osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

RTPS-VT: New dissector to enhance the RTPS protocol 

Added dissectors for RTPS Virtual Transport and RTPS Processed Protocols

RTI Connext DDS can capture RTPS-related traffic by using the Network Capture
Utility. The generated .pcap capture files will follow these protocols,
establishing a format for how information must be saved, and then
parsed. This will improve debuggability by including additional information
obtained from within Connext DDS.

RTPS-VT parses the information related to the transport. It then, calls
the RTPS-PROC dissector, which handles the rest: calling the RTPS
dissector when needed, and parsing additional information such as the
one related to security.
This commit is contained in:
Luis Colmenero 2020-10-07 22:30:16 +02:00 committed by Wireshark GitLab Utility
parent 2549e51ee4
commit 3cdbbcdfb9
5 changed files with 1760 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/CMakeLists.txt
View File

@ -1693,6 +1693,8 @@ set(DISSECTOR_SRC
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtp-ed137.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtpproxy.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtps.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtps-virtual-transport.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtps-processed.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rtsp.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rudp.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-rwall.c

450
epan/dissectors/packet-rtps-processed.c Normal file
View File

@ -0,0 +1,450 @@
/* packet-rtps-processed.c
* Dissector for the Real-Time Publish-Subscribe (RTPS) Processed Protocol.
*
* (c) 2020 Copyright, Real-Time Innovations, Inc.
* Real-Time Innovations, Inc.
* 232 East Java Drive
* Sunnyvale, CA 94089
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*
* -----------------------------------------------------------------------------
* RTI Connext DDS can capture RTPS-related traffic by using the Network Capture
* Utility. The generated .pcap capture files will follow a format that
* defines how information must be saved, and then parsed.
*
* The format is divided into two layers/protocols: virtual transport
* (packet-rtps-virtual-transport.c) and processed (packet-rtps-processed.c).
* This file is about the processed dissector. For a general introduction and
* information about the virtual transport dissector, read the documentation at
* the beginning of packet-rtps-virtual-transport.c.
*
* The processed dissector is called by the transport dissector. It should never
* be called directly by Wireshark without going through the transport
* dissector first.
*
* The advanced information contains one parameter that it is really important
* (and compulsory). This parameter is the "main frame", i.e. the frame that
* would usually be captured over the wire. This frame is encrypted if security
* applies.
*
* Then we have two optional fields: advanced frame0 and frame1.
* - frame0: Contains the RTPS frame with submessage protection (but
* decrypted at the RTPS level).
* - frame1:
* - Inbound traffic: A list of decrypted RTPS submessages (the protected
* ones from frame0).
* - Outbound traffic: The RTPS message before any kind of protection.
* The contents encrypted at RTPS message level can be found in the main frame.
*
* We can see there is a difference between frame1 (the parameter containing the
* decrypted RTPS submessages): inbound traffic has a list of submessages (no
* RTPS header) but outbound traffic has a RTPS message. The reason behind
* this is related to how RTI Connext DDS handles protected inbound traffic.
*
* An alternative would be to build the RTPS message from frame0 and frame1 and
* then pass it to the RTPS dissector. This solution would be cleaner but would
* require to keep a buffer and information between parameters.
* The current solution is kept for the moment.
*/
#include "config.h"
#include <glib.h>
#include <epan/packet.h>
#include <epan/expert.h>
#include <epan/prefs.h>
#include <epan/addr_resolv.h>
#include <epan/wmem/wmem.h>
#include <epan/conversation.h>
#include <epan/column.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/dissectors/packet-rtps.h>
#include <stdio.h>
#define PARAM_ID_ADVANCED_FRAME0 0x000C1
#define PARAM_ID_ADVANCED_FRAME1 0x000C2
void proto_reg_handoff_rtps_processed(void);
void proto_register_rtps_processed(void);
static gint dissect_rtps_processed(
tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
void *data);
void get_new_colinfo_w_submessages(
wmem_strbuf_t *out,
wmem_strbuf_t *frame,
const gchar *submessages);
/* Subtree pointers */
static gint rtpsproc_tree = -1;
static gint rtpsproc_ett = -1;
static gint rtpsproc_ett_security = -1;
static gint rtpsproc_ett_advanced_frame0 = -1;
static gint rtpsproc_ett_advanced_frame1 = -1;
/* Initialize the protocol and registered fields */
static header_field_info *rtpsproc_hf = NULL;
static gint rtpsproc_hf_param_id = -1;
static gint rtpsproc_hf_param_length = -1;
/* Used for caching a handle to the RTPS dissector */
static dissector_handle_t rtps_handle = NULL;
/* ========================================================================== */
/* Dissector */
/* ========================================================================== */
/*
* Parameters must be in the right order or dissector will fail.
* This was done instead of looping for all parameters (like in
* packet-rtps-virtual-transport.c) because:
* - The number of parameters is small.
* - This way we can skip creating some headings if they are not needed (by
* using zeros instead).
*/
static gint dissect_rtps_processed(
tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
void *data)
{
proto_tree *rtpsproc_tree_general = NULL;
proto_tree *rtpsproc_tree_security = NULL;
proto_item *rtpsproc_ti = NULL;
guint16 param_id;
guint16 param_length;
gint offset = 0;
gint offset_version = 4; /* 'R', 'T', 'P', 'S' */
tvbuff_t *rtps_payload = NULL;
tvbuff_t *message_payload = NULL;
struct rtpsvt_data *transport_data = (struct rtpsvt_data *) data;
const gchar *title_security = transport_data->direction == 1
? "RTPS Security decoding"
: "RTPS Security pre-encoding";
guint16 rtps_version = 0x0203;
guint16 rtps_vendor_id = 0x0101;
if (transport_data == NULL) {
/* Reject the packet if no transport information */
return 0;
}
param_length = transport_data->rtps_length;
/* ***************************** MAIN ***********************************/
/*
* The contents passed to the rtpsproc dissector must start with the RTPS
* frame.
*/
rtps_version = tvb_get_guint16(
tvb,
offset + offset_version,
ENC_BIG_ENDIAN);
rtps_vendor_id = tvb_get_guint16(
tvb,
offset + offset_version + 2,
ENC_BIG_ENDIAN);
rtps_payload = tvb_new_subset_length(tvb, offset, param_length);
if (rtps_handle != NULL) {
call_dissector(rtps_handle, rtps_payload, pinfo, tree);
}
offset += param_length;
/* *********** Add subtree used for the fields of our rtpsproc_tree *******/
rtpsproc_ti = proto_tree_add_item(
tree,
rtpsproc_tree,
tvb,
offset,
-1,
ENC_BIG_ENDIAN);
rtpsproc_tree_general = proto_item_add_subtree(rtpsproc_ti, rtpsproc_ett);
/* *************************** ADVANCED 0 *******************************/
param_id = tvb_get_guint16(tvb, offset, ENC_BIG_ENDIAN);
if (param_id == PARAM_ID_ADVANCED_FRAME0) {
proto_tree *rtpsproc_tree_frame0 = NULL;
param_length = tvb_get_guint16(tvb, offset + 2, ENC_BIG_ENDIAN);
rtpsproc_tree_security = proto_tree_add_subtree_format(
rtpsproc_tree_general,
tvb,
offset,
0,
rtpsproc_ett_security,
NULL,
"%s",
title_security);
rtpsproc_tree_frame0 = proto_tree_add_subtree_format(
rtpsproc_tree_security,
tvb,
offset,
0,
rtpsproc_ett_advanced_frame0,
NULL,
"%s",
"RTPS level");
proto_tree_add_uint(
rtpsproc_tree_frame0,
rtpsproc_hf_param_id,
tvb,
offset,
2, /* length */
param_id);
offset += 2;
proto_tree_add_uint(
rtpsproc_tree_frame0,
rtpsproc_hf_param_length,
tvb,
offset,
2, /* length */
param_length);
offset += 2;
message_payload = tvb_new_subset_length(tvb, offset, param_length);
if (rtps_handle != NULL) {
call_dissector(
rtps_handle,
message_payload,
pinfo,
rtpsproc_tree_frame0);
}
offset += param_length;
} else {
/*
* If there is no security information, param_id is zeroed.
* In that case the length is also zero, so we move 4 Bytes in total.
*/
offset += 4;
}
/* *************************** ADVANCED 1 *******************************/
param_id = tvb_get_guint16(tvb, offset, ENC_BIG_ENDIAN);
if (param_id == PARAM_ID_ADVANCED_FRAME1) {
proto_tree *rtpsproc_tree_frame1 = NULL;
const gchar *title = transport_data->direction
? "Submessage level"
: "RTPS and Submessage level (no protection)";
param_length = tvb_get_guint16(tvb, offset + 2, ENC_BIG_ENDIAN);
if (rtpsproc_tree_security == NULL) {
rtpsproc_tree_security = proto_tree_add_subtree_format(
rtpsproc_tree_general,
tvb,
offset,
0,
rtpsproc_ett_security,
NULL,
"%s",
title_security);
}
rtpsproc_tree_frame1 = proto_tree_add_subtree_format(
rtpsproc_tree_security,
tvb,
offset,
0,
rtpsproc_ett_advanced_frame1,
NULL,
"%s",
title);
proto_tree_add_uint(
rtpsproc_tree_frame1,
rtpsproc_hf_param_id,
tvb,
offset,
2, /* length */
param_id);
offset += 2;
proto_tree_add_uint(
rtpsproc_tree_frame1,
rtpsproc_hf_param_length,
tvb,
offset,
2, /* length */
param_length);
offset += 2;
/*
* Depending on the direction we have:
* - Inbound: List of decrypted submessages.
* - Outbound: The RTPS message before any kind of protection.
* So, we handle them differently.
*/
if (transport_data->direction) {
tvbuff_t *rtps_submessages = NULL;
wmem_strbuf_t *info_w_encrypted = NULL; /* Current info */
wmem_strbuf_t *info_w_decrypted = NULL; /* New info */
/*
* Get the current column info. This has the RTPS frames with the
* encrypted submessages. We are going to update the text so that
* it has the decrypted information, which is more useful to the
* user.
*/
if (pinfo->cinfo) {
const gchar *colinfo = col_get_text(pinfo->cinfo, COL_INFO);
if (colinfo) {
info_w_encrypted = wmem_strbuf_new(
wmem_packet_scope(),
colinfo);
col_clear(pinfo->cinfo, COL_INFO);
}
}
/* Dissect the submessages using the RTPS dissector */
rtps_submessages = tvb_new_subset_length(tvb, offset, param_length);
dissect_rtps_submessages(
rtps_submessages,
0, /* offset */
pinfo,
rtpsproc_tree_frame1,
rtps_version,
rtps_vendor_id);
offset += param_length;
/*
* Get the decrypted submessages and update the column information.
*/
if (pinfo->cinfo) {
const gchar *colinfo = col_get_text(pinfo->cinfo, COL_INFO);
info_w_decrypted = wmem_strbuf_new(wmem_packet_scope(), "");
if (colinfo) {
get_new_colinfo_w_submessages(
info_w_decrypted, /* out */
info_w_encrypted, /* in */
colinfo); /* in */
col_clear(pinfo->cinfo, COL_INFO);
col_set_str(
pinfo->cinfo,
COL_INFO,
wmem_strbuf_get_str(info_w_decrypted));
}
}
} else {
message_payload = tvb_new_subset_length(tvb, offset, param_length);
if (rtps_handle != NULL) {
call_dissector(
rtps_handle,
message_payload,
pinfo,
rtpsproc_tree_frame1);
}
offset += param_length;
}
} else {
/*
* If there is no security information, param_id is zeroed.
* In that case the length is also zero, so we move 4 Bytes in total.
*/
offset += 4;
}
return tvb_captured_length(tvb);
}
/* ========================================================================== */
/* Other */
/* ========================================================================== */
/*
* This function is called at startup and caches the handle for the register.
* That way we don't have to find the dissector for each packet.
*/
void proto_reg_handoff_rtps_processed(void)
{
rtps_handle = find_dissector("rtps");
}
void get_new_colinfo_w_submessages(
wmem_strbuf_t *out,
wmem_strbuf_t *frame,
const gchar *submessages)
{
const gchar *pattern = "SEC_PREFIX, SEC_BODY, SEC_POSTFIX";
const gchar *frame_str = wmem_strbuf_get_str(frame);
gsize idx = 0; /* index for iterating frame_str */
gchar *submessages_dup = g_strdup(submessages);
/* First decrypted submessage in submessages list */
gchar *submessage_current = strtok(submessages_dup, ", ");
/* First encrypted submessage. Found by searching the RTPS colinfo */
gchar *encrypted_current = strstr(&frame_str[idx], pattern);
while (encrypted_current != NULL) {
/* Copy the RTPS frame up to the newly found encrypted submessage */
gsize length_to_copy = encrypted_current - &frame_str[idx];
wmem_strbuf_append_len(out, &frame_str[idx], length_to_copy);
/* Copy the decrypted contents that replace the encrypted submessage */
wmem_strbuf_append(out, submessage_current);
/* Advance the index and continue searching */
idx += length_to_copy + strlen(pattern);
encrypted_current = strstr(&frame_str[idx], pattern);
}
/* Copy the remaining from the RTPS frame */
wmem_strbuf_append(out, &frame_str[idx]);
}
/* ========================================================================== */
/* Protocol egistration */
/* ========================================================================== */
void
proto_register_rtps_processed(void)
{
static hf_register_info hf[] = {
{
&rtpsproc_hf_param_id,
{
"Parameter Identifier", "rtpsproc.param.id",
FT_UINT16, BASE_DEC, NULL, 0, 0, HFILL
},
},
{
&rtpsproc_hf_param_length,
{
"Parameter Length", "rtpsproc.param.length",
FT_UINT16, BASE_DEC, NULL, 0, 0, HFILL
}
},
};
static gint *ett[] = {
&rtpsproc_ett,
&rtpsproc_ett_security,
&rtpsproc_ett_advanced_frame0,
&rtpsproc_ett_advanced_frame1
};
/* Register the protocol name and description */
rtpsproc_tree = proto_register_protocol(
"Real-Time Publish-Subscribe Wire Protocol (processed)",
"RTPS-PROC",
"rtpsproc");
/* Required function calls to register the header fields and subtrees */
rtpsproc_hf = proto_registrar_get_nth(rtpsproc_tree);
proto_register_field_array(rtpsproc_tree, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_dissector("rtpsproc", dissect_rtps_processed, rtpsproc_tree);
}
// /*
// * Editor modelines - https://www.wireshark.org/tools/modelines.html
// *
// * Local variables:
// * c-basic-offset: 4
// * tab-width: 8
// * indent-tabs-mode: nil
// * End:
// *
// * vi: set shiftwidth=4 tabstop=8 expandtab:
// * :indentSize=4:tabSize=8:noTabs=true:
// */

1207
epan/dissectors/packet-rtps-virtual-transport.c Normal file
View File

File diff suppressed because it is too large Load Diff

63
epan/dissectors/packet-rtps.c
View File

@ -47,6 +47,7 @@
#include <epan/packet.h>
#include <epan/expert.h>
#include <epan/prefs.h>
#include "packet-rtps.h"
#include <epan/addr_resolv.h>
#include <epan/reassemble.h>
#include "zlib.h"
@ -699,22 +700,6 @@ static dissector_table_t rtps_type_name_table;
#define CRYPTO_TRANSFORMATION_KIND_AES256_GMAC (3)
#define CRYPTO_TRANSFORMATION_KIND_AES256_GCM (4)
/* Vendor specific - rti */
#define NDDS_TRANSPORT_CLASSID_ANY (0)
#define NDDS_TRANSPORT_CLASSID_UDPv4 (1)
#define NDDS_TRANSPORT_CLASSID_UDPv6 (2)
#define NDDS_TRANSPORT_CLASSID_INTRA (3)
#define NDDS_TRANSPORT_CLASSID_DTLS (6)
#define NDDS_TRANSPORT_CLASSID_WAN (7)
#define NDDS_TRANSPORT_CLASSID_TCPV4_LAN (8)
#define NDDS_TRANSPORT_CLASSID_TCPV4_WAN (9)
#define NDDS_TRANSPORT_CLASSID_TLSV4_LAN (10)
#define NDDS_TRANSPORT_CLASSID_TLSV4_WAN (11)
#define NDDS_TRANSPORT_CLASSID_PCIE (12)
#define NDDS_TRANSPORT_CLASSID_ITP (13)
#define NDDS_TRANSPORT_CLASSID_SHMEM (0x01000000)
#define NDDS_TRANSPORT_CLASSID_UDPv4_WAN (0x01000001)
#define TOPIC_INFO_ADD_GUID (0x01)
#define TOPIC_INFO_ADD_TYPE_NAME (0x02)
#define TOPIC_INFO_ADD_TOPIC_NAME (0x04)
@ -11863,16 +11848,11 @@ static gboolean dissect_rtps_submessage_v1(tvbuff_t *tvb, packet_info *pinfo, gi
static gboolean dissect_rtps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset)
{
proto_item *ti;
proto_tree *rtps_tree, *rtps_submessage_tree;
guint8 submessageId, flags, majorRev;
proto_tree *rtps_tree;
guint8 majorRev;
guint16 version, vendor_id;
gboolean is_ping;
guint encoding;
gint next_submsg, octets_to_next_header;
int sub_hf;
const value_string *sub_vals;
endpoint_guid guid;
endpoint_guid dst_guid;
guint32 magic_number;
gchar domain_id_str[RTPS_UNKNOWN_DOMAIN_ID_STR_LEN] = RTPS_UNKNOWN_DOMAIN_ID_STR;
/* Check 'RTPS' signature:
@ -11891,9 +11871,8 @@ static gboolean dissect_rtps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
if ((majorRev != 1) && (majorRev != 2))
return FALSE;
/* No fields have been set in either GUID yet. */
/* No fields have been set in GUID yet. */
guid.fields_present = 0;
dst_guid.fields_present = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTPS");
col_clear(pinfo->cinfo, COL_INFO);
@ -12044,6 +12023,30 @@ static gboolean dissect_rtps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
/* offset behind RTPS's Header (need to be set in case tree=NULL)*/
offset += ((version < 0x0200) ? 16 : 20);
dissect_rtps_submessages(tvb, offset, pinfo, rtps_tree, version, vendor_id);
/* If TCP there's an extra OOB byte at the end of the message */
/* TODO: What to do with it? */
return TRUE;
} /* dissect_rtps(...) */
void dissect_rtps_submessages(
tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *rtps_tree,
guint16 version, guint16 vendor_id)
{
guint8 submessageId, flags;
int sub_hf;
const value_string *sub_vals;
proto_item *ti;
proto_tree *rtps_submessage_tree;
guint encoding;
gint next_submsg, octets_to_next_header;
endpoint_guid guid;
endpoint_guid dst_guid;
/* No fields have been set in GUID yet. */
dst_guid.fields_present = 0;
while (tvb_reported_length_remaining(tvb, offset) > 0) {
submessageId = tvb_get_guint8(tvb, offset);
@ -12085,7 +12088,8 @@ static gboolean dissect_rtps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
/* Octets-to-next-header */
octets_to_next_header = tvb_get_guint16(tvb, offset + 2, encoding);
if ((octets_to_next_header == 0) && (version >= 0x0200) && (submessageId != SUBMESSAGE_PAD) && (submessageId != SUBMESSAGE_INFO_TS)) {
if ((octets_to_next_header == 0) && (version >= 0x0200)
&& (submessageId != SUBMESSAGE_PAD) && (submessageId != SUBMESSAGE_INFO_TS)) {
octets_to_next_header = tvb_reported_length_remaining(tvb, offset + 4);
}
next_submsg = offset + octets_to_next_header + 4;
@ -12116,12 +12120,7 @@ static gboolean dissect_rtps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
/* next submessage's offset */
offset = next_submsg;
}
/* If TCP there's an extra OOB byte at the end of the message */
/* TODO: What to do with it? */
return TRUE;
} /* dissect_rtps(...) */
}
static gboolean dissect_rtps_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{

70
epan/dissectors/packet-rtps.h Normal file
View File

@ -0,0 +1,70 @@
/* packet-rtps.h
* Header file for the Real-Time Publish-Subscribe (RTPS) and related (RTPS
* Virtual Transport and Processed) protocols.
*
* (c) 2020 Copyright, Real-Time Innovations, Inc.
* Real-Time Innovations, Inc.
* 232 East Java Drive
* Sunnyvale, CA 94089
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef _TYPEDEFS_DEFINES_RTPS_H
#define _TYPEDEFS_DEFINES_RTPS_H
#ifdef __cplusplus
extern "C" {
#endif
/* Vendor specific - rti */
#define NDDS_TRANSPORT_CLASSID_ANY (0)
#define NDDS_TRANSPORT_CLASSID_UDPv4 (1)
#define NDDS_TRANSPORT_CLASSID_UDPv6 (2)
#define NDDS_TRANSPORT_CLASSID_INTRA (3)
#define NDDS_TRANSPORT_CLASSID_DTLS (6)
#define NDDS_TRANSPORT_CLASSID_WAN (7)
#define NDDS_TRANSPORT_CLASSID_TCPV4_LAN (8)
#define NDDS_TRANSPORT_CLASSID_TCPV4_WAN (9)
#define NDDS_TRANSPORT_CLASSID_TLSV4_LAN (10)
#define NDDS_TRANSPORT_CLASSID_TLSV4_WAN (11)
#define NDDS_TRANSPORT_CLASSID_PCIE (12)
#define NDDS_TRANSPORT_CLASSID_ITP (13)
#define NDDS_TRANSPORT_CLASSID_SHMEM (0x01000000)
#define NDDS_TRANSPORT_CLASSID_UDPv4_WAN (0x01000001)
/* Process a submessage: used in packet-rtps-processed.c */
extern void dissect_rtps_submessages(
tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *rtps_tree,
guint16 version, guint16 vendor_id);
/* Information that the RTPS-VT protocol passes to RTPS-PROC */
struct rtpsvt_data {
guint8 version_major;
guint8 version_minor;
guint8 direction;
guint16 rtps_length;
};
#ifdef __cplusplus
} /* extern "C"*/
#endif
#endif /* _TYPEDEFS_DEFINES_RTPS_H */
/*
* Editor modelines
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/