xref: /openbsd-src/usr.sbin/tcpdump/ike.h (revision 2b0358df1d88d06ef4139321dd05bd5e05d91eaf) 
1 /* $OpenBSD: ike.h,v 1.22 2008/11/29 16:02:45 reyk Exp $ */
2 
3 /*
4  * Copyright (c) 2001 H�kan Olsson.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #define ISAKMP_DOI		0
30 #define IPSEC_DOI		1
31 
32 #define PROTO_ISAKMP		1
33 #define PROTO_IPSEC_AH		2
34 #define PROTO_IPSEC_ESP		3
35 #define PROTO_IPCOMP		4
36 
37 #define IKE_ATTR_ENCRYPTION_ALGORITHM	1
38 #define IKE_ATTR_HASH_ALGORITHM		2
39 #define IKE_ATTR_AUTHENTICATION_METHOD	3
40 #define IKE_ATTR_GROUP_DESC		4
41 #define IKE_ATTR_GROUP_TYPE		5
42 #define IKE_ATTR_LIFE_TYPE		11
43 
44 #define IKE_PROTO_INITIALIZER						\
45 	{ "RESERVED", "ISAKMP", "IPSEC_AH", "IPSEC_ESP", "IPCOMP",	\
46 	}
47 
48 #define IKE_ATTR_ENCRYPT_INITIALIZER					\
49 	{ "NONE", "DES_CBC", "IDEA_CBC", "BLOWFISH_CBC",		\
50 	  "RC5_R16_B64_CBC", "3DES_CBC", "CAST_CBC", "AES_CBC",		\
51 	  "AES_128_CTR"							\
52 	}
53 #define IKE_ATTR_HASH_INITIALIZER					\
54 	{ "NONE", "MD5", "SHA", "TIGER",				\
55 	  "SHA2_256", "SHA2_384", "SHA2_512",				\
56 	}
57 #define IKE_ATTR_AUTH_INITIALIZER					\
58 	{ "NONE", "PRE_SHARED", "DSS", "RSA_SIG",			\
59 	  "RSA_ENC", "RSA_ENC_REV",					\
60 	}
61 #define IKE_ATTR_GROUP_DESC_INITIALIZER					\
62 	{ "NONE", "MODP_768", "MODP_1024",				\
63 	  "E2CN_155", "E2CN_185", "MODP_1536", "NONE", "NONE", "NONE",	\
64 	  "NONE", "NONE", "NONE", "NONE", "NONE", "MODP_2048",		\
65 	  "MODP_3072",							\
66 	}
67 #define IKE_ATTR_GROUP_INITIALIZER					\
68 	{ "NONE", "MODP", "ECP", "E2CN",				\
69 	}
70 #define IKE_ATTR_SA_DURATION_INITIALIZER				\
71 	{ "NONE", "SECONDS", "KILOBYTES",				\
72 	}
73 
74 #define IKE_ATTR_INITIALIZER						\
75 	{ "NONE", 			/* 0 (not in RFC) */		\
76 	  "ENCRYPTION_ALGORITHM", 	/* 1 */				\
77 	  "HASH_ALGORITHM",		/* 2 */				\
78 	  "AUTHENTICATION_METHOD",	/* 3 */				\
79 	  "GROUP_DESCRIPTION",		/* 4 */				\
80 	  "GROUP_TYPE",			/* 5 */				\
81 	  "GROUP_PRIME",		/* 6 */				\
82 	  "GROUP_GENERATOR_1",		/* 7 */				\
83 	  "GROUP_GENERATOR_2",		/* 8 */				\
84 	  "GROUP_CURVE_1",		/* 9 */				\
85 	  "GROUP_CURVE_2",		/* 10 */			\
86 	  "LIFE_TYPE",			/* 11 */			\
87 	  "LIFE_DURATION",		/* 12 */			\
88 	  "PRF",			/* 13 */			\
89 	  "KEY_LENGTH",			/* 14 */			\
90 	  "FIELD_SIZE",			/* 15 */			\
91 	  "GROUP_ORDER",		/* 16 */			\
92 	}
93 
94 #define IKE_SITUATION_IDENTITY_ONLY	1
95 #define IKE_SITUATION_SECRECY		2
96 #define IKE_SITUATION_INTEGRITY		4
97 /* Mask is all the above, i.e 1+2+4 = 7 */
98 #define IKE_SITUATION_MASK		7
99 
100 #define PAYLOAD_NONE		0
101 #define PAYLOAD_SA		1
102 #define PAYLOAD_PROPOSAL	2
103 #define PAYLOAD_TRANSFORM	3
104 #define PAYLOAD_KE		4
105 #define PAYLOAD_ID		5
106 #define PAYLOAD_CERT		6
107 #define PAYLOAD_CERTREQUEST	7
108 #define PAYLOAD_HASH		8
109 #define PAYLOAD_SIG		9
110 #define PAYLOAD_NONCE		10
111 #define PAYLOAD_NOTIFICATION	11
112 #define PAYLOAD_DELETE		12
113 #define PAYLOAD_VENDOR		13
114 #define PAYLOAD_ATTRIBUTE	14
115 #define PAYLOAD_SAK		15
116 #define PAYLOAD_SAT		16
117 #define PAYLOAD_KD		17
118 #define PAYLOAD_SEQ		18
119 #define PAYLOAD_POP		19
120 #define PAYLOAD_NAT_D		20
121 #define PAYLOAD_NAT_OA		21
122 #define PAYLOAD_RESERVED_MIN	22
123 #define PAYLOAD_PRIVATE_MIN	128
124 #define PAYLOAD_NAT_D_DRAFT	130
125 #define PAYLOAD_NAT_OA_DRAFT	131
126 #define PAYLOAD_PRIVATE_MAX	132
127 
128 /* see http://www.iana.org/assignments/isakmp-registry */
129 #define IKE_PAYLOAD_TYPES_INITIALIZER			\
130 	{ "NONE",		/*  0 */		\
131 	  "SA",			/*  1 */		\
132 	  "PROPOSAL",		/*  2 */		\
133 	  "TRANSFORM",		/*  3 */		\
134 	  "KEY_EXCH",		/*  4 */		\
135 	  "ID",			/*  5 */		\
136 	  "CERT",		/*  6 */		\
137 	  "CERTREQUEST",	/*  7 */		\
138 	  "HASH",		/*  8 */		\
139 	  "SIG",		/*  9 */		\
140 	  "NONCE",		/* 10 */		\
141 	  "NOTIFICATION",	/* 11 */		\
142 	  "DELETE",		/* 12 */		\
143 	  "VENDOR",		/* 13 */		\
144 	  "ATTRIBUTE",		/* 14 (ikecfg) */	\
145 	  "SAK",		/* 15 */		\
146 	  "SAT",		/* 16 */		\
147 	  "KD",			/* 17 */		\
148 	  "SEQ",		/* 18 */		\
149 	  "POP",		/* 19 */		\
150 	  "NAT-D",		/* 20 */		\
151 	  "NAT-OA",		/* 21 */		\
152 	}
153 
154 #define IKE_PRIVATE_PAYLOAD_TYPES_INITIALIZER		\
155 	{ "NONE",		/*  128 */		\
156 	  "<unknown 129>",	/*  129 */		\
157 	  "NAT-D-DRAFT",	/*  130 (draft-ietf-ipsec-nat-t-ike-03) */  \
158 	  "NAT-OA-DRAFT",	/*  131 (draft-ietf-ipsec-nat-t-ike-03) */  \
159 	}
160 
161 /* Exchange types */
162 #define EXCHANGE_NONE		0
163 #define EXCHANGE_BASE		1
164 #define EXCHANGE_ID_PROT	2
165 #define EXCHANGE_AUTH_ONLY	3
166 #define EXCHANGE_AGGRESSIVE	4
167 #define EXCHANGE_INFO		5
168 #define EXCHANGE_TRANSACTION	6
169 #define EXCHANGE_QUICK_MODE	32
170 #define EXCHANGE_NEW_GROUP_MODE	33
171 
172 /* Exchange types */
173 #define IKE_EXCHANGE_TYPES_INITIALIZER			\
174 	{ "NONE",		/* 0 */			\
175 	  "BASE",		/* 1 */			\
176 	  "ID_PROT",		/* 2 */			\
177 	  "AUTH_ONLY",		/* 3 */			\
178 	  "AGGRESSIVE",		/* 4 */			\
179 	  "INFO",		/* 5 */			\
180 	  "TRANSACTION",	/* 6 (ikecfg) */	\
181 	  /* step up to type 32 with unknowns */	\
182 	  "unknown", "unknown", "unknown", "unknown",	\
183 	  "unknown", "unknown", "unknown", "unknown",	\
184 	  "unknown", "unknown", "unknown", "unknown",	\
185 	  "unknown", "unknown", "unknown", "unknown",	\
186 	  "unknown", "unknown", "unknown", "unknown",	\
187 	  "unknown", "unknown", "unknown", "unknown",	\
188 	  "unknown",					\
189 	  "QUICK_MODE",		/* 32 */		\
190 	  "NEW_GROUP_MODE",	/* 33 */		\
191 	}
192 
193 #define FLAGS_ENCRYPTION	1
194 #define FLAGS_COMMIT		2
195 #define FLAGS_AUTH_ONLY		4
196 
197 #define CERT_NONE		0
198 #define CERT_PKCS		1
199 #define CERT_PGP		2
200 #define CERT_DNS		3
201 #define CERT_X509_SIG		4
202 #define CERT_X509_KE		5
203 #define CERT_KERBEROS		6
204 #define CERT_CRL		7
205 #define CERT_ARL		8
206 #define CERT_SPKI		9
207 #define CERT_X509_ATTR		10
208 
209 #define NOTIFY_INVALID_PAYLOAD_TYPE		1
210 #define NOTIFY_DOI_NOT_SUPPORTED		2
211 #define NOTIFY_SITUATION_NOT_SUPPORTED		3
212 #define NOTIFY_INVALID_COOKIE			4
213 #define NOTIFY_INVALID_MAJOR_VERSION		5
214 #define NOTIFY_INVALID_MINOR_VERSION		6
215 #define NOTIFY_INVALID_EXCHANGE_TYPE		7
216 #define NOTIFY_INVALID_FLAGS			8
217 #define NOTIFY_INVALID_MESSAGE_ID		9
218 #define NOTIFY_INVALID_PROTOCOL_ID		10
219 #define NOTIFY_INVALID_SPI			11
220 #define NOTIFY_INVALID_TRANSFORM_ID		12
221 #define NOTIFY_ATTRIBUTES_NOT_SUPPORTED		13
222 #define NOTIFY_NO_PROPOSAL_CHOSEN		14
223 #define NOTIFY_BAD_PROPOSAL_SYNTAX		15
224 #define NOTIFY_PAYLOAD_MALFORMED		16
225 #define NOTIFY_INVALID_KEY_INFORMATION		17
226 #define NOTIFY_INVALID_ID_INFORMATION		18
227 #define NOTIFY_INVALID_CERT_ENCODING		19
228 #define NOTIFY_INVALID_CERTIFICATE		20
229 #define NOTIFY_CERT_TYPE_UNSUPPORTED		21
230 #define NOTIFY_INVALID_CERT_AUTHORITY		22
231 #define NOTIFY_INVALID_HASH_INFORMATION		23
232 #define NOTIFY_AUTHENTICATION_FAILED		24
233 #define NOTIFY_INVALID_SIGNATURE		25
234 #define NOTIFY_ADDRESS_NOTIFICATION		26
235 #define NOTIFY_NOTIFY_SA_LIFETIME		27
236 #define NOTIFY_CERTIFICATE_UNAVAILABLE		28
237 #define NOTIFY_UNSUPPORTED_EXCHANGE_TYPE	29
238 #define NOTIFY_UNEQUAL_PAYLOAD_LENGTHS		30
239 
240 #define IKE_NOTIFY_TYPES_INITIALIZER			\
241 	{ "",						\
242 	  "INVALID PAYLOAD TYPE",			\
243 	  "DOI NOT SUPPORTED",				\
244 	  "SITUATION NOT SUPPORTED",			\
245 	  "INVALID COOKIE",				\
246 	  "INVALID MAJOR VERSION",			\
247 	  "INVALID MINOR VERSION",			\
248 	  "INVALID EXCHANGE TYPE",			\
249 	  "INVALID FLAGS",				\
250 	  "INVALID MESSAGE ID",				\
251 	  "INVALID PROTOCOL ID",			\
252 	  "INVALID SPI",				\
253 	  "INVALID TRANSFORM ID",			\
254 	  "ATTRIBUTES NOT SUPPORTED",			\
255 	  "NO PROPOSAL CHOSEN",				\
256 	  "BAD PROPOSAL SYNTAX",			\
257 	  "PAYLOAD MALFORMED",				\
258 	  "INVALID KEY INFORMATION",			\
259 	  "INVALID ID INFORMATION",			\
260 	  "INVALID CERT ENCODING",			\
261 	  "INVALID CERTIFICATE",			\
262 	  "CERT TYPE UNSUPPORTED",			\
263 	  "INVALID CERT AUTHORITY",			\
264 	  "INVALID HASH INFORMATION",			\
265 	  "AUTHENTICATION FAILED",			\
266 	  "INVALID SIGNATURE",				\
267 	  "ADDRESS NOTIFICATION",			\
268 	  "NOTIFY SA LIFETIME",				\
269 	  "CERTIFICATE UNAVAILABLE",			\
270 	  "UNSUPPORTED EXCHANGE TYPE",			\
271 	  "UNEQUAL PAYLOAD LENGTHS",			\
272 	}
273 
274 /* RFC 2407, 4.6.3 */
275 #define NOTIFY_IPSEC_RESPONDER_LIFETIME	24576
276 #define NOTIFY_IPSEC_REPLAY_STATUS	24577
277 #define NOTIFY_IPSEC_INITIAL_CONTACT	24578
278 
279 /* RFC 3706, Dead Peer Detection */
280 #define NOTIFY_STATUS_DPD_R_U_THERE	36136
281 #define NOTIFY_STATUS_DPD_R_U_THERE_ACK	36137
282 
283 #define IPSEC_ID_RESERVED		0
284 #define IPSEC_ID_IPV4_ADDR		1
285 #define IPSEC_ID_FQDN			2
286 #define IPSEC_ID_USER_FQDN		3
287 #define IPSEC_ID_IPV4_ADDR_SUBNET	4
288 #define IPSEC_ID_IPV6_ADDR		5
289 #define IPSEC_ID_IPV6_ADDR_SUBNET	6
290 #define IPSEC_ID_IPV4_ADDR_RANGE	7
291 #define IPSEC_ID_IPV6_ADDR_RANGE	8
292 #define IPSEC_ID_DER_ASN1_DN		9
293 #define IPSEC_ID_DER_ASN1_GN		10
294 #define IPSEC_ID_KEY_ID			11
295 
296 #define IPSEC_ID_TYPE_INITIALIZER			\
297 	{ "RESERVED",					\
298 	  "IPV4_ADDR",					\
299 	  "FQDN",					\
300 	  "USER_FQDN",					\
301 	  "IPV4_ADDR_SUBNET",				\
302 	  "IPV6_ADDR",					\
303 	  "IPV6_ADDR_SUBNET",				\
304 	  "IPV4_ADDR_RANGE",				\
305 	  "IPV6_ADDR_RANGE",				\
306 	  "DER_ASN1_DN",				\
307 	  "DER_ASN1_GN",				\
308 	  "KEY_ID",					\
309 	}
310 
311 #define IPSEC_ATTR_SA_LIFE_TYPE			1
312 #define IPSEC_ATTR_SA_LIFE_DURATION		2
313 #define IPSEC_ATTR_GROUP_DESCRIPTION		3
314 #define IPSEC_ATTR_ENCAPSULATION_MODE		4
315 #define IPSEC_ATTR_AUTHENTICATION_ALGORITHM	5
316 #define IPSEC_ATTR_KEY_LENGTH			6
317 #define IPSEC_ATTR_KEY_ROUNDS			7
318 #define IPSEC_ATTR_COMPRESS_DICTIONARY_SIZE	8
319 #define IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM	9
320 
321 #define IPSEC_ATTR_INITIALIZER					\
322 	{ "NONE", "LIFE_TYPE", "LIFE_DURATION",			\
323 	  "GROUP_DESCRIPTION", "ENCAPSULATION_MODE",		\
324 	  "AUTHENTICATION_ALGORITHM", "KEY_LENGTH",		\
325 	  "KEY_ROUNDS", "COMPRESS_DICTIONARY_SIZE",		\
326 	  "COMPRESS_PRIVATE_ALGORITHM",				\
327 	}
328 
329 #define IPSEC_ATTR_DURATION_INITIALIZER				\
330 	{ "NONE", "SECONDS", "KILOBYTES",			\
331 	}
332 #define IPSEC_ATTR_ENCAP_INITIALIZER				\
333 	{ "NONE", "TUNNEL", "TRANSPORT", "UDP_ENCAP_TUNNEL",	\
334 	  "UDP_ENCAP_TRANSPORT"					\
335 	}
336 #define IPSEC_ATTR_AUTH_INITIALIZER				\
337 	{ "NONE", "HMAC_MD5", "HMAC_SHA", "DES_MAC", "KPDK",	\
338 	  "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512",	\
339 	  "HMAC_RIPEMD",					\
340 	}
341 #define IPSEC_AH_INITIALIZER					\
342 	{ "NONE", "MD5", "SHA", "DES", "SHA2_256", "SHA2_384",	\
343 	  "SHA2_512", "RIPEMD",					\
344 	}
345 #define IPSEC_ESP_INITIALIZER					\
346 	{ "NONE", "DEV_IV64", "DES", "3DES", "RC5", "IDEA",	\
347 	  "CAST", "BLOWFISH", "3IDEA", "DES_IV32", "RC4",	\
348 	  "NULL", "AES", "AESCTR"				\
349 	}
350 #define IPCOMP_INITIALIZER					\
351 	{ "NONE", "OUI", "DEFLATE", "LZS", "V42BIS",		\
352 	}
353 
354 /*
355  * IKE mode config.
356  */
357 
358 #define IKE_CFG_ATTRIBUTE_TYPE_INITIALIZER		\
359 	{ "RESERVED", "CFG_REQUEST", "CFG_REPLY",	\
360 	  "CFG_SET", "CFG_ACK",				\
361 	}
362 
363 #define IKE_CFG_ATTR_INTERNAL_IP4_ADDRESS		1
364 #define IKE_CFG_ATTR_INTERNAL_IP4_NETMASK		2
365 #define IKE_CFG_ATTR_INTERNAL_IP4_DNS			3
366 #define IKE_CFG_ATTR_INTERNAL_IP4_NBNS			4
367 #define IKE_CFG_ATTR_INTERNAL_ADDRESS_EXPIRY		5
368 #define IKE_CFG_ATTR_INTERNAL_IP4_DHCP			6
369 #define IKE_CFG_ATTR_APPLICATION_VERSION		7
370 #define IKE_CFG_ATTR_INTERNAL_IP6_ADDRESS		8
371 #define IKE_CFG_ATTR_INTERNAL_IP6_NETMASK		9
372 #define IKE_CFG_ATTR_INTERNAL_IP6_DNS			10
373 #define IKE_CFG_ATTR_INTERNAL_IP6_NBNS			11
374 #define IKE_CFG_ATTR_INTERNAL_IP6_DHCP			12
375 #define IKE_CFG_ATTR_INTERNAL_IP4_SUBNET		13
376 #define IKE_CFG_ATTR_SUPPORTED_ATTRIBUTES		14
377 #define IKE_CFG_ATTR_INTERNAL_IP6_SUBNET		15
378 
379 #define IKE_CFG_ATTRIBUTE_INITIALIZER				\
380 	{ "RESERVED", "INTERNAL_IP4_ADDRESS",			\
381 	  "INTERNAL_IP4_NETMASK", "INTERNAL_IP4_DNS",		\
382 	  "INTERNAL_IP4_NBNS", "INTERNAL_ADDRESS_EXPIRY",	\
383 	  "INTERNAL_IP4_DHCP", "APPLICATION_VERSION",		\
384 	  "INTERNAL_IP6_ADDRESS", "INTERNAL_IP6_NETMASK",	\
385 	  "INTERNAL_IP6_DNS", "INTERNAL_IP6_NBNS",		\
386 	  "INTERNAL_IP6_DHCP", "INTERNAL_IP4_SUBNET",		\
387 	  "SUPPORTED_ATTRIBUTES", "INTERNAL_IP6_SUBNET",	\
388 	}
389 
390 #define ISAKMP_SA_SZ		 8
391 #define ISAKMP_PROP_SZ		 8
392 #define ISAKMP_TRANSFORM_SZ	 8
393 #define ISAKMP_KE_SZ		 4
394 #define ISAKMP_ID_SZ		 8
395 #define ISAKMP_CERT_SZ		 5
396 #define ISAKMP_CERTREQ_SZ	 5
397 #define ISAKMP_HASH_SZ		 4
398 #define ISAKMP_SIG_SZ		 4
399 #define ISAKMP_NONCE_SZ		 4
400 #define ISAKMP_NOTIFY_SZ	12
401 #define ISAKMP_DELETE_SZ	12
402 #define ISAKMP_VENDOR_SZ	 4
403 #define ISAKMP_ATTRIBUTE_SZ	 8
404 #define ISAKMP_NAT_D_SZ		 4
405 #define ISAKMP_NAT_OA_SZ	 8
406 
407 static u_int16_t min_payload_lengths[] = {
408 	0, ISAKMP_SA_SZ, ISAKMP_PROP_SZ, ISAKMP_TRANSFORM_SZ, ISAKMP_KE_SZ,
409 	ISAKMP_ID_SZ, ISAKMP_CERT_SZ, ISAKMP_CERTREQ_SZ, ISAKMP_HASH_SZ,
410 	ISAKMP_SIG_SZ, ISAKMP_NONCE_SZ, ISAKMP_NOTIFY_SZ, ISAKMP_DELETE_SZ,
411 	ISAKMP_VENDOR_SZ, ISAKMP_ATTRIBUTE_SZ
412 };
413 
414 static u_int16_t min_priv_payload_lengths[] = {
415 	0, 0, ISAKMP_NAT_D_SZ, ISAKMP_NAT_OA_SZ
416 };
417 
418 static const struct vendor_id
419 {
420     size_t	 len;
421     char	 vid[16];
422     char	*name;
423 } vendor_ids[] = {
424  	{
425 		16,
426 		{
427 			0x44, 0x85, 0x15, 0x2d, 0x18, 0xb6, 0xbb, 0xcd,
428 			0x0b, 0xe8, 0xa8, 0x46, 0x95, 0x79, 0xdd, 0xcc,
429 		},
430 		"v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00",
431 	},
432 	{
433 		16,
434 		{
435 			0x90, 0xcb, 0x80, 0x91, 0x3e, 0xbb, 0x69, 0x6e,
436 			0x08, 0x63, 0x81, 0xb5, 0xec, 0x42, 0x7b, 0x1f,
437 		},
438 		"v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02",
439 	},
440 	{
441 		16,
442 		{
443 			0xcd, 0x60, 0x46, 0x43, 0x35, 0xdf, 0x21, 0xf8,
444 			0x7c, 0xfd, 0xb2, 0xfc, 0x68, 0xb6, 0xa4, 0x48,
445 		},
446 		"v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\\n",
447 	},
448 	{
449 		16,
450 		{
451 			0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,
452 			0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56,
453 		},
454 		"v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03",
455 	},
456 	{
457 		16,
458 		{
459 			0x99,0x09,0xb6,0x4e,0xed,0x93,0x7c,0x65,
460 			0x73,0xde,0x52,0xac,0xe9,0x52,0xfa,0x6b,
461 		},
462 		"v4 NAT-T, draft-ietf-ipsec-nat-t-ike-04",
463 	},
464 	{
465 		16,
466 		{
467 			0x80,0xd0,0xbb,0x3d,0xef,0x54,0x56,0x5e,
468 			0xe8,0x46,0x45,0xd4,0xc8,0x5c,0xe3,0xee,
469 		},
470 		"v5 NAT-T, draft-ietf-ipsec-nat-t-ike-05",
471 	},
472 	{
473 		16,
474 		{
475 			0x4d,0x1e,0x0e,0x13,0x6d,0xea,0xfa,0x34,
476 			0xc4,0xf3,0xea,0x9f,0x02,0xec,0x72,0x85,
477 		},
478 		"v6 NAT-T, draft-ietf-ipsec-nat-t-ike-06",
479 	},
480 	{
481 		16,
482 		{
483 			0x43,0x9b,0x59,0xf8,0xba,0x67,0x6c,0x4c,
484 			0x77,0x37,0xae,0x22,0xea,0xb8,0xf5,0x82,
485 		},
486 		"v7 NAT-T, draft-ietf-ipsec-nat-t-ike-07",
487 	},
488 	{
489 		16,
490 		{
491 			0x8f,0x8d,0x83,0x82,0x6d,0x24,0x6b,0x6f,
492 			0xc7,0xa8,0xa6,0xa4,0x28,0xc1,0x1d,0xe8,
493 		},
494 		"v8 NAT-T, draft-ietf-ipsec-nat-t-ike-08",
495 	},
496 	{
497 		16,
498 		{
499 			0x42,0xea,0x5b,0x6f,0x89,0x8d,0x97,0x73,
500 			0xa5,0x75,0xdf,0x26,0xe7,0xdd,0x19,0xe1,
501 		},
502 		"v9 NAT-T, draft-ietf-ipsec-nat-t-ike-09",
503 	},
504 	{
505 		16,
506 		{
507 			0xc4,0x0f,0xee,0x00,0xd5,0xd3,0x9d,0xdb,
508 			0x1f,0xc7,0x62,0xe0,0x9b,0x7c,0xfe,0xa7,
509 		},
510 		"Testing NAT-T RFC",
511 	},
512 	{
513 		16,
514 		{
515 			0xaf, 0xca, 0xd7, 0x13, 0x68, 0xa1, 0xf1, 0xc9,
516 			0x6b, 0x86, 0x96, 0xfc, 0x77, 0x57, 0x01, 0x00,
517 			/* Last "0x01, 0x00" means major v1, minor v0 */
518 		},
519 		"DPD v1.0"
520 	},
521 	{
522 		16,
523 		{
524 			0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45,
525 			0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f,
526 		},
527 		"NAT-T, RFC 3947"
528 	},
529 	{
530 		16,
531 		{
532 			0x6c, 0x0d, 0xcd, 0x48, 0x1d, 0xea, 0xe8, 0xae,
533 			0x0b, 0x0a, 0x68, 0x38, 0x4b, 0x30, 0x72, 0xf9,
534 		},
535 		"OpenBSD-4.0"
536 	},
537 	{
538 		8,
539 		{
540 			0x09, 0x00, 0x26, 0x89, 0xdf, 0xd6, 0xb7, 0x12
541 		},
542 		"draft-ietf-ipsra-isakmp-xauth-06.txt"
543 	},
544 	{
545 		16,
546 		{
547 			0x12,0xf5,0xf2,0x8c,0x45,0x71,0x68,0xa9,
548 			0x70,0x2d,0x9f,0xe2,0x74,0xcc,0x01,0x00,
549 		},
550 		"Cisco Unity",
551 	}
552 };
553