2012-04-26 16:47:37 +00:00
|
|
|
/* packet-enc.c
|
|
|
|
*
|
2003-03-07 16:52:46 +00:00
|
|
|
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
|
|
|
*
|
2018-03-07 13:08:18 +00:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2003-03-07 16:52:46 +00:00
|
|
|
*/
|
2012-04-26 16:47:37 +00:00
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2003-03-07 16:52:46 +00:00
|
|
|
|
|
|
|
#include <epan/packet.h>
|
2015-12-13 04:38:21 +00:00
|
|
|
#include <epan/capture_dissectors.h>
|
2013-02-24 09:38:22 +00:00
|
|
|
#include <epan/aftypes.h>
|
2013-11-09 15:44:29 +00:00
|
|
|
#include <wsutil/pint.h>
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2013-12-14 12:45:57 +00:00
|
|
|
void proto_register_enc(void);
|
|
|
|
void proto_reg_handoff_enc(void);
|
|
|
|
|
2003-03-07 16:52:46 +00:00
|
|
|
/* The header in OpenBSD Encapsulating Interface files. */
|
|
|
|
|
|
|
|
struct enchdr {
|
|
|
|
guint32 af;
|
|
|
|
guint32 spi;
|
|
|
|
guint32 flags;
|
|
|
|
};
|
2015-12-14 13:48:59 +00:00
|
|
|
#define BSD_ENC_HDRLEN 12
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2016-12-30 08:48:25 +00:00
|
|
|
#define BSD_ENC_M_CONF 0x00000400 /* payload encrypted */
|
|
|
|
#define BSD_ENC_M_AUTH 0x00000800 /* payload authenticated */
|
|
|
|
#define BSD_ENC_M_COMP 0x00001000 /* payload compressed */
|
|
|
|
#define BSD_ENC_M_AUTH_AH 0x00002000 /* header authenticated */
|
|
|
|
|
|
|
|
#define BSD_ENC_M_RESERVED 0xFFFFC3FF /* Reserved/unused flags */
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-14 13:48:59 +00:00
|
|
|
static dissector_table_t enc_dissector_table;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
|
|
|
/* header fields */
|
2005-07-09 00:53:17 +00:00
|
|
|
static int proto_enc = -1;
|
|
|
|
static int hf_enc_af = -1;
|
|
|
|
static int hf_enc_spi = -1;
|
|
|
|
static int hf_enc_flags = -1;
|
2015-12-20 02:10:25 +00:00
|
|
|
static int hf_enc_flags_payload_enc = -1;
|
|
|
|
static int hf_enc_flags_payload_auth = -1;
|
|
|
|
static int hf_enc_flags_payload_compress = -1;
|
|
|
|
static int hf_enc_flags_header_auth = -1;
|
2016-12-30 08:48:25 +00:00
|
|
|
static int hf_enc_flags_reserved = -1;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
|
|
|
static gint ett_enc = -1;
|
2015-12-20 02:10:25 +00:00
|
|
|
static gint ett_enc_flag = -1;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-13 21:54:16 +00:00
|
|
|
static gboolean
|
2016-04-19 10:10:16 +00:00
|
|
|
capture_enc(const guchar *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
|
2003-03-07 16:52:46 +00:00
|
|
|
{
|
2005-12-06 22:56:37 +00:00
|
|
|
guint32 af;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-14 13:48:59 +00:00
|
|
|
if (!BYTES_ARE_IN_FRAME(0, len, BSD_ENC_HDRLEN))
|
2015-12-13 21:54:16 +00:00
|
|
|
return FALSE;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2017-12-26 18:06:52 +00:00
|
|
|
memcpy((char *)&af, (const char *)&pd[0], sizeof(af));
|
|
|
|
if ((af & 0xFFFF0000) != 0) {
|
|
|
|
/*
|
|
|
|
* BSD AF_ types will always have the upper 16 bits as 0, so if any
|
|
|
|
* of them are non-zero, the af field must be byte-swapped, and
|
|
|
|
* will, at least in DLT_ENC headers, always have at least one of
|
|
|
|
* the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
|
|
|
|
* 0), so if the af field is byte-swapped, at least one of the
|
|
|
|
* upper 16 bits will be 0.
|
|
|
|
*/
|
|
|
|
af = GUINT32_SWAP_LE_BE(af);
|
|
|
|
}
|
2015-12-15 00:25:31 +00:00
|
|
|
return try_capture_dissector("enc", af, pd, BSD_ENC_HDRLEN, len, cpinfo, pseudo_header);
|
2003-03-07 16:52:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static const value_string af_vals[] = {
|
2013-02-24 09:38:22 +00:00
|
|
|
{ BSD_AF_INET, "IPv4" },
|
|
|
|
{ BSD_AF_INET6_BSD, "IPv6" },
|
2012-04-26 16:47:37 +00:00
|
|
|
{ 0, NULL }
|
2003-03-07 16:52:46 +00:00
|
|
|
};
|
|
|
|
|
2015-11-15 13:00:10 +00:00
|
|
|
static int
|
|
|
|
dissect_enc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
2003-03-07 16:52:46 +00:00
|
|
|
{
|
2012-04-26 16:47:37 +00:00
|
|
|
struct enchdr ench;
|
2017-12-26 18:06:52 +00:00
|
|
|
guint writer_encoding;
|
2012-04-26 16:47:37 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
proto_tree *enc_tree;
|
|
|
|
proto_item *ti;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-20 02:10:25 +00:00
|
|
|
static const int *flags[] = {
|
|
|
|
&hf_enc_flags_payload_enc,
|
|
|
|
&hf_enc_flags_payload_auth,
|
|
|
|
&hf_enc_flags_payload_compress,
|
|
|
|
&hf_enc_flags_header_auth,
|
2016-12-30 08:48:25 +00:00
|
|
|
&hf_enc_flags_reserved,
|
2015-12-20 02:10:25 +00:00
|
|
|
NULL
|
|
|
|
};
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-20 02:10:25 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENC");
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2017-12-26 18:06:52 +00:00
|
|
|
/*
|
|
|
|
* Initially assume the file was written by a host with our byte order.
|
|
|
|
*/
|
|
|
|
writer_encoding = ENC_HOST_ENDIAN;
|
2016-12-30 15:01:16 +00:00
|
|
|
ench.af = tvb_get_h_guint32(tvb, 0);
|
2017-12-26 18:06:52 +00:00
|
|
|
if ((ench.af & 0xFFFF0000) != 0) {
|
|
|
|
/*
|
|
|
|
* BSD AF_ types will always have the upper 16 bits as 0, so if any
|
|
|
|
* of them are non-zero, the af field must be byte-swapped, and
|
|
|
|
* will, at least in DLT_ENC headers, always have at least one of
|
|
|
|
* the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
|
|
|
|
* 0), so if the af field is byte-swapped, at least one of the
|
|
|
|
* upper 16 bits will be 0.
|
|
|
|
*/
|
|
|
|
ench.af = GUINT32_SWAP_LE_BE(ench.af);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* It was written by a host with the *opposite* byte order.
|
|
|
|
*/
|
|
|
|
#if G_BYTE_ORDER == G_LITTLE_ENDIAN
|
|
|
|
writer_encoding = ENC_BIG_ENDIAN;
|
|
|
|
#else
|
|
|
|
writer_encoding = ENC_LITTLE_ENDIAN;
|
|
|
|
#endif
|
|
|
|
}
|
2015-12-20 02:10:25 +00:00
|
|
|
ench.spi = tvb_get_ntohl(tvb, 4);
|
2003-03-07 16:52:46 +00:00
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_enc, tvb, 0,
|
2012-07-19 03:28:39 +00:00
|
|
|
BSD_ENC_HDRLEN,
|
2015-12-20 02:10:25 +00:00
|
|
|
"Enc %s, SPI 0x%8.8x",
|
2012-04-26 16:47:37 +00:00
|
|
|
val_to_str(ench.af, af_vals, "unknown (%u)"),
|
2015-12-20 02:10:25 +00:00
|
|
|
ench.spi);
|
2003-03-07 16:52:46 +00:00
|
|
|
enc_tree = proto_item_add_subtree(ti, ett_enc);
|
|
|
|
|
2017-12-26 18:06:52 +00:00
|
|
|
proto_tree_add_item(enc_tree, hf_enc_af, tvb, 0, 4, writer_encoding);
|
2015-12-14 13:48:59 +00:00
|
|
|
proto_tree_add_item(enc_tree, hf_enc_spi, tvb, 4, 4, ENC_BIG_ENDIAN);
|
2017-12-26 18:06:52 +00:00
|
|
|
proto_tree_add_bitmask(enc_tree, tvb, 8, hf_enc_flags, ett_enc_flag, flags, writer_encoding);
|
2003-03-07 16:52:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Set the tvbuff for the payload after the header */
|
2012-07-19 03:28:39 +00:00
|
|
|
next_tvb = tvb_new_subset_remaining(tvb, BSD_ENC_HDRLEN);
|
2015-12-14 13:48:59 +00:00
|
|
|
if (!dissector_try_uint(enc_dissector_table, ench.af, next_tvb, pinfo, tree))
|
2016-03-20 00:33:14 +00:00
|
|
|
call_data_dissector(next_tvb, pinfo, tree);
|
2015-12-14 13:48:59 +00:00
|
|
|
|
2015-11-15 13:00:10 +00:00
|
|
|
return tvb_captured_length(tvb);
|
2003-03-07 16:52:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_enc(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_enc_af,
|
|
|
|
{ "Address Family", "enc.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
|
|
|
|
"Protocol (IPv4 vs IPv6)", HFILL }},
|
|
|
|
{ &hf_enc_spi,
|
|
|
|
{ "SPI", "enc.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"Security Parameter Index", HFILL }},
|
|
|
|
{ &hf_enc_flags,
|
|
|
|
{ "Flags", "enc.flags", FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
"ENC flags", HFILL }},
|
2015-12-20 02:10:25 +00:00
|
|
|
{ &hf_enc_flags_payload_enc,
|
|
|
|
{ "Payload encrypted", "enc.flags.payload_enc", FT_BOOLEAN, 32, NULL, BSD_ENC_M_CONF,
|
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_enc_flags_payload_auth,
|
2016-12-30 08:16:13 +00:00
|
|
|
{ "Payload authenticated", "enc.flags.payload_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH,
|
2015-12-20 02:10:25 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_enc_flags_payload_compress,
|
2016-12-30 08:16:13 +00:00
|
|
|
{ "Payload compressed", "enc.flags.payload_compress", FT_BOOLEAN, 32, NULL, BSD_ENC_M_COMP,
|
2015-12-20 02:10:25 +00:00
|
|
|
NULL, HFILL }},
|
|
|
|
{ &hf_enc_flags_header_auth,
|
2016-12-30 08:16:13 +00:00
|
|
|
{ "Header authenticated", "enc.flags.header_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH_AH,
|
2015-12-20 02:10:25 +00:00
|
|
|
NULL, HFILL }},
|
2016-12-30 08:48:25 +00:00
|
|
|
{ &hf_enc_flags_reserved,
|
|
|
|
{ "Reserved", "enc.flags.reserved", FT_UINT32, BASE_HEX, NULL, BSD_ENC_M_RESERVED,
|
|
|
|
NULL, HFILL }},
|
2015-12-20 02:10:25 +00:00
|
|
|
};
|
|
|
|
static gint *ett[] =
|
|
|
|
{
|
|
|
|
&ett_enc,
|
|
|
|
&ett_enc_flag
|
2003-03-07 16:52:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
proto_enc = proto_register_protocol("OpenBSD Encapsulating device",
|
2012-04-26 16:47:37 +00:00
|
|
|
"ENC", "enc");
|
2003-03-07 16:52:46 +00:00
|
|
|
proto_register_field_array(proto_enc, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2015-12-14 13:48:59 +00:00
|
|
|
|
2016-08-30 22:51:54 +00:00
|
|
|
enc_dissector_table = register_dissector_table("enc", "OpenBSD Encapsulating device", proto_enc, FT_UINT32, BASE_DEC);
|
2015-12-14 13:48:59 +00:00
|
|
|
register_capture_dissector_table("enc", "ENC");
|
2003-03-07 16:52:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_enc(void)
|
|
|
|
{
|
|
|
|
dissector_handle_t enc_handle;
|
2016-10-26 16:07:47 +00:00
|
|
|
capture_dissector_handle_t enc_cap_handle;
|
2003-03-07 16:52:46 +00:00
|
|
|
|
2015-12-09 03:49:44 +00:00
|
|
|
enc_handle = create_dissector_handle(dissect_enc, proto_enc);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_handle);
|
2015-12-13 21:54:16 +00:00
|
|
|
|
2016-10-26 16:07:47 +00:00
|
|
|
enc_cap_handle = create_capture_dissector_handle(capture_enc, proto_enc);
|
|
|
|
capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_cap_handle);
|
2003-03-07 16:52:46 +00:00
|
|
|
}
|
2014-09-29 18:07:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local Variables:
|
|
|
|
* c-basic-offset: 2
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* ex: set shiftwidth=2 tabstop=8 expandtab:
|
|
|
|
* :indentSize=2:tabSize=8:noTabs=true:
|
|
|
|
*/
|