struct attrmap *map = oakley_t_map;
                        size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
+                       ND_PRINT((ndo," attrs=("));
                        while (cp < ep && cp < ep2) {
                                cp = ikev1_attrmap_print(ndo, cp,
                                        (ep < ep2) ? ep : ep2, map, nmap);
                        }
+                       ND_PRINT((ndo,")"));
                        break;
                    }
                case IPSECDOI_NTYPE_REPLAY_STATUS:
+                       ND_PRINT((ndo," status=("));
                        ND_PRINT((ndo,"replay detection %sabled",
                                  EXTRACT_32BITS(cp) ? "en" : "dis"));
-                       break;
-               case ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN:
-                       if (ikev1_sub_print(ndo, ISAKMP_NPTYPE_SA,
-                                           (const struct isakmp_gen *)cp, ep, phase, doi, proto,
-                                           depth) == NULL)
-                               return NULL;
+                       ND_PRINT((ndo,")"));
                        break;
                default:
-                       /* NULL is dummy */
-                       isakmp_print(ndo, cp,
-                                    item_len - sizeof(*p) - n.spi_size,
-                                    NULL);
+                       /*
+                        * XXX - fill in more types here; see, for example,
+                        * draft-ietf-ipsec-notifymsg-04.
+                        */
+                       if (ndo->ndo_vflag > 3) {
+                               ND_PRINT((ndo," data=("));
+                               if (!rawprint(ndo, (const uint8_t *)(cp), ep - cp))
+                                       goto trunc;
+                               ND_PRINT((ndo,")"));
+                       } else {
+                               if (!ike_show_somedata(ndo, cp, ep))
+                                       goto trunc;
+                       }
+                       break;
                }
-               ND_PRINT((ndo,")"));
        }
        return (const u_char *)ext + item_len;
 trunc:
@@ -2264,16 +2275,21 @@ ikev2_auth_print(netdissect_options *ndo, u_char tpay,
        ikev2_pay_print(ndo, NPSTR(tpay), a.h.critical);
        len = ntohs(a.h.len);
 
-       ND_PRINT((ndo," len=%d method=%s", len-4,
+       /*
+        * Our caller has ensured that the length is >= 4.
+        */
+       ND_PRINT((ndo," len=%u method=%s", len-4,
                  STR_OR_ID(a.auth_method, v2_auth)));
-
-       if (1 < ndo->ndo_vflag && 4 < len) {
-               ND_PRINT((ndo," authdata=("));
-               if (!rawprint(ndo, (const uint8_t *)authdata, len - sizeof(a)))
-                       goto trunc;
-               ND_PRINT((ndo,") "));
-       } else if(ndo->ndo_vflag && 4 < len) {
-               if(!ike_show_somedata(ndo, authdata, ep)) goto trunc;
+       if (len > 4) {
+               if (ndo->ndo_vflag > 1) {
+                       ND_PRINT((ndo, " authdata=("));
+                       if (!rawprint(ndo, (const uint8_t *)authdata, len - sizeof(a)))
+                               goto trunc;
+                       ND_PRINT((ndo, ") "));
+               } else if (ndo->ndo_vflag) {
+                       if (!ike_show_somedata(ndo, authdata, ep))
+                               goto trunc;
+               }
        }
 
        return (const u_char *)ext + len;
@@ -2322,7 +2338,7 @@ ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
        const struct ikev2_n *p;
        struct ikev2_n n;
        const u_char *cp;
-       u_char showspi, showdata, showsomedata;
+       u_char showspi, showsomedata;
        const char *notify_name;
        uint32_t type;
 
@@ -2332,7 +2348,6 @@ ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
        ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_N), n.h.critical);
 
        showspi = 1;
-       showdata = 0;
        showsomedata=0;
        notify_name=NULL;
 
@@ -2446,7 +2461,6 @@ ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
                notify_name = "cookie";
                showspi = 1;
                showsomedata= 1;
-               showdata= 0;
                break;
 
        case IV2_NOTIFY_USE_TRANSPORT_MODE:
@@ -2499,19 +2513,17 @@ ikev2_n_print(netdissect_options *ndo, u_char tpay _U_,
 
        cp = (const u_char *)(p + 1) + n.spi_size;
 
-       if(3 < ndo->ndo_vflag) {
-               showdata = 1;
-       }
-
-       if ((showdata || (showsomedata && ep-cp < 30)) && cp < ep) {
-               ND_PRINT((ndo," data=("));
-               if (!rawprint(ndo, (const uint8_t *)(cp), ep - cp))
-                       goto trunc;
-
-               ND_PRINT((ndo,")"));
+       if (cp < ep) {
+               if (ndo->ndo_vflag > 3 || (showsomedata && ep-cp < 30)) {
+                       ND_PRINT((ndo," data=("));
+                       if (!rawprint(ndo, (const uint8_t *)(cp), ep - cp))
+                               goto trunc;
 
-       } else if(showsomedata && cp < ep) {
-               if(!ike_show_somedata(ndo, cp, ep)) goto trunc;
+                       ND_PRINT((ndo,")"));
+               } else if (showsomedata) {
+                       if (!ike_show_somedata(ndo, cp, ep))
+                               goto trunc;
+               }
        }
 
        return (const u_char *)ext + item_len;
@@ -3091,7 +3103,3 @@ trunc:
  * c-basic-offset: 8
  * End:
  */
-
-
-
-
diff --git a/tests/TESTLIST b/tests/TESTLIST
index d1cb63fb3b9f6f70444aabfdc4e46a973201e513..bb21ed0a40f91c9f675edd91aa18a2c5cdb5edcf 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -462,6 +462,7 @@ tok2str-oobr-2              tok2str-oobr-2.pcap             tok2str-oobr-2.out      -vvv -e
 eigrp-tlv-oobr         eigrp-tlv-oobr.pcap             eigrp-tlv-oobr.out      -vvv -e
 zephyr-oobr            zephyr-oobr.pcap                zephyr-oobr.out         -vvv -e
 bgp-as-path-oobr       bgp-as-path-oobr.pcap           bgp-as-path-oobr.out    -vvv -e
+isakmp-no-none-np      isakmp-no-none-np.pcap          isakmp-no-none-np.out   -vvv -e
 
 # RTP tests
 # fuzzed pcap
diff --git a/tests/isakmp-no-none-np.out b/tests/isakmp-no-none-np.out
new file mode 100644 (file)
index 0000000..eb91c80
--- /dev/null
+++ b/tests/isakmp-no-none-np.out
@@ -0,0 +1,78 @@
+00:0c:29:86:c8:36 > 00:1a:4b:6a:ce:fe, ethertype IPv4 (0x0800), length 2228: (tos 0x0, ttl 128, id 28793, offset 0, flags [none], proto UDP (17), length 2214)
+    192.168.1.25.500 > 192.168.1.10.500: [udp sum ok] isakmp 1.0 msgid 5f724dc6 cookie 0000000000000000->0000000000000000: phase 2/others ? inf:
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=000000000b1005005f724dc600000054 data=(0b00001c000000010110...0100000700000000000000000000000000000000))
+    (n: doi=ipsec proto=isakmp type=INVALID-MAJOR-VERSION spi=0000000000000000000000000010ba00 data=(00ff1d00020082001101...0100000700000000000000000000000000000000)) [|n] (len mismatch: isakmp 84/ip 2186)
diff --git a/tests/isakmp-no-none-np.pcap b/tests/isakmp-no-none-np.pcap
new file mode 100644 (file)
index 0000000..fd388d6
Binary files /dev/null and b/tests/isakmp-no-none-np.pcap differ
[mirror] the TCPdump network dissector