forked from osmocom/wireshark
From Patrick White via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7061 :
Add UDP to BFCP dissector and dissect new primitives and attibutes From me: add an expert info in case of invalid payload length to avoid a potential infinite loop svn path=/trunk/; revision=42160
This commit is contained in:
parent
d74383ed1c
commit
3140c10fbb
|
@ -32,18 +32,24 @@
|
|||
|
||||
#include <epan/packet.h>
|
||||
#include <epan/prefs.h>
|
||||
#include <epan/expert.h>
|
||||
|
||||
/* Initialize protocol and registered fields */
|
||||
static int proto_bfcp = -1;
|
||||
static gboolean bfcp_enable_heuristic_dissection = FALSE;
|
||||
static dissector_handle_t bfcp_handle;
|
||||
|
||||
|
||||
static int hf_bfcp_transaction_initiator = -1;
|
||||
static int hf_bfcp_primitive = -1;
|
||||
static int hf_bfcp_payload_length = -1;
|
||||
static int hf_bfcp_conference_id = -1;
|
||||
static int hf_bfcp_transaction_id = -1;
|
||||
static int hf_bfcp_user_id = -1;
|
||||
static int hf_bfcp_payload = -1;
|
||||
static int hf_bfcp_attribute_types = -1;
|
||||
static int hf_bfcp_attribute_length = -1;
|
||||
static int hf_bfcp_request_status = -1;
|
||||
|
||||
/* Initialize subtree pointers */
|
||||
static gint ett_bfcp = -1;
|
||||
|
@ -64,10 +70,51 @@ static const value_string map_bfcp_primitive[] = {
|
|||
{ 11, "Hello"},
|
||||
{ 12, "HelloAck"},
|
||||
{ 13, "Error"},
|
||||
{ 14, "FloorRequestStatusAck"},
|
||||
{ 15, "ErrorAck"},
|
||||
{ 16, "FloorStatusAck"},
|
||||
{ 17, "Goodbye"},
|
||||
{ 18, "GoodbyeAck"},
|
||||
{ 0, NULL},
|
||||
};
|
||||
|
||||
static const value_string map_bfcp_attribute_types[] = {
|
||||
{ 0, "<Invalid Primitive>"},
|
||||
{ 1, "BeneficiaryID"},
|
||||
{ 2, "FloorID"},
|
||||
{ 3, "FloorRequestID"},
|
||||
{ 4, "Priority"},
|
||||
{ 5, "RequestStatus"},
|
||||
{ 6, "ErrorCode"},
|
||||
{ 7, "ErrorInfo"},
|
||||
{ 8, "ParticipantProvidedInfo"},
|
||||
{ 9, "StatusInfo"},
|
||||
{ 10, "SupportedAttributes"},
|
||||
{ 11, "SupportedPrimitives"},
|
||||
{ 12, "UserDisplayName"},
|
||||
{ 13, "UserURI"},
|
||||
{ 14, "BeneficiaryInformation"},
|
||||
{ 15, "FloorRequestInformation"},
|
||||
{ 16, "RequestedByInformation"},
|
||||
{ 17, "FloorRequestStatus"},
|
||||
{ 18, "OverallRequestStatus"},
|
||||
{ 0, NULL},
|
||||
};
|
||||
|
||||
static const value_string map_bfcp_request_status[] = {
|
||||
{ 0, "<Invalid Primitive>"},
|
||||
{ 1, "Pending"},
|
||||
{ 2, "Accepted"},
|
||||
{ 3, "Granted"},
|
||||
{ 4, "Denied"},
|
||||
{ 5, "Cancelled"},
|
||||
{ 6, "Released"},
|
||||
{ 7, "Revoked"},
|
||||
{ 0, NULL},
|
||||
};
|
||||
|
||||
/*Define offset for fields in BFCP packet */
|
||||
#define BFCP_OFFSET_TRANSACTION_INITIATOR 0
|
||||
#define BFCP_OFFSET_PRIMITIVE 1
|
||||
#define BFCP_OFFSET_PAYLOAD_LENGTH 2
|
||||
#define BFCP_OFFSET_CONFERENCE_ID 4
|
||||
|
@ -76,13 +123,13 @@ static const value_string map_bfcp_primitive[] = {
|
|||
#define BFCP_OFFSET_PAYLOAD 12
|
||||
|
||||
/* Code to actually dissect BFCP packets */
|
||||
static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
static gboolean dissect_bfcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
{
|
||||
guint8 first_byte = 0;
|
||||
guint8 primitive = 0;
|
||||
const gchar *str = NULL;
|
||||
guint idx = 0;
|
||||
gint bfcp_payload_length = 0;
|
||||
gint bfcp_payload_length;
|
||||
|
||||
/* Size of smallest BFCP packet 12-octets */
|
||||
if (tvb_length(tvb) < 12)
|
||||
|
@ -91,16 +138,16 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
|
|||
/* Check version and reserved bits in first byte */
|
||||
first_byte = tvb_get_guint8 (tvb, 0);
|
||||
|
||||
/* If first_byte of bfcp_packet is not 0x20 then
|
||||
* this can not be a BFCP. Return FALSE give another
|
||||
* dissector a chance to dissect it.
|
||||
/* If first_byte of bfcp_packet is a combination of the
|
||||
* version and the I bit. The value must be either 0x20 or 0x30
|
||||
* if the bit is set, otherwise it is not BFCP.
|
||||
*/
|
||||
if (first_byte != 0x20)
|
||||
if (first_byte != 0x20 && first_byte != 0x30 )
|
||||
return FALSE;
|
||||
|
||||
primitive = tvb_get_guint8 (tvb, 1);
|
||||
|
||||
if (primitive < 1 || primitive > 13)
|
||||
if (primitive < 1 || primitive > 18 )
|
||||
return FALSE;
|
||||
|
||||
str = match_strval_idx(primitive, map_bfcp_primitive, &idx);
|
||||
|
@ -112,7 +159,7 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
|
|||
col_add_str (pinfo->cinfo, COL_INFO, str);
|
||||
|
||||
if (tree) {
|
||||
|
||||
gint read_attr = 0;
|
||||
proto_item *ti = NULL;
|
||||
proto_tree *bfcp_tree = NULL;
|
||||
|
||||
|
@ -120,6 +167,8 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
|
|||
bfcp_tree = proto_item_add_subtree(ti, ett_bfcp);
|
||||
|
||||
/* Add items to BFCP tree */
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_transaction_initiator, tvb,
|
||||
BFCP_OFFSET_TRANSACTION_INITIATOR, 1, ENC_BIG_ENDIAN);
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_primitive, tvb,
|
||||
BFCP_OFFSET_PRIMITIVE, 1, ENC_BIG_ENDIAN);
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_payload_length, tvb,
|
||||
|
@ -132,12 +181,54 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
|
|||
BFCP_OFFSET_USER_ID, 2, ENC_BIG_ENDIAN);
|
||||
|
||||
bfcp_payload_length = tvb_get_ntohs(tvb,
|
||||
BFCP_OFFSET_PAYLOAD_LENGTH);
|
||||
BFCP_OFFSET_PAYLOAD_LENGTH) * 4;
|
||||
|
||||
if (tvb_length_remaining(tvb, BFCP_OFFSET_PAYLOAD) > 0)
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_payload, tvb,
|
||||
BFCP_OFFSET_PAYLOAD, bfcp_payload_length,
|
||||
ENC_NA);
|
||||
while( tvb_length_remaining(tvb, BFCP_OFFSET_PAYLOAD + read_attr) >= 2 &&
|
||||
(bfcp_payload_length - read_attr) >= 2 )
|
||||
{
|
||||
gint read = 0;
|
||||
guint8 first_byte = 0;
|
||||
guint8 attribute_type = 0;
|
||||
guint8 length = 0;
|
||||
first_byte = tvb_get_guint8 (tvb, BFCP_OFFSET_PAYLOAD + read_attr );
|
||||
|
||||
/* Padding so continue to next attribute */
|
||||
if( first_byte == 0 )
|
||||
{
|
||||
read_attr++;
|
||||
continue;
|
||||
}
|
||||
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_attribute_types, tvb,
|
||||
BFCP_OFFSET_PAYLOAD + read_attr,1, ENC_BIG_ENDIAN);
|
||||
attribute_type = (first_byte & 0xFE) >> 1;
|
||||
read++;
|
||||
|
||||
ti = proto_tree_add_item(bfcp_tree, hf_bfcp_attribute_length, tvb,
|
||||
BFCP_OFFSET_PAYLOAD + read_attr + read,1, ENC_BIG_ENDIAN);
|
||||
length = tvb_get_guint8 (tvb, BFCP_OFFSET_PAYLOAD + read_attr + read );
|
||||
read++;
|
||||
|
||||
/* If RequestStatus then show what type of status it is... */
|
||||
if( attribute_type == 5 )
|
||||
{
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_request_status, tvb,
|
||||
BFCP_OFFSET_PAYLOAD + read_attr + read,1, ENC_BIG_ENDIAN);
|
||||
read++;
|
||||
}
|
||||
if (length >= read)
|
||||
{
|
||||
proto_tree_add_item(bfcp_tree, hf_bfcp_payload, tvb,
|
||||
BFCP_OFFSET_PAYLOAD + read_attr + read, length-read, ENC_NA);
|
||||
}
|
||||
else
|
||||
{
|
||||
expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR,
|
||||
"Attribute length is too small (%d bytes)", length);
|
||||
break;
|
||||
}
|
||||
read_attr = read_attr + length;
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -150,16 +241,20 @@ void proto_reg_handoff_bfcp(void)
|
|||
* Heuristic dissection in disabled by default since
|
||||
* the heuristic is quite weak.
|
||||
*/
|
||||
if (!prefs_initialized) {
|
||||
heur_dissector_add ("tcp", dissect_bfcp_tcp, proto_bfcp);
|
||||
bfcp_handle = new_create_dissector_handle(dissect_bfcp_tcp,
|
||||
proto_bfcp);
|
||||
dissector_add_handle("tcp.port", bfcp_handle);
|
||||
|
||||
prefs_initialized = TRUE;
|
||||
if (!prefs_initialized)
|
||||
{
|
||||
heur_dissector_add ("tcp", dissect_bfcp, proto_bfcp);
|
||||
heur_dissector_add ("udp", dissect_bfcp, proto_bfcp);
|
||||
bfcp_handle = new_create_dissector_handle(dissect_bfcp, proto_bfcp);
|
||||
dissector_add_handle("tcp.port", bfcp_handle);
|
||||
dissector_add_handle("udp.port", bfcp_handle);
|
||||
prefs_initialized = TRUE;
|
||||
}
|
||||
|
||||
heur_dissector_set_enabled("tcp", dissect_bfcp_tcp, proto_bfcp,
|
||||
heur_dissector_set_enabled("tcp", dissect_bfcp, proto_bfcp,
|
||||
bfcp_enable_heuristic_dissection);
|
||||
|
||||
heur_dissector_set_enabled("udp", dissect_bfcp, proto_bfcp,
|
||||
bfcp_enable_heuristic_dissection);
|
||||
}
|
||||
|
||||
|
@ -168,6 +263,13 @@ void proto_register_bfcp(void)
|
|||
module_t *bfcp_module;
|
||||
|
||||
static hf_register_info hf[] = {
|
||||
{
|
||||
&hf_bfcp_transaction_initiator,
|
||||
{ "Transaction Initiator", "bfcp.transaction_initiator",
|
||||
FT_BOOLEAN, 8,
|
||||
NULL, 0x10,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{
|
||||
&hf_bfcp_primitive,
|
||||
{ "Primitive", "bfcp.primitive",
|
||||
|
@ -209,6 +311,27 @@ void proto_register_bfcp(void)
|
|||
FT_BYTES, BASE_NONE,
|
||||
NULL, 0x0, NULL,
|
||||
HFILL }
|
||||
},
|
||||
{
|
||||
&hf_bfcp_attribute_types,
|
||||
{ "Attribute Type", "bfcp.attribute_type",
|
||||
FT_UINT8, BASE_DEC,
|
||||
VALS(map_bfcp_attribute_types), 0xFE,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{
|
||||
&hf_bfcp_attribute_length,
|
||||
{ "Attribute Length", "bfcp.attribute_length",
|
||||
FT_UINT16, BASE_DEC,
|
||||
NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{
|
||||
&hf_bfcp_request_status,
|
||||
{ "Request Status", "bfcp.request_status",
|
||||
FT_UINT8, BASE_DEC,
|
||||
VALS(map_bfcp_request_status), 0x0,
|
||||
NULL, HFILL }
|
||||
}
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue