2000-10-19 06:45:11 +00:00
|
|
|
/* packet-tpkt.c
|
|
|
|
*
|
2001-03-28 07:49:41 +00:00
|
|
|
* Routine to check for RFC 1006 TPKT header and to dissect TPKT header
|
2000-10-19 06:45:11 +00:00
|
|
|
* Copyright 2000, Philips Electronics N.V.
|
|
|
|
* Andreas Sikkema <andreas.sikkema@philips.com>
|
|
|
|
*
|
2001-03-28 07:49:41 +00:00
|
|
|
* Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU
|
|
|
|
* Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com>
|
|
|
|
*
|
2002-02-22 08:56:48 +00:00
|
|
|
* $Id: packet-tpkt.c,v 1.12 2002/02/22 08:56:46 guy Exp $
|
2001-06-12 06:32:39 +00:00
|
|
|
*
|
2000-10-19 06:45:11 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
2001-06-12 06:32:39 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
2000-10-19 06:45:11 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2000-10-19 06:45:11 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "packet-tpkt.h"
|
2002-02-22 08:56:48 +00:00
|
|
|
#include "prefs.h"
|
2000-10-19 06:45:11 +00:00
|
|
|
|
|
|
|
/* TPKT header fields */
|
|
|
|
static int proto_tpkt = -1;
|
|
|
|
static int hf_tpkt_version = -1;
|
|
|
|
static int hf_tpkt_reserved = -1;
|
|
|
|
static int hf_tpkt_length = -1;
|
|
|
|
|
|
|
|
/* TPKT fields defining a sub tree */
|
|
|
|
static gint ett_tpkt = -1;
|
|
|
|
|
2002-02-22 08:56:48 +00:00
|
|
|
/* desegmentation of OSI over TPKT over TCP */
|
|
|
|
static gboolean tpkt_desegment = TRUE;
|
|
|
|
|
2001-03-28 07:49:41 +00:00
|
|
|
#define TCP_PORT_TPKT 102
|
|
|
|
|
|
|
|
/* find the dissector for OSI TP (aka COTP) */
|
|
|
|
static dissector_handle_t osi_tp_handle;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check whether this could be a TPKT-encapsulated PDU.
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
* Returns -1 if it's not.
|
|
|
|
* Sets "*offset" to the offset of the first byte past the TPKT header,
|
|
|
|
* and returns the length from the TPKT header, if it is.
|
2001-03-28 07:49:41 +00:00
|
|
|
*/
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
int
|
|
|
|
is_tpkt( tvbuff_t *tvb, int *offset )
|
2000-10-19 06:45:11 +00:00
|
|
|
{
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
guint16 data_len;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If TPKT is disabled, don't dissect it, just return -1, meaning
|
|
|
|
* "this isn't TPKT".
|
|
|
|
*/
|
|
|
|
if (!proto_is_protocol_enabled(proto_tpkt))
|
|
|
|
return -1;
|
|
|
|
|
2001-03-28 07:49:41 +00:00
|
|
|
/* There should at least be 4 bytes left in the frame */
|
2002-02-22 08:56:48 +00:00
|
|
|
if (!tvb_bytes_exist(tvb, *offset, 4))
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
return -1; /* there aren't */
|
|
|
|
|
|
|
|
/*
|
2001-03-28 07:49:41 +00:00
|
|
|
* The first octet should be 3 and the second one should be 0
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
* The H.323 implementers guide suggests that this might not
|
2001-03-28 07:49:41 +00:00
|
|
|
* always be the case....
|
|
|
|
*/
|
2000-10-19 06:45:11 +00:00
|
|
|
if ( ! ( ( tvb_get_guint8( tvb, ( *offset ) ) == 3 ) &&
|
2001-03-28 07:49:41 +00:00
|
|
|
( tvb_get_guint8( tvb, ( *offset ) + 1 ) == 0 ) ) )
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
return -1; /* They're not */
|
|
|
|
|
|
|
|
data_len = tvb_get_ntohs( tvb, ( *offset ) + 2 );
|
2000-10-19 06:45:11 +00:00
|
|
|
|
Clean up the heuristic code in the Q.931 dissector. If it's a heuristic
dissector, it's looking for Q.931 encapsulated inside TPKT, so it
shouldn't check whether the first byte is NLPID_Q_931 or not, as it
*won't* be NLPID_Q_931, it'll be 3, for the TPKT version. It should
first check whether "is_tpkt()" thinks it's a TPKT packet, and then
check that the packet has at least 3 bytes past the TPKT header, then
check the first byte in the payload to see whether it's NLPID_Q_931. If
that all succeeds, treat it as Q.931 inside TPKT.
Make "is_tpkt()" return the length from the TPKT header on success, and
-1 on failure, and return the offset past the TPKT header via a pointer
(so clients don't have to know that the TPKT header is 4 bytes long).
svn path=/trunk/; revision=4669
2002-02-02 02:51:20 +00:00
|
|
|
*offset += 4;
|
|
|
|
return data_len;
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
|
|
|
|
2001-03-28 07:49:41 +00:00
|
|
|
/*
|
2002-02-22 08:56:48 +00:00
|
|
|
* Dissect TPKT-encapsulated data in a TCP stream.
|
2001-03-28 07:49:41 +00:00
|
|
|
*/
|
2002-02-22 08:56:48 +00:00
|
|
|
void
|
|
|
|
dissect_tpkt_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
|
gboolean desegment, dissector_handle_t subdissector_handle)
|
2000-10-19 06:45:11 +00:00
|
|
|
{
|
2002-02-22 08:56:48 +00:00
|
|
|
proto_item *ti = NULL;
|
|
|
|
proto_tree *tpkt_tree = NULL;
|
|
|
|
int offset = 0;
|
|
|
|
int length_remaining;
|
|
|
|
int data_len;
|
|
|
|
int length;
|
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
const char *saved_proto;
|
|
|
|
|
|
|
|
while (tvb_reported_length_remaining(tvb, offset) != 0) {
|
|
|
|
length_remaining = tvb_length_remaining(tvb, offset);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Can we do reassembly?
|
|
|
|
*/
|
|
|
|
if (desegment && pinfo->can_desegment) {
|
|
|
|
/*
|
|
|
|
* Yes - is the TPKT header split across segment
|
|
|
|
* boundaries?
|
|
|
|
*/
|
|
|
|
if (length_remaining < 4) {
|
|
|
|
/*
|
|
|
|
* Yes. Tell the TCP dissector where
|
|
|
|
* the data for this message starts in
|
|
|
|
* the data it handed us, and how many
|
|
|
|
* more bytes we need, and return.
|
|
|
|
*/
|
|
|
|
pinfo->desegment_offset = offset;
|
|
|
|
pinfo->desegment_len = 4 - length_remaining;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Dissect the TPKT header.
|
|
|
|
* Save and restore "pinfo->current_proto".
|
|
|
|
*/
|
|
|
|
saved_proto = pinfo->current_proto;
|
|
|
|
pinfo->current_proto = "TPKT";
|
|
|
|
|
|
|
|
data_len = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO,
|
|
|
|
"TPKT Data length = %u", data_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
ti = proto_tree_add_item(tree, proto_tpkt, tvb,
|
|
|
|
offset, 4, FALSE);
|
|
|
|
tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
|
|
|
|
|
|
|
|
/* Version */
|
|
|
|
proto_tree_add_item(tpkt_tree, hf_tpkt_version, tvb,
|
|
|
|
offset, 1, FALSE);
|
|
|
|
|
|
|
|
/* Reserved octet*/
|
|
|
|
proto_tree_add_item(tpkt_tree, hf_tpkt_reserved, tvb,
|
|
|
|
offset + 1, 1, FALSE);
|
|
|
|
|
|
|
|
/* Length */
|
|
|
|
proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
|
|
|
|
offset + 2, 2, data_len);
|
|
|
|
}
|
|
|
|
pinfo->current_proto = saved_proto;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Can we do reassembly?
|
|
|
|
*/
|
|
|
|
if (desegment && pinfo->can_desegment) {
|
|
|
|
/*
|
|
|
|
* Yes - is the payload split across segment
|
|
|
|
* boundaries?
|
|
|
|
*/
|
|
|
|
if (length_remaining < data_len + 4) {
|
|
|
|
/*
|
|
|
|
* Yes. Tell the TCP dissector where
|
|
|
|
* the data for this message starts in
|
|
|
|
* the data it handed us, and how many
|
|
|
|
* more bytes we need, and return.
|
|
|
|
*/
|
|
|
|
pinfo->desegment_offset = offset;
|
|
|
|
pinfo->desegment_len =
|
|
|
|
(data_len + 4) - length_remaining;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Skip the TPKT header. */
|
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Construct a tvbuff containing the amount of the payload
|
|
|
|
* we have available. Make its reported length the
|
|
|
|
* amount of data in this TPKT packet.
|
|
|
|
*/
|
|
|
|
length = length_remaining - 4;
|
|
|
|
if (length > data_len)
|
|
|
|
length = data_len;
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, length, data_len);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Call the subdissector.
|
|
|
|
*/
|
|
|
|
call_dissector(subdissector_handle, next_tvb, pinfo, tree);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Skip the payload.
|
|
|
|
*/
|
|
|
|
offset += length;
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2001-03-28 07:49:41 +00:00
|
|
|
/*
|
|
|
|
* Dissect RFC 1006 TPKT, which wraps a TPKT header around an OSI TP
|
|
|
|
* PDU.
|
|
|
|
*/
|
|
|
|
static void
|
2002-02-22 08:56:48 +00:00
|
|
|
dissect_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
2001-03-28 07:49:41 +00:00
|
|
|
{
|
2002-02-22 08:56:48 +00:00
|
|
|
dissect_tpkt_encap(tvb, pinfo, tree, tpkt_desegment, osi_tp_handle);
|
2001-03-28 07:49:41 +00:00
|
|
|
}
|
|
|
|
|
2000-10-19 06:45:11 +00:00
|
|
|
void
|
|
|
|
proto_register_tpkt(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] =
|
|
|
|
{
|
|
|
|
{
|
|
|
|
&hf_tpkt_version,
|
|
|
|
{
|
|
|
|
"Version",
|
|
|
|
"tpkt.version",
|
|
|
|
FT_UINT8,
|
|
|
|
BASE_DEC,
|
|
|
|
NULL,
|
|
|
|
0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
&hf_tpkt_reserved,
|
|
|
|
{
|
|
|
|
"Reserved",
|
|
|
|
"tpkt.reserved",
|
|
|
|
FT_UINT8,
|
|
|
|
BASE_DEC,
|
|
|
|
NULL,
|
|
|
|
0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
&hf_tpkt_length,
|
|
|
|
{
|
|
|
|
"Length",
|
|
|
|
"tpkt.length",
|
|
|
|
FT_UINT16,
|
|
|
|
BASE_DEC,
|
|
|
|
NULL,
|
|
|
|
0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"", HFILL
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
|
|
|
},
|
2001-03-28 07:49:41 +00:00
|
|
|
};
|
2000-10-19 06:45:11 +00:00
|
|
|
|
|
|
|
static gint *ett[] =
|
|
|
|
{
|
|
|
|
&ett_tpkt,
|
|
|
|
};
|
2002-02-22 08:56:48 +00:00
|
|
|
module_t *tpkt_module;
|
2000-10-19 06:45:11 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_tpkt = proto_register_protocol("TPKT", "TPKT", "tpkt");
|
2000-10-19 06:45:11 +00:00
|
|
|
proto_register_field_array(proto_tpkt, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2002-02-22 08:56:48 +00:00
|
|
|
|
|
|
|
tpkt_module = prefs_register_protocol(proto_tpkt, NULL);
|
|
|
|
prefs_register_bool_preference(tpkt_module, "desegment",
|
|
|
|
"Desegment all TPKT messages spanning multiple TCP segments",
|
|
|
|
"Whether the TPKT dissector should desegment all messages spanning multiple TCP segments",
|
|
|
|
&tpkt_desegment);
|
2000-10-19 06:45:11 +00:00
|
|
|
}
|
2001-03-28 07:49:41 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_tpkt(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t tpkt_handle;
|
|
|
|
|
2001-03-28 07:49:41 +00:00
|
|
|
osi_tp_handle = find_dissector("ositp");
|
2001-12-03 04:00:26 +00:00
|
|
|
tpkt_handle = create_dissector_handle(dissect_tpkt, proto_tpkt);
|
|
|
|
dissector_add("tcp.port", TCP_PORT_TPKT, tpkt_handle);
|
2001-03-28 07:49:41 +00:00
|
|
|
}
|