2000-04-08 03:32:10 +00:00
|
|
|
/* packet-rlogin.c
|
|
|
|
* Routines for unix rlogin packet dissection
|
|
|
|
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-04-08 03:32:10 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-04-08 03:32:10 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* Based upon RFC-1282 - BSD Rlogin
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-08 03:32:10 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-08 03:32:10 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-08 03:32:10 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2009-08-26 19:27:49 +00:00
|
|
|
#include <stdlib.h>
|
2000-04-08 03:32:10 +00:00
|
|
|
#include <string.h>
|
|
|
|
#include <glib.h>
|
2000-08-11 13:37:21 +00:00
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/conversation.h>
|
2005-08-12 10:21:14 +00:00
|
|
|
#include <epan/emem.h>
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
#include "packet-tcp.h"
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
#define RLOGIN_PORT 513
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
static int proto_rlogin = -1;
|
|
|
|
|
|
|
|
static int ett_rlogin = -1;
|
|
|
|
static int ett_rlogin_window = -1;
|
|
|
|
static int ett_rlogin_user_info = -1;
|
|
|
|
static int ett_rlogin_window_rows = -1;
|
|
|
|
static int ett_rlogin_window_cols = -1;
|
|
|
|
static int ett_rlogin_window_x_pixels = -1;
|
|
|
|
static int ett_rlogin_window_y_pixels = -1;
|
|
|
|
|
|
|
|
static int hf_user_info = -1;
|
2005-11-12 22:05:53 +00:00
|
|
|
static int hf_client_startup_flag = -1;
|
|
|
|
static int hf_startup_info_received_flag = -1;
|
|
|
|
static int hf_user_info_client_user_name = -1;
|
|
|
|
static int hf_user_info_server_user_name = -1;
|
|
|
|
static int hf_user_info_terminal_type = -1;
|
|
|
|
static int hf_user_info_terminal_speed = -1;
|
|
|
|
static int hf_control_message = -1;
|
2000-04-08 03:32:10 +00:00
|
|
|
static int hf_window_info = -1;
|
2005-11-12 22:05:53 +00:00
|
|
|
static int hf_window_info_ss = -1;
|
2000-04-08 03:32:10 +00:00
|
|
|
static int hf_window_info_rows = -1;
|
|
|
|
static int hf_window_info_cols = -1;
|
|
|
|
static int hf_window_info_x_pixels = -1;
|
|
|
|
static int hf_window_info_y_pixels = -1;
|
2005-11-12 22:05:53 +00:00
|
|
|
static int hf_data = -1;
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
static const value_string control_message_vals[] =
|
|
|
|
{
|
|
|
|
{ 0x02, "Clear buffer" },
|
|
|
|
{ 0x10, "Raw mode" },
|
|
|
|
{ 0x20, "Cooked mode" },
|
|
|
|
{ 0x80, "Window size request" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
typedef enum {
|
|
|
|
NONE=0,
|
|
|
|
USER_INFO_WAIT=1,
|
|
|
|
DONE=2
|
|
|
|
} session_state_t;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
#define NAME_LEN 32
|
|
|
|
typedef struct {
|
|
|
|
session_state_t state;
|
|
|
|
guint32 info_framenum;
|
|
|
|
char user_name[NAME_LEN];
|
2001-07-03 00:40:48 +00:00
|
|
|
} rlogin_hash_entry_t;
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Decoder State Machine. Currently only used to snoop on
|
|
|
|
client-user-name as sent by the client up connection establishment.
|
|
|
|
*/
|
2002-08-28 21:04:11 +00:00
|
|
|
static void
|
2005-11-12 22:05:53 +00:00
|
|
|
rlogin_state_machine(rlogin_hash_entry_t *hash_info, tvbuff_t *tvb, packet_info *pinfo)
|
2001-07-03 00:40:48 +00:00
|
|
|
{
|
|
|
|
guint length;
|
|
|
|
gint stringlen;
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Won't change state if already seen this packet */
|
|
|
|
if (pinfo->fd->flags.visited)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* rlogin stream decoder */
|
|
|
|
/* Just watch for the second packet from client with the user name and */
|
|
|
|
/* terminal type information. */
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
if (pinfo->destport != RLOGIN_PORT)
|
|
|
|
{
|
2000-04-08 03:32:10 +00:00
|
|
|
return;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* exit if already passed username in conversation */
|
|
|
|
if (hash_info->state == DONE)
|
|
|
|
{
|
2000-04-08 03:32:10 +00:00
|
|
|
return;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* exit if no data */
|
2001-07-03 00:40:48 +00:00
|
|
|
length = tvb_length(tvb);
|
2005-11-12 22:05:53 +00:00
|
|
|
if (length == 0)
|
|
|
|
{
|
2002-08-28 21:04:11 +00:00
|
|
|
return;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
if (hash_info->state == NONE)
|
|
|
|
{
|
|
|
|
/* new connection*/
|
|
|
|
if (tvb_get_guint8(tvb, 0) != '\0')
|
|
|
|
{
|
|
|
|
/* We expected a null, but didn't get one; quit. */
|
2001-07-03 00:40:48 +00:00
|
|
|
hash_info->state = DONE;
|
2000-04-08 03:32:10 +00:00
|
|
|
return;
|
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
if (length <= 1)
|
|
|
|
{
|
|
|
|
/* Still waiting for data */
|
2000-04-08 03:32:10 +00:00
|
|
|
hash_info->state = USER_INFO_WAIT;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Have info, store frame number */
|
2001-07-03 00:40:48 +00:00
|
|
|
hash_info->state = DONE;
|
|
|
|
hash_info->info_framenum = pinfo->fd->num;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
/* expect user data here */
|
|
|
|
/* TODO: may need to do more checking here? */
|
|
|
|
else
|
|
|
|
if (hash_info->state == USER_INFO_WAIT)
|
|
|
|
{
|
|
|
|
/* Store frame number here */
|
2002-08-28 21:04:11 +00:00
|
|
|
hash_info->state = DONE;
|
2001-07-03 00:40:48 +00:00
|
|
|
hash_info->info_framenum = pinfo->fd->num;
|
2005-11-12 22:05:53 +00:00
|
|
|
|
|
|
|
/* Work out length of string to copy */
|
2001-07-03 00:40:48 +00:00
|
|
|
stringlen = tvb_strnlen(tvb, 0, NAME_LEN);
|
|
|
|
if (stringlen == -1)
|
2005-11-12 22:05:53 +00:00
|
|
|
stringlen = NAME_LEN - 1; /* no '\0' found */
|
2001-07-03 00:40:48 +00:00
|
|
|
else if (stringlen > NAME_LEN - 1)
|
2005-11-12 22:05:53 +00:00
|
|
|
stringlen = NAME_LEN - 1; /* name too long */
|
|
|
|
|
|
|
|
/* Copy and terminate string into hash name */
|
|
|
|
tvb_memcpy(tvb, (guint8 *)hash_info->user_name, 0, stringlen);
|
|
|
|
hash_info->user_name[stringlen] = '\0';
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2009-09-24 20:00:21 +00:00
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, ", (User information)");
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Dissect details of packet */
|
|
|
|
static void rlogin_display(rlogin_hash_entry_t *hash_info,
|
|
|
|
tvbuff_t *tvb,
|
|
|
|
packet_info *pinfo,
|
|
|
|
proto_tree *tree,
|
|
|
|
struct tcpinfo *tcpinfo)
|
2001-07-03 00:40:48 +00:00
|
|
|
{
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Display the proto tree */
|
2001-07-03 00:40:48 +00:00
|
|
|
int offset = 0;
|
2000-04-08 03:32:10 +00:00
|
|
|
proto_tree *rlogin_tree, *user_info_tree, *window_tree;
|
|
|
|
proto_item *ti;
|
2001-07-03 00:40:48 +00:00
|
|
|
guint length;
|
2005-11-12 22:05:53 +00:00
|
|
|
int str_len;
|
|
|
|
gint ti_offset;
|
|
|
|
proto_item *user_info_item, *window_info_item;
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Create rlogin subtree */
|
|
|
|
ti = proto_tree_add_item(tree, proto_rlogin, tvb, 0, -1, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
rlogin_tree = proto_item_add_subtree(ti, ett_rlogin);
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Return if data empty */
|
2001-07-03 00:40:48 +00:00
|
|
|
length = tvb_length(tvb);
|
2005-11-12 22:05:53 +00:00
|
|
|
if (length == 0)
|
|
|
|
{
|
2000-04-08 03:32:10 +00:00
|
|
|
return;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
/*
|
|
|
|
* XXX - this works only if the urgent pointer points to something
|
|
|
|
* in this segment; to make it work if the urgent pointer points
|
|
|
|
* to something past this segment, we'd have to remember the urgent
|
|
|
|
* pointer setting for this conversation.
|
|
|
|
*/
|
2005-11-12 22:05:53 +00:00
|
|
|
if (tcpinfo->urgent && /* if urgent pointer set */
|
|
|
|
length >= tcpinfo->urgent_pointer) /* and it's in this frame */
|
|
|
|
{
|
|
|
|
/* Get urgent byte into Temp */
|
2001-09-30 23:14:43 +00:00
|
|
|
int urgent_offset = tcpinfo->urgent_pointer - 1;
|
2005-11-12 22:05:53 +00:00
|
|
|
guint8 control_byte;
|
|
|
|
|
|
|
|
/* Check for text data in front */
|
|
|
|
if (urgent_offset > offset)
|
|
|
|
{
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, urgent_offset, FALSE);
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Show control byte */
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_control_message, tvb,
|
|
|
|
urgent_offset, 1, FALSE);
|
|
|
|
control_byte = tvb_get_guint8(tvb, urgent_offset);
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
{
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
" (%s)", val_to_str(control_byte, control_message_vals, "Unknown"));
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = urgent_offset + 1; /* adjust offset */
|
|
|
|
}
|
|
|
|
else
|
|
|
|
if (tvb_get_guint8(tvb, offset) == '\0')
|
|
|
|
{
|
|
|
|
/* Startup */
|
|
|
|
if (pinfo->srcport == RLOGIN_PORT) /* from server */
|
|
|
|
{
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_startup_info_received_flag,
|
|
|
|
tvb, offset, 1, FALSE);
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
else
|
2005-11-12 22:05:53 +00:00
|
|
|
{
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_client_startup_flag,
|
|
|
|
tvb, offset, 1, FALSE);
|
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
++offset;
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-07-03 00:40:48 +00:00
|
|
|
if (!tvb_offset_exists(tvb, offset))
|
2005-11-12 22:05:53 +00:00
|
|
|
{
|
|
|
|
/* No more data to check */
|
|
|
|
return;
|
|
|
|
}
|
2000-08-06 08:53:44 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
if (hash_info->info_framenum == pinfo->fd->num)
|
|
|
|
{
|
|
|
|
gint info_len;
|
|
|
|
gint slash_offset;
|
|
|
|
|
|
|
|
/* First frame of conversation, assume user info... */
|
|
|
|
|
|
|
|
info_len = tvb_length_remaining(tvb, offset);
|
|
|
|
|
|
|
|
/* User info tree */
|
|
|
|
user_info_item = proto_tree_add_string_format(rlogin_tree, hf_user_info, tvb,
|
|
|
|
offset, info_len, FALSE,
|
|
|
|
"User info (%s)",
|
|
|
|
tvb_format_text(tvb, offset, info_len));
|
|
|
|
user_info_tree = proto_item_add_subtree(user_info_item,
|
|
|
|
ett_rlogin_user_info);
|
|
|
|
|
|
|
|
/* Client user name. */
|
2001-07-03 00:40:48 +00:00
|
|
|
str_len = tvb_strsize(tvb, offset);
|
2005-11-12 22:05:53 +00:00
|
|
|
proto_tree_add_item(user_info_tree, hf_user_info_client_user_name,
|
|
|
|
tvb, offset, str_len, FALSE);
|
2000-08-06 08:53:44 +00:00
|
|
|
offset += str_len;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Server user name. */
|
2001-07-03 00:40:48 +00:00
|
|
|
str_len = tvb_strsize(tvb, offset);
|
2005-11-12 22:05:53 +00:00
|
|
|
proto_tree_add_item(user_info_tree, hf_user_info_server_user_name,
|
|
|
|
tvb, offset, str_len, FALSE);
|
2000-08-06 08:53:44 +00:00
|
|
|
offset += str_len;
|
2005-11-12 22:05:53 +00:00
|
|
|
|
|
|
|
/* Terminal type/speed. */
|
|
|
|
slash_offset = tvb_find_guint8(tvb, offset, -1, '/');
|
|
|
|
if (slash_offset != -1)
|
|
|
|
{
|
|
|
|
/* Terminal type */
|
|
|
|
proto_tree_add_item(user_info_tree, hf_user_info_terminal_type,
|
|
|
|
tvb, offset, slash_offset-offset, FALSE);
|
|
|
|
offset = slash_offset + 1;
|
|
|
|
|
|
|
|
/* Terminal speed */
|
|
|
|
str_len = tvb_strsize(tvb, offset);
|
|
|
|
proto_tree_add_uint(user_info_tree, hf_user_info_terminal_speed,
|
|
|
|
tvb, offset, str_len,
|
|
|
|
atoi(tvb_format_text(tvb, offset, str_len)));
|
|
|
|
offset += str_len;
|
|
|
|
}
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-08-06 08:53:44 +00:00
|
|
|
|
2001-07-03 00:40:48 +00:00
|
|
|
if (!tvb_offset_exists(tvb, offset))
|
2005-11-12 22:05:53 +00:00
|
|
|
{
|
|
|
|
/* No more data to check */
|
|
|
|
return;
|
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Test for terminal information, the data will have 2 0xff bytes */
|
|
|
|
/* look for first 0xff byte */
|
2001-07-03 00:40:48 +00:00
|
|
|
ti_offset = tvb_find_guint8(tvb, offset, -1, 0xff);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Next byte must also be 0xff */
|
2001-07-03 00:40:48 +00:00
|
|
|
if (ti_offset != -1 &&
|
|
|
|
tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
|
2005-11-12 22:05:53 +00:00
|
|
|
tvb_get_guint8(tvb, ti_offset + 1) == 0xff)
|
|
|
|
{
|
|
|
|
guint16 rows, columns;
|
|
|
|
|
|
|
|
/* Have found terminal info. */
|
|
|
|
if (ti_offset > offset)
|
|
|
|
{
|
|
|
|
/* There's data before the terminal info. */
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_data, tvb,
|
|
|
|
offset, ti_offset - offset, FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create window info tree */
|
|
|
|
window_info_item =
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_window_info, tvb, offset, 12, FALSE);
|
|
|
|
window_tree = proto_item_add_subtree(window_info_item, ett_rlogin_window);
|
|
|
|
|
|
|
|
/* Cookie */
|
|
|
|
proto_tree_add_text(window_tree, tvb, offset, 2, "Magic Cookie: (0xff, 0xff)");
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* These bytes should be "ss" */
|
|
|
|
proto_tree_add_item(window_tree, hf_window_info_ss, tvb, offset, 2, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Character rows */
|
|
|
|
rows = tvb_get_ntohs(tvb, offset);
|
|
|
|
proto_tree_add_item(window_tree, hf_window_info_rows, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Characters per row */
|
|
|
|
columns = tvb_get_ntohs(tvb, offset);
|
|
|
|
proto_tree_add_item(window_tree, hf_window_info_cols, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* x pixels */
|
|
|
|
proto_tree_add_item(window_tree, hf_window_info_x_pixels, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* y pixels */
|
2001-07-03 00:40:48 +00:00
|
|
|
proto_tree_add_item(window_tree, hf_window_info_y_pixels, tvb,
|
2005-11-12 22:05:53 +00:00
|
|
|
offset, 2, FALSE);
|
2000-04-08 03:32:10 +00:00
|
|
|
offset += 2;
|
2005-11-12 22:05:53 +00:00
|
|
|
|
|
|
|
/* Show setting highlights in info column */
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
{
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (rows=%u, cols=%u)",
|
|
|
|
rows, columns);
|
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
if (tvb_offset_exists(tvb, offset))
|
|
|
|
{
|
|
|
|
/* There's more data in the frame. */
|
|
|
|
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, -1, FALSE);
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
|
|
|
|
/****************************************************************
|
|
|
|
* Main dissection function
|
|
|
|
****************************************************************/
|
2000-04-08 03:32:10 +00:00
|
|
|
static void
|
2001-07-03 00:40:48 +00:00
|
|
|
dissect_rlogin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
2001-11-03 00:58:52 +00:00
|
|
|
struct tcpinfo *tcpinfo = pinfo->private_data;
|
2000-04-08 03:32:10 +00:00
|
|
|
conversation_t *conversation;
|
2001-09-03 10:33:12 +00:00
|
|
|
rlogin_hash_entry_t *hash_info;
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
guint length;
|
2001-07-03 00:40:48 +00:00
|
|
|
gint ti_offset;
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Get conversation */
|
|
|
|
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
|
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport,
|
|
|
|
0);
|
|
|
|
|
|
|
|
/* Create if didn't previously exist */
|
|
|
|
if (!conversation)
|
|
|
|
{
|
|
|
|
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
|
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport,
|
|
|
|
0);
|
2001-09-03 10:33:12 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
|
|
|
|
/* Get or create data associated with this conversation */
|
2001-09-03 10:33:12 +00:00
|
|
|
hash_info = conversation_get_proto_data(conversation, proto_rlogin);
|
2005-11-12 22:05:53 +00:00
|
|
|
if (!hash_info)
|
|
|
|
{
|
|
|
|
/* Populate new data struct... */
|
|
|
|
hash_info = se_alloc(sizeof(rlogin_hash_entry_t));
|
2001-07-03 00:40:48 +00:00
|
|
|
hash_info->state = NONE;
|
2005-11-12 22:05:53 +00:00
|
|
|
hash_info->info_framenum = 0; /* no frame has the number 0 */
|
|
|
|
hash_info->user_name[0] = '\0';
|
|
|
|
|
|
|
|
/* ... and store in conversation */
|
|
|
|
conversation_add_proto_data(conversation, proto_rlogin, hash_info);
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Set protocol column text */
|
2009-08-09 07:59:51 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Rlogin");
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Set info column */
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
{
|
|
|
|
/* Show user-name if available */
|
|
|
|
if (hash_info->user_name[0])
|
|
|
|
{
|
2004-07-23 07:59:15 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO,
|
2005-11-12 22:05:53 +00:00
|
|
|
"User name: %s, ", hash_info->user_name);
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
else
|
2005-11-12 22:05:53 +00:00
|
|
|
{
|
2004-07-23 07:59:15 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
2001-07-03 00:40:48 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Work out packet content summary for display */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
length = tvb_length(tvb);
|
2005-11-12 22:05:53 +00:00
|
|
|
if (length != 0)
|
|
|
|
{
|
|
|
|
/* Initial NULL byte represents part of connection handshake */
|
|
|
|
if (tvb_get_guint8(tvb, 0) == '\0')
|
|
|
|
{
|
2004-07-23 07:59:15 +00:00
|
|
|
col_append_str(pinfo->cinfo, COL_INFO,
|
2005-11-12 22:05:53 +00:00
|
|
|
(pinfo->destport == RLOGIN_PORT) ?
|
|
|
|
"Start Handshake" :
|
|
|
|
"Startup info received");
|
2004-07-23 07:59:15 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
else
|
|
|
|
if (tcpinfo->urgent && length >= tcpinfo->urgent_pointer)
|
|
|
|
{
|
|
|
|
/* Urgent pointer inside current data represents a control message */
|
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, "Control Message");
|
2004-07-23 07:59:15 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Search for 2 consecutive ff bytes
|
|
|
|
(signifies window change control message) */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
ti_offset = tvb_find_guint8(tvb, 0, -1, 0xff);
|
|
|
|
if (ti_offset != -1 &&
|
|
|
|
tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
|
2005-11-12 22:05:53 +00:00
|
|
|
tvb_get_guint8(tvb, ti_offset + 1) == 0xff)
|
|
|
|
{
|
|
|
|
col_append_str(pinfo->cinfo, COL_INFO, "Terminal Info");
|
2004-07-23 07:59:15 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Show any text data in the frame */
|
|
|
|
int bytes_to_copy = tvb_length(tvb);
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
if (bytes_to_copy > 128)
|
2005-11-12 22:05:53 +00:00
|
|
|
{
|
|
|
|
/* Truncate to 128 bytes for display */
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
bytes_to_copy = 128;
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Add data into info column */
|
2004-07-23 07:59:15 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO,
|
2005-11-12 22:05:53 +00:00
|
|
|
"Data: %s",
|
|
|
|
tvb_format_text(tvb, 0, bytes_to_copy));
|
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
2001-10-01 08:29:37 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* See if conversation state needs to be updated */
|
|
|
|
rlogin_state_machine(hash_info, tvb, pinfo);
|
2000-04-08 03:32:10 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
/* Dissect in detail */
|
|
|
|
rlogin_display(hash_info, tvb, pinfo, tree, tcpinfo);
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
void proto_register_rlogin(void)
|
|
|
|
{
|
2000-04-08 03:32:10 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_rlogin,
|
|
|
|
&ett_rlogin_window,
|
|
|
|
&ett_rlogin_window_rows,
|
|
|
|
&ett_rlogin_window_cols,
|
|
|
|
&ett_rlogin_window_x_pixels,
|
|
|
|
&ett_rlogin_window_y_pixels,
|
|
|
|
&ett_rlogin_user_info
|
|
|
|
};
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
static hf_register_info hf[] =
|
|
|
|
{
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_user_info,
|
2005-11-12 22:05:53 +00:00
|
|
|
{ "User Info", "rlogin.user_info", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_client_startup_flag,
|
|
|
|
{ "Client startup flag", "rlogin.client_startup_flag", FT_UINT8, BASE_HEX,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_startup_info_received_flag,
|
|
|
|
{ "Startup info received flag", "rlogin.startup_info_received_flag", FT_UINT8, BASE_HEX,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
},
|
2005-11-12 22:05:53 +00:00
|
|
|
{ &hf_user_info_client_user_name,
|
|
|
|
{ "Client-user-name", "rlogin.client_user_name", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_user_info_server_user_name,
|
|
|
|
{ "Server-user-name", "rlogin.server_user_name", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_user_info_terminal_type,
|
|
|
|
{ "Terminal-type", "rlogin.terminal_type", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_user_info_terminal_speed,
|
|
|
|
{ "Terminal-speed", "rlogin.terminal_speed", FT_UINT32, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_control_message,
|
|
|
|
{ "Control message", "rlogin.control_message", FT_UINT8, BASE_HEX,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
VALS(control_message_vals), 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_window_info,
|
|
|
|
{ "Window Info", "rlogin.window_size", FT_NONE, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
},
|
2005-11-12 22:05:53 +00:00
|
|
|
{ &hf_window_info_ss,
|
|
|
|
{ "Window size marker", "rlogin.window_size.ss", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
|
|
|
},
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_window_info_rows,
|
|
|
|
{ "Rows", "rlogin.window_size.rows", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
},
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_window_info_cols,
|
|
|
|
{ "Columns", "rlogin.window_size.cols", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
},
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_window_info_x_pixels,
|
|
|
|
{ "X Pixels", "rlogin.window_size.x_pixels", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
},
|
2001-07-03 00:40:48 +00:00
|
|
|
{ &hf_window_info_y_pixels,
|
|
|
|
{ "Y Pixels", "rlogin.window_size.y_pixels", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2001-07-03 00:40:48 +00:00
|
|
|
}
|
2005-11-12 22:05:53 +00:00
|
|
|
},
|
|
|
|
{ &hf_data,
|
|
|
|
{ "Data", "rlogin.data", FT_STRING, BASE_NONE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL
|
2005-11-12 22:05:53 +00:00
|
|
|
}
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
proto_rlogin = proto_register_protocol("Rlogin Protocol", "Rlogin", "rlogin");
|
2000-04-08 03:32:10 +00:00
|
|
|
|
|
|
|
proto_register_field_array(proto_rlogin, hf, array_length(hf));
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|
|
|
|
|
2005-11-12 22:05:53 +00:00
|
|
|
void proto_reg_handoff_rlogin(void)
|
|
|
|
{
|
|
|
|
/* Dissector install routine */
|
|
|
|
dissector_handle_t rlogin_handle = create_dissector_handle(dissect_rlogin,proto_rlogin);
|
|
|
|
dissector_add("tcp.port", RLOGIN_PORT, rlogin_handle);
|
2000-04-08 03:32:10 +00:00
|
|
|
}
|