Is ikev2_decryption_table file limited (how many lines/connections could it contain)?

asked 2025-07-29 11:25:05 +0000

G12345 gravatar image

updated 2025-07-29 11:45:02 +0000

Chuckc gravatar image

There is an opportunity to decrypt IPsec traffic (IKEv2+ESP):

https://www.wireshark.org/docs/wsug_h...
https://github.com/wireshark/wireshar...
https://github.com/rknall/wireshark/b...

So, the question is about how many IKEv2 tunnels can I put in file called "ikev2_decryption_table", is there some limit?

edit retag flag offensive close merge delete

Comments

You may reach an unusable size (performance) before running out of room for the entries.

epan/dissectors/packet-isakmp.c:

static unsigned num_ikev2_uat_data;

epan/uat.h:

 * UATs are meant for short tables of user data (passwords and such), there is
 * no quick access, you must iterate through them each time to fetch the record
 * you are looking for.

isakmp hashes some fields from the UAT so that helps performance but more memory.
epan/dissectors/packet-isakmp:

  ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
  for (i = 0; i < num_ikev2_uat_data; i++) {
    g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
    /* Need find references to algorithms (as UAT table editing looses data not stored in file) */
    ikev2_uat_data[i].encr_spec = ikev2_decrypt_find_encr_spec(ikev2_uat_data[i].encr_alg);
    ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg);
  }
Chuckc gravatar imageChuckc ( 2025-07-29 20:51:58 +0000 )edit

The answer is the size of unsigned type in C? So, maximum value accounts for 65535 or 4294967295 (depending on a system)?

G12345 gravatar imageG12345 ( 2025-07-30 09:16:09 +0000 )edit

32 bit system, 2^32-1 = 4,294,967,295
64 bit system 2^64-1 = 18,446,744,073,709,551,615

Chuckc gravatar imageChuckc ( 2025-07-30 12:17:35 +0000 )edit
add a comment