forked from osmocom/wireshark
365 lines
13 KiB
C
365 lines
13 KiB
C
/* packet-idmp.c
|
|
* Routines for X.519 Internet Directly Mapped Procotol (IDMP) packet dissection
|
|
* Graeme Lunt 2010
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include <epan/packet.h>
|
|
#include <epan/prefs.h>
|
|
#include <epan/reassemble.h>
|
|
#include <epan/conversation.h>
|
|
#include <epan/oids.h>
|
|
#include <epan/asn1.h>
|
|
#include <epan/ipproto.h>
|
|
#include <epan/strutil.h>
|
|
|
|
#include <wsutil/str_util.h>
|
|
|
|
#include "packet-tcp.h"
|
|
|
|
#include "packet-ber.h"
|
|
#include "packet-ros.h"
|
|
#include "packet-x509ce.h"
|
|
|
|
|
|
#define PNAME "X.519 Internet Directly Mapped Protocol"
|
|
#define PSNAME "IDMP"
|
|
#define PFNAME "idmp"
|
|
|
|
void proto_register_idmp(void);
|
|
void proto_reg_handoff_idm(void);
|
|
void register_idmp_protocol_info(const char *oid, const ros_info_t *rinfo, int proto _U_, const char *name);
|
|
|
|
static gboolean idmp_desegment = TRUE;
|
|
#define IDMP_TCP_PORT 1102 /* made up for now - not IANA registered */
|
|
static gboolean idmp_reassemble = TRUE;
|
|
static dissector_handle_t idmp_handle = NULL;
|
|
|
|
static proto_tree *top_tree = NULL;
|
|
static const char *protocolID = NULL;
|
|
static const char *saved_protocolID = NULL;
|
|
static guint32 opcode = -1;
|
|
|
|
/* Initialize the protocol and registered fields */
|
|
int proto_idmp = -1;
|
|
|
|
static int hf_idmp_version = -1;
|
|
static int hf_idmp_final = -1;
|
|
static int hf_idmp_length = -1;
|
|
static int hf_idmp_PDU = -1;
|
|
|
|
static reassembly_table idmp_reassembly_table;
|
|
|
|
static int hf_idmp_fragments = -1;
|
|
static int hf_idmp_fragment = -1;
|
|
static int hf_idmp_fragment_overlap = -1;
|
|
static int hf_idmp_fragment_overlap_conflicts = -1;
|
|
static int hf_idmp_fragment_multiple_tails = -1;
|
|
static int hf_idmp_fragment_too_long_fragment = -1;
|
|
static int hf_idmp_fragment_error = -1;
|
|
static int hf_idmp_fragment_count = -1;
|
|
static int hf_idmp_reassembled_in = -1;
|
|
static int hf_idmp_reassembled_length = -1;
|
|
static int hf_idmp_segment_data = -1;
|
|
|
|
static gint ett_idmp_fragment = -1;
|
|
static gint ett_idmp_fragments = -1;
|
|
|
|
static const fragment_items idmp_frag_items = {
|
|
/* Fragment subtrees */
|
|
&ett_idmp_fragment,
|
|
&ett_idmp_fragments,
|
|
/* Fragment fields */
|
|
&hf_idmp_fragments,
|
|
&hf_idmp_fragment,
|
|
&hf_idmp_fragment_overlap,
|
|
&hf_idmp_fragment_overlap_conflicts,
|
|
&hf_idmp_fragment_multiple_tails,
|
|
&hf_idmp_fragment_too_long_fragment,
|
|
&hf_idmp_fragment_error,
|
|
&hf_idmp_fragment_count,
|
|
/* Reassembled in field */
|
|
&hf_idmp_reassembled_in,
|
|
/* Reassembled length field */
|
|
&hf_idmp_reassembled_length,
|
|
/* Reassembled data field */
|
|
NULL,
|
|
/* Tag */
|
|
"IDMP fragments"
|
|
};
|
|
|
|
|
|
static int call_idmp_oid_callback(tvbuff_t *tvb, int offset, packet_info *pinfo, int op, proto_tree *tree, struct SESSION_DATA_STRUCTURE *session)
|
|
{
|
|
if(session != NULL) {
|
|
|
|
if((!saved_protocolID) && (op == (ROS_OP_BIND | ROS_OP_RESULT))) {
|
|
/* save for subsequent operations - should be into session data */
|
|
saved_protocolID = wmem_strdup(wmem_file_scope(), protocolID);
|
|
}
|
|
|
|
/* mimic ROS! */
|
|
session->ros_op = op;
|
|
offset = call_ros_oid_callback(saved_protocolID ? saved_protocolID : protocolID, tvb, offset, pinfo, tree, session);
|
|
}
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
#include "packet-idmp-hf.c"
|
|
|
|
/* Initialize the subtree pointers */
|
|
static gint ett_idmp = -1;
|
|
#include "packet-idmp-ett.c"
|
|
|
|
#include "packet-idmp-fn.c"
|
|
|
|
void
|
|
register_idmp_protocol_info(const char *oid, const ros_info_t *rinfo, int proto _U_, const char *name)
|
|
{
|
|
/* just register with ROS for now */
|
|
register_ros_protocol_info(oid, rinfo, proto, name, FALSE);
|
|
}
|
|
|
|
|
|
static int dissect_idmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
|
|
{
|
|
int offset = 0;
|
|
|
|
proto_item *item;
|
|
proto_tree *tree;
|
|
asn1_ctx_t asn1_ctx;
|
|
struct SESSION_DATA_STRUCTURE session;
|
|
gboolean idmp_final;
|
|
guint32 idmp_length;
|
|
fragment_head *fd_head;
|
|
conversation_t *conv;
|
|
guint32 dst_ref = 0;
|
|
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
conv = find_conversation (pinfo->num, &pinfo->src, &pinfo->dst,
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
|
|
if (conv) {
|
|
/* Found a conversation, also use index for the generated dst_ref */
|
|
dst_ref = conv->conv_index;
|
|
}
|
|
|
|
/* save parent_tree so subdissectors can create new top nodes */
|
|
top_tree=parent_tree;
|
|
|
|
item = proto_tree_add_item(parent_tree, proto_idmp, tvb, 0, -1, ENC_NA);
|
|
tree = proto_item_add_subtree(item, ett_idmp);
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IDMP");
|
|
|
|
/* now check the segment fields */
|
|
|
|
proto_tree_add_item(tree, hf_idmp_version, tvb, offset, 1, ENC_BIG_ENDIAN); offset++;
|
|
proto_tree_add_item(tree, hf_idmp_final, tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
idmp_final = tvb_get_guint8(tvb, offset); offset++;
|
|
proto_tree_add_item(tree, hf_idmp_length, tvb, offset, 4, ENC_BIG_ENDIAN);
|
|
idmp_length = tvb_get_ntohl(tvb, offset); offset += 4;
|
|
|
|
asn1_ctx.private_data = &session;
|
|
|
|
if(idmp_reassemble) {
|
|
|
|
pinfo->fragmented = !idmp_final;
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [%sIDMP fragment, %u byte%s]",
|
|
idmp_final ? "Final " : "" ,
|
|
idmp_length, plurality(idmp_length, "", "s"));
|
|
|
|
fd_head = fragment_add_seq_next(&idmp_reassembly_table, tvb, offset,
|
|
pinfo, dst_ref, NULL,
|
|
idmp_length, !idmp_final);
|
|
|
|
if(fd_head && fd_head->next) {
|
|
proto_tree_add_item(tree, hf_idmp_segment_data, tvb, offset, (idmp_length) ? -1 : 0, ENC_NA);
|
|
|
|
if (idmp_final) {
|
|
/* This is the last segment */
|
|
tvb = process_reassembled_data (tvb, offset, pinfo,
|
|
"Reassembled IDMP", fd_head, &idmp_frag_items, NULL, tree);
|
|
offset = 0;
|
|
} else if (pinfo->num != fd_head->reassembled_in) {
|
|
/* Add a "Reassembled in" link if not reassembled in this frame */
|
|
proto_tree_add_uint (tree, hf_idmp_reassembled_in,
|
|
tvb, 0, 0, fd_head->reassembled_in);
|
|
}
|
|
}
|
|
|
|
} else {
|
|
if(!idmp_final) {
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [IDMP fragment, %u byte%s, IDMP reassembly not enabled]",
|
|
idmp_length, plurality(idmp_length, "", "s"));
|
|
|
|
proto_tree_add_bytes_format_value(tree, hf_idmp_segment_data, tvb, offset, (idmp_length) ? -1 : 0,
|
|
NULL, "(IDMP reassembly not enabled)");
|
|
}
|
|
}
|
|
/* not reassembling - just dissect */
|
|
if(idmp_final) {
|
|
asn1_ctx.private_data = &session;
|
|
dissect_idmp_IDM_PDU(FALSE, tvb, offset, &asn1_ctx, tree, hf_idmp_PDU);
|
|
}
|
|
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
static guint get_idmp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
|
|
int offset, void *data _U_)
|
|
{
|
|
guint32 len;
|
|
|
|
len = tvb_get_ntohl(tvb, offset + 2);
|
|
|
|
return len + 6;
|
|
}
|
|
|
|
static int dissect_idmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
|
|
{
|
|
tcp_dissect_pdus(tvb, pinfo, parent_tree, idmp_desegment, 0, get_idmp_pdu_len, dissect_idmp, data);
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
static void idmp_reassemble_init (void)
|
|
{
|
|
reassembly_table_init (&idmp_reassembly_table,
|
|
&addresses_reassembly_table_functions);
|
|
}
|
|
|
|
static void idmp_reassemble_cleanup(void)
|
|
{
|
|
reassembly_table_destroy(&idmp_reassembly_table);
|
|
saved_protocolID = NULL;
|
|
}
|
|
|
|
/*--- proto_register_idmp -------------------------------------------*/
|
|
void proto_register_idmp(void)
|
|
{
|
|
/* List of fields */
|
|
static hf_register_info hf[] = {
|
|
{ &hf_idmp_version,
|
|
{ "version", "idmp.version",
|
|
FT_INT8, BASE_DEC, NULL, 0,
|
|
"idmp.INTEGER", HFILL }},
|
|
{ &hf_idmp_final,
|
|
{ "final", "idmp.final",
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0,
|
|
"idmp.BOOLEAN", HFILL }},
|
|
{ &hf_idmp_length,
|
|
{ "length", "idmp.length",
|
|
FT_INT32, BASE_DEC, NULL, 0,
|
|
"idmp.INTEGER", HFILL }},
|
|
{ &hf_idmp_PDU,
|
|
{ "IDM-PDU", "idmp.pdu",
|
|
FT_UINT32, BASE_DEC, VALS(idmp_IDM_PDU_vals), 0,
|
|
"idmp.PDU", HFILL }},
|
|
/* Fragment entries */
|
|
{ &hf_idmp_fragments,
|
|
{ "IDMP fragments", "idmp.fragments", FT_NONE, BASE_NONE,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment,
|
|
{ "IDMP fragment", "idmp.fragment", FT_FRAMENUM, BASE_NONE,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_overlap,
|
|
{ "IDMP fragment overlap", "idmp.fragment.overlap", FT_BOOLEAN,
|
|
BASE_NONE, NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_overlap_conflicts,
|
|
{ "IDMP fragment overlapping with conflicting data",
|
|
"idmp.fragment.overlap.conflicts", FT_BOOLEAN, BASE_NONE,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_multiple_tails,
|
|
{ "IDMP has multiple tail fragments",
|
|
"idmp.fragment.multiple_tails", FT_BOOLEAN, BASE_NONE,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_too_long_fragment,
|
|
{ "IDMP fragment too long", "idmp.fragment.too_long_fragment",
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_error,
|
|
{ "IDMP defragmentation error", "idmp.fragment.error", FT_FRAMENUM,
|
|
BASE_NONE, NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_fragment_count,
|
|
{ "IDMP fragment count", "idmp.fragment.count", FT_UINT32, BASE_DEC,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
{ &hf_idmp_reassembled_in,
|
|
{ "Reassembled IDMP in frame", "idmp.reassembled.in", FT_FRAMENUM, BASE_NONE,
|
|
NULL, 0x00, "This IDMP packet is reassembled in this frame", HFILL } },
|
|
{ &hf_idmp_reassembled_length,
|
|
{ "Reassembled IDMP length", "idmp.reassembled.length", FT_UINT32, BASE_DEC,
|
|
NULL, 0x00, "The total length of the reassembled payload", HFILL } },
|
|
{ &hf_idmp_segment_data,
|
|
{ "IDMP segment data", "idmp.segment_data", FT_BYTES, BASE_NONE,
|
|
NULL, 0x00, NULL, HFILL } },
|
|
|
|
#include "packet-idmp-hfarr.c"
|
|
};
|
|
|
|
/* List of subtrees */
|
|
static gint *ett[] = {
|
|
&ett_idmp,
|
|
&ett_idmp_fragment,
|
|
&ett_idmp_fragments,
|
|
#include "packet-idmp-ettarr.c"
|
|
};
|
|
module_t *idmp_module;
|
|
|
|
/* Register protocol */
|
|
proto_idmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
|
|
|
/* Register fields and subtrees */
|
|
proto_register_field_array(proto_idmp, hf, array_length(hf));
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
idmp_handle = register_dissector("idmp", dissect_idmp_tcp, proto_idmp);
|
|
|
|
register_init_routine (&idmp_reassemble_init);
|
|
register_cleanup_routine (&idmp_reassemble_cleanup);
|
|
|
|
/* Register our configuration options for IDMP, particularly our port */
|
|
|
|
idmp_module = prefs_register_protocol_subtree("OSI/X.500", proto_idmp, NULL);
|
|
|
|
prefs_register_bool_preference(idmp_module, "desegment_idmp_messages",
|
|
"Reassemble IDMP messages spanning multiple TCP segments",
|
|
"Whether the IDMP dissector should reassemble messages spanning multiple TCP segments."
|
|
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
|
&idmp_desegment);
|
|
|
|
prefs_register_bool_preference(idmp_module, "reassemble",
|
|
"Reassemble segmented IDMP datagrams",
|
|
"Whether segmented IDMP datagrams should be reassembled."
|
|
" To use this option, you must also enable"
|
|
" \"Allow subdissectors to reassemble TCP streams\""
|
|
" in the TCP protocol settings.", &idmp_reassemble);
|
|
}
|
|
|
|
|
|
/*--- proto_reg_handoff_idm --- */
|
|
void proto_reg_handoff_idm(void) {
|
|
dissector_add_uint_with_preference("tcp.port", IDMP_TCP_PORT, idmp_handle);
|
|
}
|