2013-08-15 03:47:37 +00:00
|
|
|
/* packet-udt.c
|
2013-10-13 19:56:52 +00:00
|
|
|
*
|
2013-08-15 03:47:37 +00:00
|
|
|
* Routines for UDT packet dissection
|
2017-07-20 18:03:18 +00:00
|
|
|
* http://udt.sourceforge.net
|
|
|
|
* draft-gg-udt
|
2013-08-15 03:47:37 +00:00
|
|
|
*
|
|
|
|
* Copyright 2013 (c) chas williams <chas@cmf.nrl.navy.mil>
|
2013-10-13 19:56:52 +00:00
|
|
|
*
|
2013-08-15 03:47:37 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* Copied from packet-tftp.c
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2013-08-15 03:47:37 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/conversation.h>
|
|
|
|
#include <epan/expert.h>
|
2017-07-13 21:00:59 +00:00
|
|
|
#include <epan/wmem/wmem.h>
|
2013-08-15 03:47:37 +00:00
|
|
|
|
2017-07-04 14:38:24 +00:00
|
|
|
/*
|
|
|
|
* Per-conversation information
|
|
|
|
*/
|
|
|
|
typedef struct _udt_conversation {
|
|
|
|
gboolean is_dtls;
|
2017-07-04 14:38:54 +00:00
|
|
|
guint32 isn;
|
2017-07-04 14:38:24 +00:00
|
|
|
} udt_conversation;
|
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
/*
|
|
|
|
* based on http://tools.ietf.org/html/draft-gg-udt-03
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define UDT_TYPE_DATA 0
|
|
|
|
#define UDT_TYPE_CONTROL 1
|
|
|
|
|
|
|
|
#define UDT_PACKET_TYPE_HANDSHAKE 0x0000
|
|
|
|
#define UDT_PACKET_TYPE_KEEPALIVE 0x0001
|
|
|
|
#define UDT_PACKET_TYPE_ACK 0x0002
|
|
|
|
#define UDT_PACKET_TYPE_NAK 0x0003
|
|
|
|
#define UDT_PACKET_TYPE_SHUTDOWN 0x0005
|
|
|
|
#define UDT_PACKET_TYPE_ACK2 0x0006
|
|
|
|
|
2016-07-21 02:25:15 +00:00
|
|
|
#define UDT_HANDSHAKE_TYPE_STREAM 1
|
|
|
|
#define UDT_HANDSHAKE_TYPE_DGRAM 2
|
2013-08-15 03:47:37 +00:00
|
|
|
|
2017-07-13 21:00:59 +00:00
|
|
|
#define UDT_CONTROL_OFFSET 16 /* Offset of control information field */
|
|
|
|
#define UDT_MAX_NAK_ENTRIES 8 /* max number of NAK entries displayed in summary */
|
|
|
|
#define UDT_MAX_NAK_LENGTH (UDT_CONTROL_OFFSET + UDT_MAX_NAK_ENTRIES*4)
|
|
|
|
|
2013-12-10 19:50:20 +00:00
|
|
|
void proto_register_udt(void);
|
|
|
|
void proto_reg_handoff_udt(void);
|
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
static const value_string udt_packet_types[] = {
|
|
|
|
{UDT_PACKET_TYPE_HANDSHAKE, "handshake"},
|
|
|
|
{UDT_PACKET_TYPE_KEEPALIVE, "keepalive"},
|
2014-03-17 15:58:22 +00:00
|
|
|
{UDT_PACKET_TYPE_ACK, "ack"},
|
|
|
|
{UDT_PACKET_TYPE_NAK, "nak"},
|
|
|
|
{UDT_PACKET_TYPE_SHUTDOWN, "shutdown"},
|
|
|
|
{UDT_PACKET_TYPE_ACK2, "ack2"},
|
2013-08-15 03:47:37 +00:00
|
|
|
{0, NULL},
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string udt_handshake_types[] = {
|
|
|
|
{UDT_HANDSHAKE_TYPE_STREAM, "STREAM"},
|
2014-03-17 15:58:22 +00:00
|
|
|
{UDT_HANDSHAKE_TYPE_DGRAM, "DGRAM"},
|
2013-08-15 03:47:37 +00:00
|
|
|
{0, NULL},
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string udt_types[] = {
|
2014-03-17 15:58:22 +00:00
|
|
|
{UDT_TYPE_DATA, "DATA"},
|
2013-08-15 03:47:37 +00:00
|
|
|
{UDT_TYPE_CONTROL, "CONTROL"},
|
|
|
|
{0, NULL},
|
|
|
|
};
|
|
|
|
|
|
|
|
static int proto_udt = -1;
|
|
|
|
static int hf_udt_iscontrol = -1;
|
|
|
|
static int hf_udt_type = -1;
|
|
|
|
static int hf_udt_seqno = -1;
|
|
|
|
static int hf_udt_ack_seqno = -1;
|
|
|
|
static int hf_udt_ackno = -1;
|
|
|
|
static int hf_udt_msgno = -1;
|
|
|
|
static int hf_udt_msgno_first = -1;
|
|
|
|
static int hf_udt_msgno_last = -1;
|
|
|
|
static int hf_udt_msgno_inorder = -1;
|
|
|
|
static int hf_udt_timestamp = -1;
|
|
|
|
static int hf_udt_id = -1;
|
|
|
|
static int hf_udt_addinfo = -1;
|
|
|
|
static int hf_udt_rtt = -1;
|
|
|
|
static int hf_udt_rttvar = -1;
|
|
|
|
static int hf_udt_bufavail = -1;
|
|
|
|
static int hf_udt_rate = -1;
|
|
|
|
static int hf_udt_linkcap = -1;
|
|
|
|
static int hf_udt_handshake_version = -1;
|
|
|
|
static int hf_udt_handshake_type = -1;
|
|
|
|
static int hf_udt_handshake_isn = -1;
|
|
|
|
static int hf_udt_handshake_mtu = -1;
|
|
|
|
static int hf_udt_handshake_flow_window = -1;
|
|
|
|
static int hf_udt_handshake_reqtype = -1;
|
|
|
|
static int hf_udt_handshake_id = -1;
|
|
|
|
static int hf_udt_handshake_cookie = -1;
|
|
|
|
static int hf_udt_handshake_peerip = -1;
|
|
|
|
|
|
|
|
static gint ett_udt = -1;
|
|
|
|
|
|
|
|
static expert_field ei_udt_nak_seqno = EI_INIT;
|
|
|
|
|
|
|
|
static dissector_handle_t udt_handle;
|
|
|
|
|
2016-12-03 21:58:34 +00:00
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
|
|
|
|
2017-07-04 14:38:54 +00:00
|
|
|
static int get_sqn(udt_conversation *udt_conv, guint32 sqn)
|
|
|
|
{
|
|
|
|
if (udt_conv)
|
|
|
|
sqn -= udt_conv->isn;
|
|
|
|
|
|
|
|
return (sqn);
|
|
|
|
}
|
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
static int
|
2014-03-17 15:58:22 +00:00
|
|
|
dissect_udt(tvbuff_t *tvb, packet_info* pinfo, proto_tree *parent_tree,
|
2013-08-15 03:47:37 +00:00
|
|
|
void *data _U_)
|
|
|
|
{
|
2016-12-03 21:58:34 +00:00
|
|
|
proto_tree *tree;
|
|
|
|
proto_item *udt_item;
|
|
|
|
int is_control, type;
|
|
|
|
guint i;
|
|
|
|
conversation_t *conv;
|
|
|
|
udt_conversation *udt_conv;
|
|
|
|
heur_dtbl_entry_t *hdtbl_entry;
|
2017-07-04 14:38:54 +00:00
|
|
|
|
|
|
|
conv = find_or_create_conversation(pinfo);
|
|
|
|
udt_conv = (udt_conversation *)conversation_get_proto_data(conv, proto_udt);
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDT");
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
|
|
|
|
|
|
|
is_control = tvb_get_ntohl(tvb, 0) & 0x80000000;
|
|
|
|
type = (tvb_get_ntohl(tvb, 0) >> 16) & 0x7fff;
|
|
|
|
|
2016-07-21 02:25:15 +00:00
|
|
|
if (is_control) {
|
|
|
|
const char *typestr = val_to_str(type, udt_packet_types,
|
|
|
|
"Unknown Control Type (%x)");
|
|
|
|
switch (type) {
|
|
|
|
case UDT_PACKET_TYPE_ACK:
|
2017-07-04 14:38:54 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "UDT type: ack seqno: %u",
|
|
|
|
get_sqn(udt_conv, tvb_get_ntohl(tvb, 16)));
|
2016-07-21 02:25:15 +00:00
|
|
|
break;
|
|
|
|
case UDT_PACKET_TYPE_ACK2:
|
2017-07-04 14:38:54 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "UDT type: ack2");
|
2016-07-21 02:25:15 +00:00
|
|
|
break;
|
|
|
|
case UDT_PACKET_TYPE_NAK: {
|
2017-07-13 21:00:59 +00:00
|
|
|
wmem_strbuf_t *nakstr = wmem_strbuf_new(wmem_packet_scope(), "");
|
|
|
|
guint max = tvb_reported_length(tvb);
|
|
|
|
if (max > UDT_MAX_NAK_LENGTH)
|
|
|
|
max = UDT_MAX_NAK_LENGTH;
|
|
|
|
|
|
|
|
for (i = UDT_CONTROL_OFFSET; i <= (max-4) ; i = i + 4) {
|
2016-07-21 02:25:15 +00:00
|
|
|
guint32 start, finish;
|
|
|
|
int is_range;
|
|
|
|
|
|
|
|
is_range = tvb_get_ntohl(tvb, i) & 0x80000000;
|
2017-07-04 14:38:54 +00:00
|
|
|
start = get_sqn(udt_conv, tvb_get_ntohl(tvb, i) & 0x7fffffff);
|
2016-07-21 02:25:15 +00:00
|
|
|
|
|
|
|
if (is_range) {
|
2017-07-13 21:00:59 +00:00
|
|
|
if (i > (max-8)) {
|
|
|
|
// Message is truncated
|
|
|
|
break;
|
|
|
|
}
|
2017-07-04 14:38:54 +00:00
|
|
|
finish = get_sqn(udt_conv, tvb_get_ntohl(tvb, i + 4) & 0x7fffffff);
|
2017-07-13 21:00:59 +00:00
|
|
|
wmem_strbuf_append_printf(nakstr, "%s%u-%u",
|
|
|
|
i == UDT_CONTROL_OFFSET? "":",",
|
|
|
|
start, finish);
|
2016-07-21 02:25:15 +00:00
|
|
|
i = i + 4;
|
|
|
|
} else {
|
2017-07-13 21:00:59 +00:00
|
|
|
wmem_strbuf_append_printf(nakstr, "%s%u",
|
|
|
|
i == UDT_CONTROL_OFFSET? "":",",
|
|
|
|
start);
|
2016-07-21 02:25:15 +00:00
|
|
|
}
|
|
|
|
}
|
2017-07-13 21:00:59 +00:00
|
|
|
|
|
|
|
// Add ellipsis if the list was too long
|
|
|
|
if (max != tvb_reported_length(tvb))
|
|
|
|
wmem_strbuf_append(nakstr, "...");
|
|
|
|
|
2017-07-04 14:38:54 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "UDT type: %s missing:%s",
|
2017-07-13 21:00:59 +00:00
|
|
|
typestr, wmem_strbuf_get_str(nakstr));
|
2016-07-21 02:25:15 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
2017-07-04 14:38:54 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "UDT type: %s", typestr);
|
2016-07-21 02:25:15 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
2013-08-15 03:47:37 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO,
|
2017-07-04 14:38:54 +00:00
|
|
|
"UDT type: data seqno: %u msgno: %u",
|
|
|
|
get_sqn(udt_conv, tvb_get_ntohl(tvb, 0) & 0x7fffffff),
|
|
|
|
tvb_get_ntohl(tvb, 4) & 0x1fffffff);
|
2016-07-21 02:25:15 +00:00
|
|
|
}
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
udt_item = proto_tree_add_item(parent_tree, proto_udt, tvb,
|
|
|
|
0, -1, ENC_NA);
|
|
|
|
tree = proto_item_add_subtree(udt_item, ett_udt);
|
|
|
|
|
|
|
|
proto_tree_add_item(tree, hf_udt_iscontrol, tvb, 0, 4, ENC_BIG_ENDIAN);
|
|
|
|
if (is_control) {
|
2014-03-17 15:58:22 +00:00
|
|
|
if (tree) {
|
2016-07-21 02:25:15 +00:00
|
|
|
proto_tree_add_item(tree, hf_udt_type, tvb, 0, 4,
|
2013-08-15 03:47:37 +00:00
|
|
|
ENC_BIG_ENDIAN);
|
2014-03-17 15:58:22 +00:00
|
|
|
switch (type) {
|
|
|
|
case UDT_PACKET_TYPE_ACK:
|
|
|
|
proto_tree_add_item(tree, hf_udt_ackno, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
break;
|
|
|
|
case UDT_PACKET_TYPE_ACK2:
|
|
|
|
proto_tree_add_item(tree, hf_udt_ackno, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
proto_tree_add_item(tree, hf_udt_addinfo, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
}
|
|
|
|
proto_tree_add_item(tree, hf_udt_timestamp, tvb, 8, 4,
|
2013-08-15 03:47:37 +00:00
|
|
|
ENC_BIG_ENDIAN);
|
2014-03-17 15:58:22 +00:00
|
|
|
proto_tree_add_item(tree, hf_udt_id, tvb, 12, 4,
|
2013-08-15 03:47:37 +00:00
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case UDT_PACKET_TYPE_HANDSHAKE:
|
2014-03-17 15:58:22 +00:00
|
|
|
if (tree) {
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_version, tvb,
|
|
|
|
16, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_type, tvb,
|
|
|
|
20, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_isn, tvb,
|
|
|
|
24, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_mtu, tvb,
|
|
|
|
28, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_flow_window, tvb,
|
|
|
|
32, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_reqtype, tvb,
|
|
|
|
36, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_id, tvb,
|
|
|
|
40, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_cookie, tvb,
|
|
|
|
44, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_handshake_peerip, tvb,
|
|
|
|
48, 16, ENC_NA);
|
|
|
|
proto_item_set_len(udt_item, 64);
|
|
|
|
}
|
2013-08-15 03:47:37 +00:00
|
|
|
break;
|
|
|
|
case UDT_PACKET_TYPE_ACK:
|
2014-03-17 15:58:22 +00:00
|
|
|
if (tree) {
|
2016-07-21 02:25:15 +00:00
|
|
|
int len = tvb_reported_length(tvb);
|
2017-07-04 14:38:54 +00:00
|
|
|
guint32 real_sqn = tvb_get_ntohl(tvb, 16);
|
|
|
|
guint32 sqn = get_sqn(udt_conv, real_sqn);
|
|
|
|
if (sqn != real_sqn)
|
|
|
|
proto_tree_add_uint_format_value(tree, hf_udt_ack_seqno, tvb, 16, 4, real_sqn,
|
|
|
|
"%d (relative) [%d]", sqn, real_sqn);
|
|
|
|
else
|
|
|
|
proto_tree_add_uint(tree, hf_udt_ack_seqno, tvb, 16, 4, real_sqn);
|
|
|
|
|
2016-07-21 02:25:15 +00:00
|
|
|
/* if not a light ack, decode the extended fields */
|
|
|
|
if (len < 32) {
|
|
|
|
proto_item_set_len(udt_item, 20);
|
|
|
|
} else {
|
|
|
|
proto_tree_add_item(tree, hf_udt_rtt, tvb, 20, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_rttvar, tvb, 24, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_bufavail, tvb, 28, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
if (len >= 40) {
|
|
|
|
proto_tree_add_item(tree, hf_udt_rate, tvb,
|
|
|
|
32, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_linkcap, tvb,
|
|
|
|
36, 4, ENC_BIG_ENDIAN);
|
|
|
|
proto_item_set_len(udt_item, 40);
|
|
|
|
} else {
|
|
|
|
proto_item_set_len(udt_item, 32);
|
|
|
|
}
|
2014-03-17 15:58:22 +00:00
|
|
|
}
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case UDT_PACKET_TYPE_NAK:
|
2017-07-13 21:00:59 +00:00
|
|
|
for (i = 16; i <= (tvb_reported_length(tvb)-4); i = i + 4) {
|
2017-07-04 14:38:54 +00:00
|
|
|
guint32 real_start, real_finish;
|
2013-08-15 03:47:37 +00:00
|
|
|
guint32 start, finish;
|
2014-03-17 15:58:22 +00:00
|
|
|
int is_range;
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
is_range = tvb_get_ntohl(tvb, i) & 0x80000000;
|
2017-07-04 14:38:54 +00:00
|
|
|
real_start = tvb_get_ntohl(tvb, i) & 0x7fffffff;
|
|
|
|
start = get_sqn(udt_conv, real_start);
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
if (is_range) {
|
2017-07-13 21:00:59 +00:00
|
|
|
if (i > (tvb_reported_length(tvb)-8)) {
|
|
|
|
// Message is truncated - bail
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2017-07-04 14:38:54 +00:00
|
|
|
real_finish = tvb_get_ntohl(tvb, i + 4) & 0x7fffffff;
|
|
|
|
finish = get_sqn(udt_conv, real_finish);
|
|
|
|
|
|
|
|
if (start != real_start)
|
|
|
|
proto_tree_add_expert_format(tree, pinfo, &ei_udt_nak_seqno,
|
|
|
|
tvb, i, 8,
|
2017-07-13 21:00:59 +00:00
|
|
|
"Missing Sequence Numbers: "
|
2017-07-04 14:38:54 +00:00
|
|
|
"%u-%u (relative) [%u-%u]",
|
|
|
|
start, finish, real_start, real_finish);
|
|
|
|
else
|
|
|
|
proto_tree_add_expert_format(tree, pinfo, &ei_udt_nak_seqno,
|
|
|
|
tvb, i, 8,
|
2017-07-13 21:00:59 +00:00
|
|
|
"Missing Sequence Numbers: %u-%u",
|
2017-07-04 14:38:54 +00:00
|
|
|
real_start, real_finish);
|
2013-08-15 03:47:37 +00:00
|
|
|
i = i + 4;
|
|
|
|
} else {
|
2017-07-04 14:38:54 +00:00
|
|
|
if (start != real_start)
|
|
|
|
proto_tree_add_expert_format(tree, pinfo, &ei_udt_nak_seqno,
|
|
|
|
tvb, i, 4,
|
2017-07-13 21:00:59 +00:00
|
|
|
"Missing Sequence Number : %u (relative) [%u]",
|
2017-07-04 14:38:54 +00:00
|
|
|
start, real_start);
|
|
|
|
else
|
|
|
|
proto_tree_add_expert_format(tree, pinfo, &ei_udt_nak_seqno,
|
|
|
|
tvb, i, 4,
|
2017-07-13 21:00:59 +00:00
|
|
|
"Missing Sequence Number : %u", real_start);
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-17 15:58:22 +00:00
|
|
|
proto_item_set_len(udt_item, tvb_reported_length(tvb));
|
2013-08-15 03:47:37 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* otherwise, a data packet */
|
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
|
2014-03-17 15:58:22 +00:00
|
|
|
if (tree) {
|
2017-07-04 14:38:54 +00:00
|
|
|
guint32 real_seqno = tvb_get_ntohl(tvb, 0);
|
|
|
|
guint32 seqno = get_sqn(udt_conv, real_seqno);
|
|
|
|
if (seqno != real_seqno)
|
|
|
|
proto_tree_add_uint_format_value(tree, hf_udt_seqno, tvb, 0, 4, real_seqno,
|
|
|
|
"%u (relative) [%u]", seqno, real_seqno);
|
|
|
|
else
|
|
|
|
proto_tree_add_uint(tree, hf_udt_seqno, tvb, 0, 4, real_seqno);
|
2014-03-17 15:58:22 +00:00
|
|
|
proto_tree_add_item(tree, hf_udt_msgno_first, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_msgno_last, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_msgno_inorder, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_msgno, tvb, 4, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_timestamp, tvb, 8, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
|
|
|
proto_tree_add_item(tree, hf_udt_id, tvb, 12, 4,
|
|
|
|
ENC_BIG_ENDIAN);
|
2013-08-15 03:47:37 +00:00
|
|
|
|
2014-03-17 15:58:22 +00:00
|
|
|
}
|
2016-12-03 21:58:34 +00:00
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
next_tvb = tvb_new_subset_remaining(tvb, 16);
|
2016-12-03 21:58:34 +00:00
|
|
|
|
|
|
|
// Try heuristic dissectors first...
|
|
|
|
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent_tree, &hdtbl_entry, NULL))
|
|
|
|
call_data_dissector(next_tvb, pinfo, parent_tree);
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
|
|
|
|
2014-03-17 15:58:22 +00:00
|
|
|
return tvb_reported_length(tvb);
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
2017-07-04 14:38:24 +00:00
|
|
|
dissect_udt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, gboolean is_dtls)
|
2013-08-15 03:47:37 +00:00
|
|
|
{
|
|
|
|
conversation_t *conv;
|
2017-07-04 14:38:24 +00:00
|
|
|
udt_conversation *udt_conv;
|
2013-10-13 19:56:52 +00:00
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
conv = find_or_create_conversation(pinfo);
|
2017-07-04 14:38:24 +00:00
|
|
|
udt_conv = (udt_conversation *)conversation_get_proto_data(conv, proto_udt);
|
|
|
|
|
|
|
|
if (udt_conv) {
|
|
|
|
// Already identified conversation as UDT - BUT we might have been called from
|
|
|
|
// the other dissector.
|
|
|
|
if (is_dtls != udt_conv->is_dtls)
|
|
|
|
return FALSE;
|
|
|
|
dissect_udt(tvb, pinfo, tree, data);
|
|
|
|
} else {
|
|
|
|
// Check if this is UDT...
|
|
|
|
|
|
|
|
/* Must have at least 24 captured bytes for heuristic check */
|
|
|
|
if (tvb_captured_length(tvb) < 24)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* detect handshake control packet */
|
|
|
|
if (tvb_get_ntohl(tvb, 0) != (0x80000000 | UDT_PACKET_TYPE_HANDSHAKE))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* must be version 4 */
|
|
|
|
if ((tvb_get_ntohl(tvb, 16) != 4))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* must be datagram or stream */
|
|
|
|
if ((tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_DGRAM)
|
|
|
|
&& (tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_STREAM))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* This looks like UDT! */
|
|
|
|
udt_conv = wmem_new0(wmem_file_scope(), udt_conversation);
|
|
|
|
udt_conv->is_dtls = is_dtls;
|
2017-07-04 14:38:54 +00:00
|
|
|
/* Save initial sequence number if sufficient bytes were captured */
|
|
|
|
if (tvb_captured_length(tvb) >= 28)
|
|
|
|
udt_conv->isn = tvb_get_ntohl(tvb, 24);
|
2017-07-04 14:38:24 +00:00
|
|
|
conversation_add_proto_data(conv, proto_udt, udt_conv);
|
|
|
|
// DTLS should remain the dissector of record for encrypted conversations
|
|
|
|
if (!is_dtls)
|
|
|
|
conversation_set_dissector(conv, udt_handle);
|
|
|
|
|
|
|
|
dissect_udt(tvb, pinfo, tree, data);
|
|
|
|
}
|
2013-08-15 03:47:37 +00:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2017-07-04 14:38:24 +00:00
|
|
|
static gboolean
|
|
|
|
dissect_udt_heur_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
|
|
|
{
|
|
|
|
return dissect_udt_heur(tvb, pinfo, tree, data, FALSE /* Not DTLS */);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
dissect_udt_heur_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
|
|
|
{
|
|
|
|
return dissect_udt_heur(tvb, pinfo, tree, data, TRUE /* Is DTLS */);
|
|
|
|
}
|
|
|
|
|
2013-08-15 03:47:37 +00:00
|
|
|
void proto_register_udt(void)
|
|
|
|
{
|
|
|
|
expert_module_t *expert_udt;
|
|
|
|
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{&hf_udt_iscontrol, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Type", "udt.iscontrol",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
VALS(udt_types), 0x80000000, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_type, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Type", "udt.type",
|
2016-07-21 02:25:15 +00:00
|
|
|
FT_UINT32, BASE_HEX,
|
|
|
|
VALS(udt_packet_types), 0x7fff0000, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_seqno, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Sequence Number", "udt.seqno",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x7fffffff, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_addinfo, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Additional Info", "udt.addinfo",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_msgno, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Message Number", "udt.msgno",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x1fffffff, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_msgno_first, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"First Indicator", "udt.msg.first",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x80000000, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_msgno_last, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Last Indicator", "udt.msg.last",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x40000000, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_msgno_inorder, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"In-Order Indicator", "udt.msg.order",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0x20000000, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_timestamp, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Timestamp", "udt.timestamp",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_id, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"ID", "udt.id",
|
|
|
|
FT_UINT32, BASE_HEX,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_ack_seqno, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Ack Sequence Number", "udt.ack_seqno",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_ackno, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Ack Number", "udt.ackno",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_rtt, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"RTT (microseconds)", "udt.rtt",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_rttvar, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"RTT Variance (microseconds)", "udt.rttvar",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_bufavail, {
|
2016-07-21 02:25:15 +00:00
|
|
|
"Buffer Available (packets)", "udt.buf",
|
2014-03-17 15:58:22 +00:00
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_rate, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Rate (packets/second)", "udt.rate",
|
|
|
|
FT_UINT32, BASE_DEC,
|
2013-08-15 03:47:37 +00:00
|
|
|
NULL, 0, NULL, HFILL}},
|
|
|
|
|
|
|
|
{&hf_udt_linkcap, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Link Capacity (packets/second)", "udt.linkcap",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_version, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Version", "udt.hs.version",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_type, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Type", "udt.hs.type",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
VALS(udt_handshake_types), 0, NULL,
|
|
|
|
HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_isn, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Initial Sequence Number", "udt.hs.isn",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_mtu, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"MTU", "udt.hs.mtu",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_flow_window, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Flow Window", "udt.hs.flow_window",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_reqtype, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Requested Type", "udt.hs.reqtype",
|
|
|
|
FT_INT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_id, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"ID", "udt.hs.id",
|
|
|
|
FT_UINT32, BASE_DEC,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_cookie, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"SYN Cookie", "udt.hs.cookie",
|
|
|
|
FT_UINT32, BASE_HEX,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
{&hf_udt_handshake_peerip, {
|
2014-03-17 15:58:22 +00:00
|
|
|
"Peer IP Address", "udt.hs.peerip",
|
|
|
|
FT_BYTES, BASE_NONE,
|
|
|
|
NULL, 0, NULL, HFILL}},
|
2013-08-15 03:47:37 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_udt,
|
|
|
|
};
|
|
|
|
|
|
|
|
static ei_register_info ei[] = {
|
|
|
|
{ &ei_udt_nak_seqno,
|
|
|
|
{ "udt.nak_seqno", PI_SEQUENCE, PI_NOTE,
|
|
|
|
"Missing Sequence Number(s)", EXPFILL }},
|
2014-03-17 15:58:22 +00:00
|
|
|
};
|
2013-08-15 03:47:37 +00:00
|
|
|
|
|
|
|
proto_udt = proto_register_protocol("UDT Protocol", "UDT", "udt");
|
|
|
|
proto_register_field_array(proto_udt, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
|
|
|
expert_udt = expert_register_protocol(proto_udt);
|
|
|
|
expert_register_field_array(expert_udt, ei, array_length(ei));
|
2017-07-04 14:38:24 +00:00
|
|
|
|
|
|
|
register_dissector("udt", dissect_udt, proto_udt);
|
2016-12-03 21:58:34 +00:00
|
|
|
|
|
|
|
heur_subdissector_list = register_heur_dissector_list("udt", proto_udt);
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void proto_reg_handoff_udt(void)
|
|
|
|
{
|
2015-12-09 03:49:44 +00:00
|
|
|
udt_handle = create_dissector_handle(dissect_udt, proto_udt);
|
2013-08-15 03:47:37 +00:00
|
|
|
|
2017-07-04 14:38:24 +00:00
|
|
|
heur_dissector_add("udp", dissect_udt_heur_udp, "UDT over UDP", "udt_udp", proto_udt, HEURISTIC_ENABLE);
|
|
|
|
heur_dissector_add("dtls", dissect_udt_heur_dtls, "UDT over DTLS", "udt_dtls", proto_udt, HEURISTIC_ENABLE);
|
2016-10-05 20:33:54 +00:00
|
|
|
dissector_add_for_decode_as_with_preference("udp.port", udt_handle);
|
2013-08-15 03:47:37 +00:00
|
|
|
}
|
2014-03-17 15:58:22 +00:00
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|