ssh: switching consistently from g_debug to ws_debug

2022-02-11 21:22:10 +01:00 · 2022-02-11 21:22:10 +01:00 · a036c4dd09
parent 797486fa18
commit a036c4dd09
2 changed files with 27 additions and 22 deletions
--- a/epan/dissectors/packet-sftp.c
+++ b/epan/dissectors/packet-sftp.c
@ -24,8 +24,8 @@

 #include "config.h"

-/* Start with G_MESSAGES_DEBUG=sftp to see messages. */
-#define G_LOG_DOMAIN "sftp"
+/* Start with WIRESHARK_LOG_DOMAINS=sftp and WIRESHARK_LOG_LEVEL=debug to see messages. */
+#define WS_LOG_DOMAIN "sftp"

 #include <epan/packet.h>
 #include <epan/expert.h>
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@ -36,6 +36,7 @@
 /* "SSH" prefixes are for version 2, whereas "SSH1" is for version 1 */

 #include "config.h"
+/* Start with WIRESHARK_LOG_DOMAINS=packet-ssh and WIRESHARK_LOG_LEVEL=debug to see messages. */
 #define WS_LOG_DOMAIN "packet-ssh"

 // Define this to get hex dumps more similar to what you get in openssh. If not defined, dumps look more like what you get with other dissectors.
@ -591,6 +592,9 @@ static gboolean ssh_read_e(tvbuff_t *tvb, int offset,
        struct ssh_flow_data *global_data);
 static gboolean ssh_read_f(tvbuff_t *tvb, int offset,
        struct ssh_flow_data *global_data);
+#ifdef SSH_DECRYPTION_SUPPORTED
+static ssh_bignum * ssh_read_mpint(tvbuff_t *tvb, int offset);
+#endif
 static void ssh_keylog_hash_write_secret(struct ssh_flow_data *global_data);
 static ssh_bignum *ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignum *modulo);
 static void ssh_hash_buffer_put_string(wmem_array_t *buffer, const gchar *string,
@ -1993,7 +1997,7 @@ ssh_keylog_process_lines(const guint8 *data, guint datalen)
 static void
 ssh_keylog_process_line(const char *line)
 {
-    ws_debug("ssh: process line: %s", line);
+    ws_noisy("ssh: process line: %s", line);

    gchar **split = g_strsplit(line, " ", 2);
    gchar *cookie, *key;
@ -2693,12 +2697,12 @@ ssh_decryption_set_mac_id(struct ssh_peer_data *peer)

    if (!mac_name) {
        peer->mac = NULL;
-        g_debug("ERROR: mac_name is NULL");
+        ws_debug("ERROR: mac_name is NULL");
    } else if (0 == strcmp(mac_name, "hmac-sha2-256")) {
        peer->mac_id = CIPHER_MAC_SHA2_256;
    } else {
        peer->mac = NULL;
-        g_debug("decryption MAC not supported: %s", mac_name);
+        ws_debug("decryption MAC not supported: %s", mac_name);
    }
 }

@ -2751,7 +2755,7 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
        gint iKeyLen = CIPHER_AES128_CBC == peer_data->cipher_id?16:CIPHER_AES192_CBC == peer_data->cipher_id?24:32;
        if (gcry_cipher_open(hd1, CIPHER_AES128_CBC == peer_data->cipher_id?GCRY_CIPHER_AES128:CIPHER_AES192_CBC == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS)) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
+            ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
            return;
        }
        gchar k1[32], iv1[16];
@ -2772,14 +2776,14 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,

        if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
+            ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
            return;
        }

        if ((err = gcry_cipher_setiv(*hd1, iv1, 16))) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
-            g_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
+            ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
+            ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
            return;
        }

@ -2787,7 +2791,7 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
        gint iKeyLen = CIPHER_AES128_CTR == peer_data->cipher_id?16:CIPHER_AES192_CTR == peer_data->cipher_id?24:32;
        if (gcry_cipher_open(hd1, CIPHER_AES128_CTR == peer_data->cipher_id?GCRY_CIPHER_AES128:CIPHER_AES192_CTR == peer_data->cipher_id?GCRY_CIPHER_AES192:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0)) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
+            ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
            return;
        }
        gchar k1[32], iv1[16];
@ -2808,14 +2812,14 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,

        if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
+            ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
            return;
        }

        if ((err = gcry_cipher_setctr(*hd1, iv1, 16))) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
-            g_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
+            ws_debug("ssh: can't set aes%d cipher iv", iKeyLen*8);
+            ws_debug("libgcrypt: %d %s %s", gcry_err_code(err), gcry_strsource(err), gcry_strerror(err));
            return;
        }

@ -2824,7 +2828,7 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,
        gint iKeyLen = CIPHER_AES128_GCM == peer_data->cipher_id?16:32;
        if (gcry_cipher_open(hd1, CIPHER_AES128_GCM == peer_data->cipher_id?GCRY_CIPHER_AES128:GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 0)) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
+            ws_debug("ssh: can't open aes%d cipher handle", iKeyLen*8);
            return;
        }

@ -2846,7 +2850,7 @@ ssh_decryption_setup_cipher(struct ssh_peer_data *peer_data,

        if ((err = gcry_cipher_setkey(*hd1, k1, iKeyLen))) {
            gcry_cipher_close(*hd1);
-            g_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
+            ws_debug("ssh: can't set aes%d cipher key", iKeyLen*8);
            return;
        }

@ -2869,7 +2873,7 @@ ssh_decryption_setup_mac(struct ssh_peer_data *peer_data,
        ssh_debug_printf("ssh: mac is hmac-sha2-256\n");
        ssh_print_data("iv", peer_data->hmac_iv, peer_data->hmac_iv_len);
    }else{
-        g_debug("ssh: unsupported MAC");
+        ws_debug("ssh: unsupported MAC");
    }
 }

@ -3004,6 +3008,7 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
    ssh_message_info_t *message = NULL;
    ssh_message_info_t **pmessage = &packet->messages;
    while(*pmessage){
+//        ws_debug("looking for message %d now %d", record_id, (*pmessage)->id);
        if ((*pmessage)->id == record_id) {
            message = *pmessage;
            break;
@ -3187,13 +3192,13 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
        }else{
 // TODO: see how to handle fragmentation...
 //            const gchar *ctext = NULL;
-            g_debug("Getting raw bytes of length %d", tvb_reported_length_remaining(tvb, offset));
+            ws_noisy("Getting raw bytes of length %d", tvb_reported_length_remaining(tvb, offset));
            const gchar *cypher_buf0 = (const gchar *)tvb_get_ptr(tvb, offset, tvb_reported_length_remaining(tvb, offset));

            gchar   plain0[16];
            if (gcry_cipher_decrypt(peer_data->cipher, plain0, 16, cypher_buf0, 16))
            {
-                g_debug("can\'t decrypt aes128");
+                ws_debug("can\'t decrypt aes128");
                return offset;
            }
 //            ctext = cypher_buf0;
@ -3202,7 +3207,7 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
            guint remaining = tvb_reported_length_remaining(tvb, offset);

            if(message_length_decrypted>32768){
-                g_debug("ssh: unreasonable message length %u/%u", message_length_decrypted, message_length);
+                ws_debug("ssh: unreasonable message length %u/%u", message_length_decrypted, message_length);
                offset += remaining;
                return tvb_captured_length(tvb);
            }else{
@ -3218,7 +3223,7 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
                    gchar *ct = (gchar *)tvb_get_ptr(tvb, offset+offs, 16);
                    if (gcry_cipher_decrypt(peer_data->cipher, plain+offs, 16, ct, 16))
                    {
-                        g_debug("can\'t decrypt aes128");
+                        ws_debug("can\'t decrypt aes128");
                        return offset;
                    }
                    offs += 16;
@ -3226,7 +3231,7 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,

                if(message_length_decrypted>remaining){
                    // Need desegmentation
-                    g_debug("  need_desegmentation: offset = %d, reported_length_remaining = %d\n",
+                    ws_noisy("  need_desegmentation: offset = %d, reported_length_remaining = %d\n",
                                    offset, tvb_reported_length_remaining(tvb, offset));
                    /* Make data available to ssh_follow_tap_listener */
                    return tvb_captured_length(tvb);
@ -3246,7 +3251,7 @@ ssh_decrypt_packet(tvbuff_t *tvb, packet_info *pinfo,
        plain = message->plain_data;
        message_length = message->data_len - 4;
        mac = (gchar *)tvb_get_ptr(tvb, offset + 4 + message_length, mac_len);
-        if(!memcmp(mac, message->calc_mac, mac_len)){g_debug("MAC OK");}else{g_debug("MAC ERR");}
+        if(!memcmp(mac, message->calc_mac, mac_len)){ws_noisy("MAC OK");}else{ws_debug("MAC ERR");}
    }

    if(plain){