osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity
wireshark/epan/dissectors/packet-data.c
Erik de Jong f1c75cf6ef Rewrite dissectors to use Libgcrypt functions. 
As discussed on the mailinglist, rewriting dissectors to use Libgcrypt
functions as Libgcrypt will be mandatory after change 20030.
Removal of following functions:
- crypt_md4
- crypt_rc4*
- aes_cmac_encrypt_*
- md5_*
- sha1_*
- sha256_*

Further candidates:
- aes_*
- rijndael_*
- ...

Added functions:
- ws_hmac_buffer

Added const macros:
- HASH_MD5_LENGTH
- HASH_SHA1_LENGTH

Changes on epan/crypt/* verified with captures from
https://wiki.wireshark.org/HowToDecrypt802.11
Changes on packet-snmp.c and packet-radius.c verified with captures from
https://wiki.wireshark.org/SampleCapture
Changes on packet-tacacs.c verified with capture from
http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html

Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2017-03-02 23:58:05 +00:00

176 lines
5 KiB
C
Raw Blame History

/* packet-data.c
* Routines for raw data (default case)
* Gilbert Ramirez <gram@alumni.rice.edu>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#define NEW_PROTO_TREE_API
#include "config.h"
#include <epan/packet.h>
#include <epan/prefs.h>
#include <epan/to_str.h>
#include <wsutil/wsgcrypt.h>
#include <wsutil/str_util.h>
/* proto_data cannot be static because it's referenced in the
* print routines
*/
void proto_register_data(void);
int proto_data = -1;
#define DATA_HFI_INIT HFI_INIT(proto_data)
static header_field_info hfi_data_data DATA_HFI_INIT =
{ "Data", "data.data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL };
static header_field_info hfi_data_text DATA_HFI_INIT =
{ "Text", "data.text", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL };
static header_field_info hfi_data_len DATA_HFI_INIT =
{ "Length", "data.len", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL };
static header_field_info hfi_data_md5_hash DATA_HFI_INIT =
{ "Payload MD5 hash", "data.md5_hash", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL };
static gboolean new_pane = FALSE;
static gboolean show_as_text = FALSE;
static gboolean generate_md5_hash = FALSE;
static gint ett_data = -1;
static int
dissect_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
gint bytes;
if (tree) {
bytes = tvb_captured_length(tvb);
if (bytes > 0) {
tvbuff_t *data_tvb;
proto_item *ti;
proto_tree *data_tree;
if (new_pane) {
guint8 *real_data = (guint8 *)tvb_memdup(pinfo->pool, tvb, 0, bytes);
data_tvb = tvb_new_child_real_data(tvb,real_data,bytes,bytes);
add_new_data_source(pinfo, data_tvb, "Not dissected data bytes");
} else {
data_tvb = tvb;
}
ti = proto_tree_add_protocol_format(tree, proto_data, tvb,
0,
bytes, "Data (%d byte%s)", bytes,
plurality(bytes, "", "s"));
data_tree = proto_item_add_subtree(ti, ett_data);
proto_tree_add_item(data_tree, &hfi_data_data, data_tvb, 0, bytes, ENC_NA);
if (show_as_text) {
proto_tree_add_item(data_tree, &hfi_data_text, data_tvb, 0, bytes, ENC_ASCII|ENC_NA);
}
if(generate_md5_hash) {
const guint8 *cp;
guint8 digest[HASH_MD5_LENGTH];
const gchar *digest_string;
cp = tvb_get_ptr(tvb, 0, bytes);
gcry_md_hash_buffer(GCRY_MD_MD5, digest, cp, bytes);
digest_string = bytestring_to_str(wmem_packet_scope(), digest, HASH_MD5_LENGTH, '\0');
ti = proto_tree_add_string(data_tree, &hfi_data_md5_hash, tvb, 0, 0, digest_string);
PROTO_ITEM_SET_GENERATED(ti);
}
ti = proto_tree_add_int(data_tree, &hfi_data_len, data_tvb, 0, 0, bytes);
PROTO_ITEM_SET_GENERATED (ti);
}
}
return tvb_captured_length(tvb);
}
void
proto_register_data(void)
{
#ifndef HAVE_HFI_SECTION_INIT
static header_field_info *hfi[] = {
&hfi_data_data,
&hfi_data_text,
&hfi_data_md5_hash,
&hfi_data_len,
};
#endif
static gint *ett[] = {
&ett_data
};
module_t *module_data;
proto_data = proto_register_protocol (
"Data", /* name */
"Data", /* short name */
"data" /* abbrev */
);
register_dissector("data", dissect_data, proto_data);
proto_register_fields(proto_data, hfi, array_length(hfi));
proto_register_subtree_array(ett, array_length(ett));
module_data = prefs_register_protocol( proto_data, NULL);
prefs_register_bool_preference(module_data,
"datapref.newpane",
"Show not dissected data on new Packet Bytes pane",
"Show not dissected data on new Packet Bytes pane",
&new_pane);
prefs_register_bool_preference(module_data,
"show_as_text",
"Show data as text",
"Show data as text in the Packet Details pane",
&show_as_text);
prefs_register_bool_preference(module_data,
"md5_hash",
"Generate MD5 hash",
"Whether or not MD5 hashes should be generated and shown for each payload.",
&generate_md5_hash);
/*
* "Data" is used to dissect something whose normal dissector
* is disabled, so it cannot itself be disabled.
*/
proto_set_cant_toggle(proto_data);
}
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t
* End:
*
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/
View git blame Copy permalink