2018-03-09 19:54:07 +00:00
/* packet-dns.c
* Routines for TSDNS ( TeamSpeak3 DNS ) packet disassembly
* Copyright 2018 , Maciej Krueger < mkg20001 @ gmail . com >
*
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
* Copyright 1998 Gerald Combs
*
* SPDX - License - Identifier : GPL - 2.0 - or - later
*/
# include "config.h"
# include <epan/packet.h>
# include <epan/expert.h>
# include <wsutil/strtoi.h>
# define TSDNS_PORT 41144 /* Not IANA registered */
void proto_register_tsdns ( void ) ;
void proto_reg_handoff_tsdns ( void ) ;
static int proto_tsdns = - 1 ;
static int hf_tsdns_data = - 1 ;
static int hf_tsdns_request = - 1 ;
static int hf_tsdns_request_domain = - 1 ;
static int hf_tsdns_response = - 1 ;
static int hf_tsdns_response_ip = - 1 ;
static int hf_tsdns_response_address = - 1 ;
static int hf_tsdns_response_port = - 1 ;
static expert_field ei_response_port_malformed = EI_INIT ;
static gint ett_tsdns = - 1 ;
static int dissect_tsdns ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
int offset = 0 ;
gboolean request = FALSE ;
if ( pinfo - > destport = = pinfo - > match_uint ) {
request = TRUE ;
}
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " TSDNS " ) ;
int pLen = tvb_reported_length ( tvb ) ;
if ( request ) {
col_set_str ( pinfo - > cinfo , COL_INFO , " Request " ) ;
2021-07-16 15:36:34 +00:00
col_append_fstr ( pinfo - > cinfo , COL_INFO , " %.*s " , pLen - 5 , tvb_get_string_enc ( pinfo - > pool , tvb , 0 , pLen - 5 , ENC_ASCII | ENC_NA ) ) ;
2018-03-09 19:54:07 +00:00
} else {
col_set_str ( pinfo - > cinfo , COL_INFO , " Response " ) ;
2021-07-16 15:36:34 +00:00
col_append_fstr ( pinfo - > cinfo , COL_INFO , " %.*s " , pLen , tvb_get_string_enc ( pinfo - > pool , tvb , 0 , pLen , ENC_ASCII | ENC_NA ) ) ;
2018-03-09 19:54:07 +00:00
}
proto_tree * tsdns_tree ;
proto_item * ti , * hidden_item , * address_item ;
ti = proto_tree_add_item ( tree , proto_tsdns , tvb , offset , - 1 , ENC_NA ) ;
tsdns_tree = proto_item_add_subtree ( ti , ett_tsdns ) ;
hidden_item = proto_tree_add_item ( tsdns_tree , hf_tsdns_data , tvb , offset , - 1 , ENC_ASCII | ENC_NA ) ;
2019-04-03 21:32:30 +00:00
proto_item_set_hidden ( hidden_item ) ;
2018-03-09 19:54:07 +00:00
if ( request ) { // request is DOMAIN\n\r\r\r\n
hidden_item = proto_tree_add_boolean ( tsdns_tree , hf_tsdns_request , tvb , 0 , 0 , 1 ) ; // using pLen - 5 as the last chars are \n\r\r\r\n which are just indicating the end of the request
proto_tree_add_item ( tsdns_tree , hf_tsdns_request_domain , tvb , offset , pLen - 5 , ENC_ASCII | ENC_NA ) ;
} else { // response is IP:PORT
hidden_item = proto_tree_add_boolean ( tsdns_tree , hf_tsdns_response , tvb , 0 , 0 , 1 ) ;
address_item = proto_tree_add_item ( tsdns_tree , hf_tsdns_response_address , tvb , offset , pLen , ENC_ASCII | ENC_NA ) ;
gchar * * splitAddress ;
2021-07-16 15:36:34 +00:00
splitAddress = wmem_strsplit ( pinfo - > pool , tvb_format_text ( tvb , 0 , pLen ) , " : " , 1 ) ; // unsure if TSDNS also does IPv6...
2019-03-21 00:13:56 +00:00
if ( splitAddress = = NULL | | splitAddress [ 0 ] = = NULL | | splitAddress [ 1 ] = = NULL ) {
2018-03-09 19:54:07 +00:00
expert_add_info ( pinfo , address_item , & ei_response_port_malformed ) ;
} else {
proto_tree_add_string ( tsdns_tree , hf_tsdns_response_ip , tvb , 0 , pLen , splitAddress [ 0 ] ) ;
guint32 port ;
if ( ws_strtou32 ( splitAddress [ 1 ] , NULL , & port ) )
proto_tree_add_uint ( tsdns_tree , hf_tsdns_response_port , tvb , 0 , pLen , port ) ;
}
}
2019-04-03 21:32:30 +00:00
proto_item_set_hidden ( hidden_item ) ;
2018-03-09 19:54:07 +00:00
return tvb_captured_length ( tvb ) ;
} /* dissect_tsdns */
void proto_register_tsdns ( void )
{
static hf_register_info hf [ ] = {
{ & hf_tsdns_data ,
{ " Data " , " tsdns.data " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL } } ,
{ & hf_tsdns_request ,
{ " Request " , " tsdns.request " ,
FT_BOOLEAN , BASE_NONE , NULL , 0x0 ,
" TRUE if TSDNS Request " , HFILL } } ,
{ & hf_tsdns_request_domain ,
{ " Requested Domain " , " tsdns.request.domain " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL } } ,
{ & hf_tsdns_response ,
{ " Response " , " tsdns.response " ,
FT_BOOLEAN , BASE_NONE , NULL , 0x0 ,
" TRUE if TSDNS Response " , HFILL } } ,
{ & hf_tsdns_response_address ,
{ " Response Address " , " tsdns.response.address " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL } } ,
{ & hf_tsdns_response_ip ,
{ " Response IP " , " tsdns.response.ip " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL } } ,
{ & hf_tsdns_response_port ,
{ " Response Port " , " tsdns.response.port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL } }
} ;
static ei_register_info ei [ ] = {
{ & ei_response_port_malformed , { " tsdns.response.port.malformed " , PI_MALFORMED , PI_ERROR , " Address port is not an integer or not contained in address " , EXPFILL } }
} ;
expert_module_t * expert_tsdns ;
static gint * ett [ ] = {
& ett_tsdns
} ;
proto_tsdns = proto_register_protocol ( " TeamSpeak3 DNS " , " TSDNS " , " tsdns " ) ;
proto_register_field_array ( proto_tsdns , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
expert_tsdns = expert_register_protocol ( proto_tsdns ) ;
expert_register_field_array ( expert_tsdns , ei , array_length ( ei ) ) ;
}
void proto_reg_handoff_tsdns ( void )
{
dissector_handle_t tsdns_handle ;
tsdns_handle = create_dissector_handle ( dissect_tsdns , proto_tsdns ) ;
2019-12-20 10:05:21 +00:00
/* Default port to not dissect the protocol*/
dissector_add_uint_with_preference ( " tcp.port " , 0 , tsdns_handle ) ;
2018-03-09 19:54:07 +00:00
}
/*
2019-07-26 18:43:17 +00:00
* Editor modelines - https : //www.wireshark.org/tools/modelines.html
2018-03-09 19:54:07 +00:00
*
* Local variables :
* c - basic - offset : 2
* tab - width : 8
* indent - tabs - mode : t
* End :
*
* vi : set shiftwidth = 8 tabstop = 8 noexpandtab :
* : indentSize = 8 : tabSize = 8 : noTabs = false :
*/