Support for TPKT being used for its original purpose (TCP port > 102,

containing OSI transport layer PDUs). Enable the Q.931-inside-TPKT code (but not the H.225 stuff, as that requires Andreas Sikkema's H.225 dissector). Update it to match his current modified Q.931 dissector. svn path=/trunk/; revision=3199
2001-03-28 07:49:41 +00:00 · 2001-03-28 07:49:41 +00:00 · c00e9c43dc
parent 28531d2efd
commit c00e9c43dc
5 changed files with 134 additions and 62 deletions
--- a/5
+++ b/5
@ -546,6 +546,11 @@ Eduardo P
 	GUI fixes
 }

+Martin Thomas <martin_a_thomas@yahoo.com> {
+	Support for TPKT being used for its original purpose (TCP port
+	    102, containing OSI transport layer PDUs)
+}
+
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.

--- a/doc/ethereal.pod.template
+++ b/doc/ethereal.pod.template
@ -1081,6 +1081,7 @@ B<http://www.ethereal.com>.
  Charles Levert           <charles@comm.polymtl.ca>
  Todd Sabin               <tas@webspan.net>
  Eduardo Pérez Ureta      <eperez@dei.inf.uc3m.es>
+  Martin Thomas            <martin_a_thomas@yahoo.com>

 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.
--- a/packet-q931.c
+++ b/packet-q931.c
@ -2,7 +2,7 @@
 * Routines for Q.931 frame disassembly
 * Guy Harris <guy@alum.mit.edu>
 *
- * $Id: packet-q931.c,v 1.25 2001/03/27 08:00:00 guy Exp $
+ * $Id: packet-q931.c,v 1.26 2001/03/28 07:49:39 guy Exp $
 *
 * Modified by Andreas Sikkema for possible use with H.323
 *
@ -42,8 +42,8 @@
 #include "nlpid.h"
 #include "packet-q931.h"

-#ifdef H323
 #include "packet-tpkt.h"
+#ifdef H323
 #include "packet-h225.h"
 #endif

@ -2120,6 +2120,7 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 	int		codeset; 
 	gboolean	non_locking_shift;
 	guint8		protocol_discriminator;
+	int		lv_tpkt_len;

 #ifdef H323
 	tvbuff_t	*h225_tvb;
@ -2142,7 +2143,6 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 	protocol_discriminator = tvb_get_guint8( tvb, offset );
 	    /* Keep the protocol discriminator for later use */

-#ifdef H323
 	if ( started_heuristic ) {
 		/*
 		 * The heuristic Q.931 message should conform to this
@ -2160,7 +2160,7 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 	/* 
 	 * The first byte should be < 8 (3 is TPKT, rest is Q.931)
 	 */
-	if ( protocol_discriminator < 8 ) {
+	if ( protocol_discriminator < NLPID_Q_931 ) {
 		/*
 		 * The minimum length of a Q.931 message is 3:
 		 * 1 byte for the protocol discriminator,
@ -2174,7 +2174,7 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 		 * OK, there are a couple of bytes available, but is there 
 		 * also a protocol discriminator?
 		 */
-		if ( tvb_length_remaining( tvb, offset ) > 3 ) {
+		if ( tvb_length_remaining( tvb, offset ) > 4 ) {
 			/* Reread the protocol discriminator */
 			protocol_discriminator =
 			    tvb_get_guint8( tvb, offset + 4);
@ -2196,7 +2196,16 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 		if ( ! is_tpkt( tvb, &offset ) ) 
 			return FALSE;

-		dissect_tpkt( tvb, &offset, pinfo, tree );
+		lv_tpkt_len = dissect_tpkt_header( tvb, &offset, pinfo, tree );
+
+		/*
+		 * Check if it's an empty TPKT message (the next one might be a 
+		 * real Q.931 message)
+		 * Skip TPKT length!
+		 */
+		if ( tvb_length_remaining( tvb, offset ) < lv_tpkt_len - 4 ) {
+			return TRUE;
+		}

 		/*
 		 * Reset the current_proto variable because dissect_tpkt
@ -2207,7 +2216,6 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 		else 
 			pinfo->current_proto = "Q.931";
 	}
-#endif

 	/*
 	 * The minimum length of a Q.931 message is
@ -2584,7 +2592,6 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,

 }

-#ifdef H323
 gboolean
 dissect_q931_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
@ -2600,7 +2607,6 @@ dissect_q931_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	pinfo->current_proto = "Q.931 HEUR";
 	return q931_dissector(tvb, pinfo, tree, TRUE);
 }
-#endif

 void
 dissect_q931(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
@ -2644,7 +2650,5 @@ proto_register_q931(void)
 void
 proto_reg_handoff_q931(void)
 {
-#ifdef H323
-	heur_dissector_add("tcp", dissect_q931_heur);
-#endif
+	heur_dissector_add("tcp", dissect_q931_heur, proto_q931);
 }
--- a/packet-tpkt.c
+++ b/packet-tpkt.c
@ -1,9 +1,12 @@
 /* packet-tpkt.c
 *
- * Routines for TPKT dissection
+ * Routine to check for RFC 1006 TPKT header and to dissect TPKT header
 * Copyright 2000, Philips Electronics N.V.
 * Andreas Sikkema <andreas.sikkema@philips.com>
 *
+ * Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU
+ * Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com>
+ *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
 * Copyright 1998 Gerald Combs
@ -24,20 +27,6 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

-/*
- * This dissector tries to dissect the TPKT protocol according to
- * RFC 1006
- *
- * IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT 
- *
- * Please examine the dissector. It is NOT defined in the normal way!
- * Some variables are references and the dissector also returns a 
- * value! And no, this is not a heuristic dissector!
- * 
- * IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT 
- */
-
-
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
@ -67,71 +56,123 @@ static int hf_tpkt_length      = -1;
 /* TPKT fields defining a sub tree */
 static gint ett_tpkt           = -1;

-int 
+#define TCP_PORT_TPKT	102
+
+/* find the dissector for OSI TP (aka COTP) */
+static dissector_handle_t osi_tp_handle; 
+
+/*
+ * Check whether this could be a TPKT-encapsulated PDU.
+ */
+gboolean
 is_tpkt( tvbuff_t *tvb, unsigned int* offset )
 {
-	if ( (*offset) + 4 > tvb_length( tvb ) ) return FALSE;
-	if ( ! ( ( tvb_get_guint8( tvb, ( *offset ) ) == 3 ) && 
-		       ( tvb_get_guint8( tvb, ( *offset ) + 1 ) == 0 ) ) ) return FALSE;
-
-  return TRUE;
-}
-
-int
-dissect_tpkt( tvbuff_t *tvb, unsigned int* offset, packet_info *pinfo, proto_tree *tree )
-{
-	proto_item *ti            = NULL;
-	proto_tree *tpkt_tree     = NULL;
-	unsigned int data_len = 0;
-
-
-	pinfo->current_proto = "TPKT";
-
 	/* There should at least be 4 bytes left in the frame */
-	if ( (*offset) + 4 > tvb_length( tvb ) ) return -1;
+	if ( (*offset) + 4 > tvb_length( tvb ) )
+		return FALSE;	/* there isn't */
 	/* 
 	 * The first octet should be 3 and the second one should be 0 
 	 * The H.323 implementers guide suggests that this migh not 
 	 * always be the case....
 	 */
 	if ( ! ( ( tvb_get_guint8( tvb, ( *offset ) ) == 3 ) && 
-		       ( tvb_get_guint8( tvb, ( *offset ) + 1 ) == 0 ) ) ) return -1;
+		 ( tvb_get_guint8( tvb, ( *offset ) + 1 ) == 0 ) ) )
+		return FALSE;	/* They're not */
+
+	return TRUE;
+}
+
+/*
+ * Dissect the TPKT header; called from the TPKT dissector, as well as
+ * from dissectors such as the dissector for Q.931-over-TCP.
+ *
+ * Returns -1 if we didn't dissect it as a TPKT header, otherwise returns
+ * the PDU length from the TPKT header.
+ *
+ * Sets "*offset" to the offset following the TPKT header.
+ */
+int
+dissect_tpkt_header( tvbuff_t *tvb, unsigned int* offset, packet_info *pinfo, proto_tree *tree )
+{
+	proto_item *ti            = NULL;
+	proto_tree *tpkt_tree     = NULL;
+	guint16 data_len;
+
+	/*
+	 * If TPKT is disabled, don't dissect it, just return -1, meaning
+	 * "this isn't TPKT".
+	 */
+	if (!proto_is_protocol_enabled(proto_tpkt))
+		return -1;
+
+	pinfo->current_proto = "TPKT";

 	if ( check_col( pinfo->fd, COL_PROTOCOL ) ) {
 		col_set_str( pinfo->fd, COL_PROTOCOL, "TPKT" );
 	}
 	
-	if ( check_col( pinfo->fd, COL_INFO) ) {
-		/*data_len = pntohs( &pd[ (*offset) + 2 ] );*/
-		data_len = tvb_get_ntohs( tvb, (*offset) + 2 );
+	data_len = tvb_get_ntohs( tvb, (*offset) + 2 );

-		col_add_fstr( pinfo->fd, COL_INFO, "TPKT Data length = %d", data_len );
+	if ( check_col( pinfo->fd, COL_INFO) ) {
+		col_add_fstr( pinfo->fd, COL_INFO, "TPKT Data length = %u",
+		    data_len );
 	}

 	if ( tree ) {
-		ti = proto_tree_add_item( tree, proto_tpkt, tvb, (*offset), 4, FALSE );
+		ti = proto_tree_add_item( tree, proto_tpkt, tvb, (*offset), 4,
+		    FALSE );
 		tpkt_tree = proto_item_add_subtree( ti, ett_tpkt );
 		/* Version 1st octet */
-		proto_tree_add_item( tpkt_tree, hf_tpkt_version, tvb, (*offset), 1, FALSE );
+		proto_tree_add_item( tpkt_tree, hf_tpkt_version, tvb,
+		    (*offset), 1, FALSE );
 		(*offset)++;
 		/* Reserved octet*/
-		proto_tree_add_item( tpkt_tree, hf_tpkt_reserved, tvb, (*offset), 1, FALSE );
+		proto_tree_add_item( tpkt_tree, hf_tpkt_reserved, tvb,
+		    (*offset), 1, FALSE );
 		(*offset)++;
 	}
 	else {
 		(*offset) += 2;
 	}
-	/* Length, two octets */
-	/*data_len = pntohs( &pd[ (*offset) ] );*/
-	data_len = tvb_get_ntohs( tvb, (*offset) );

 	if ( tree )
-		proto_tree_add_uint_format( tpkt_tree, hf_tpkt_length, tvb, (*offset), 2, data_len, "Length: %d", data_len );
+		proto_tree_add_uint( tpkt_tree, hf_tpkt_length, tvb,
+		    (*offset), 2, data_len );

 	(*offset) += 2;
 	return data_len;
 }

+/*
+ * Dissect RFC 1006 TPKT, which wraps a TPKT header around an OSI TP
+ * PDU.
+ */
+static void
+dissect_tpkt( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
+{
+	int tpkt_len;
+	int offset = 0;
+	int length, reported_length;
+	tvbuff_t *next_tvb;
+
+	/* Dissect the TPKT header. */
+	tpkt_len = dissect_tpkt_header(tvb, &offset, pinfo, tree);
+
+	/*
+	 * Now hand the minimum of (what's in this frame, what the TPKT
+	 * header says is in the PDU) on to the OSI TP dissector.
+	 */
+	length = tvb_length_remaining(tvb, offset);
+	reported_length = tvb_reported_length_remaining(tvb, offset);
+	if (length > tpkt_len)
+		length = tpkt_len;
+	if (reported_length > tpkt_len)
+		reported_length = tpkt_len;
+	next_tvb = tvb_new_subset(tvb, offset, length, reported_length);
+
+	call_dissector(osi_tp_handle, next_tvb, pinfo, tree);
+}
+
 void
 proto_register_tpkt(void)
 {
@ -173,7 +214,7 @@ proto_register_tpkt(void)
 				"" 
 			}
 		},
-};
+	};
 	
 	static gint *ett[] = 
 	{
@ -185,3 +226,10 @@ proto_register_tpkt(void)
 	proto_register_field_array(proto_tpkt, hf, array_length(hf));
 	proto_register_subtree_array(ett, array_length(ett));
 }
+
+void
+proto_reg_handoff_tpkt(void)
+{
+	osi_tp_handle = find_dissector("ositp");
+	dissector_add("tcp.port", TCP_PORT_TPKT, dissect_tpkt, proto_tpkt);
+}
--- a/packet-tpkt.h
+++ b/packet-tpkt.h
@ -25,6 +25,20 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

-int is_tpkt( tvbuff_t *tvb, unsigned int* offset );
-int dissect_tpkt( tvbuff_t *tvb, unsigned int* offset, packet_info *pinfo, proto_tree *tree );
-void proto_register_tpkt( void );
+/*
+ * Check whether this could be a TPKT-encapsulated PDU.
+ */
+gboolean is_tpkt( tvbuff_t *tvb, unsigned int* offset );
+
+
+/*
+ * Dissect the TPKT header; called from the TPKT dissector, as well as
+ * from dissectors such as the dissector for Q.931-over-TCP.
+ *
+ * Returns -1 if we didn't dissect it as a TPKT header, otherwise returns
+ * the PDU length from the TPKT header.
+ *
+ * Sets "*offset" to the offset following the TPKT header.
+ */
+int dissect_tpkt_header( tvbuff_t *tvb, unsigned int* offset,
+    packet_info *pinfo, proto_tree *tree );