2001-12-19 21:14:49 +00:00
|
|
|
/* packet-vj.c
|
2004-12-24 22:21:23 +00:00
|
|
|
* Routines for Van Jacobson header decompression. (See RFC 1144.)
|
2001-12-19 21:14:49 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-12-19 21:14:49 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-12-19 21:14:49 +00:00
|
|
|
*
|
|
|
|
* This file created by Irfan Khan <ikhan@qualcomm.com>
|
|
|
|
* Copyright (c) 2001 by QUALCOMM, Incorporated.
|
|
|
|
* All Rights reserved.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2002-05-20 00:56:30 +00:00
|
|
|
* Routines to compress and uncompress TCP packets (for transmission
|
2001-12-19 21:14:49 +00:00
|
|
|
* over low speed serial lines).
|
|
|
|
*
|
|
|
|
* Copyright (c) 1989 Regents of the University of California.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms are permitted
|
|
|
|
* provided that the above copyright notice and this paragraph are
|
|
|
|
* duplicated in all such forms and that any documentation,
|
|
|
|
* advertising materials, and other materials related to such
|
|
|
|
* distribution and use acknowledge that the software was developed
|
|
|
|
* by the University of California, Berkeley. The name of the
|
|
|
|
* University may not be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
|
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
*
|
|
|
|
* Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
|
|
|
|
* - Initial distribution.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* modified for KA9Q Internet Software Package by
|
|
|
|
* Katie Stevens (dkstevens@ucdavis.edu)
|
|
|
|
* University of California, Davis
|
|
|
|
* Computing Services
|
|
|
|
* - 01-31-90 initial adaptation (from 1.19)
|
|
|
|
* PPP.05 02-15-90 [ks]
|
|
|
|
* PPP.08 05-02-90 [ks] use PPP protocol field to signal compression
|
|
|
|
* PPP.15 09-90 [ks] improve mbuf handling
|
|
|
|
* PPP.16 11-02 [karn] substantially rewritten to use NOS facilities
|
|
|
|
*
|
|
|
|
* - Feb 1991 Bill_Simpson@um.cc.umich.edu
|
|
|
|
* variable number of conversation slots
|
|
|
|
* allow zero or one slots
|
|
|
|
* separate routines
|
|
|
|
* status display
|
|
|
|
* - Jul 1994 Dmitry Gorodchanin
|
|
|
|
* Fixes for memory leaks.
|
|
|
|
* - Oct 1994 Dmitry Gorodchanin
|
|
|
|
* Modularization.
|
|
|
|
* - Jan 1995 Bjorn Ekwall
|
|
|
|
* Use ip_fast_csum from ip.h
|
|
|
|
* - July 1995 Christos A. Polyzols
|
|
|
|
* Spotted bug in tcp option checking
|
2002-08-28 21:04:11 +00:00
|
|
|
* - Sep 2001 Irfan Khan
|
2006-05-21 04:49:01 +00:00
|
|
|
* Rewrite to make the code work for wireshark.
|
2001-12-19 21:14:49 +00:00
|
|
|
*/
|
|
|
|
|
2012-09-20 02:03:38 +00:00
|
|
|
#include "config.h"
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
#include <string.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2001-12-19 21:14:49 +00:00
|
|
|
#include "packet-ppp.h"
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/ppptypes.h>
|
2004-09-29 00:52:45 +00:00
|
|
|
#include <epan/ipproto.h>
|
2004-09-28 00:06:32 +00:00
|
|
|
#include <epan/in_cksum.h>
|
2005-08-12 21:21:49 +00:00
|
|
|
#include <epan/emem.h>
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Define relevant IP/TCP parameters */
|
2002-05-20 00:56:30 +00:00
|
|
|
#define IP_FIELD_TOT_LEN 2 /* Total length field in IP hdr */
|
|
|
|
#define IP_FIELD_PROTOCOL 9 /* Protocol field byte in IP hdr */
|
|
|
|
#define IP_ADDR_SIZE 4 /* Size in bytes of IPv4 address */
|
2001-12-19 21:14:49 +00:00
|
|
|
#define IP_FIELD_SRC 12 /* Byte 12 in IP hdr - src address */
|
|
|
|
#define IP_FIELD_DST 16 /* Byte 16 in IP hdr - dst address */
|
|
|
|
#define IP_HDR_LEN 20 /* Minimum IP header length */
|
|
|
|
#define IP_HDR_LEN_MASK 0x0f /* Mask for header length field */
|
|
|
|
#define IP_MAX_OPT_LEN 44 /* Max length of IP options */
|
2002-05-22 09:49:28 +00:00
|
|
|
#define TCP_FIELD_HDR_LEN 12 /* Data offset field in TCP hdr */
|
2001-12-19 21:14:49 +00:00
|
|
|
#define TCP_HDR_LEN 20 /* Minimum TCP header length */
|
2002-01-10 22:07:49 +00:00
|
|
|
#define TCP_MAX_OPT_LEN 44 /* Max length of TCP options */
|
2001-12-19 21:14:49 +00:00
|
|
|
#define TCP_SIMUL_CONV_MAX 256 /* Max number of simul. TCP conversations */
|
2002-01-10 22:07:49 +00:00
|
|
|
#define TCP_PUSH_BIT 0x08 /* TCP push bit */
|
|
|
|
#define TCP_URG_BIT 0x20 /* TCP urgent bit */
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Bits in first octet of compressed packet */
|
|
|
|
/* flag bits for what changed in a packet */
|
2002-05-20 00:56:30 +00:00
|
|
|
#define NEW_C 0x40 /* Connection number changed */
|
|
|
|
#define NEW_I 0x20 /* IP sequence number change by value != 1 */
|
|
|
|
#define CHANGE_PUSH_BIT 0x10 /* TCP push bit set */
|
|
|
|
#define NEW_S 0x08 /* Sequence number changed */
|
|
|
|
#define NEW_A 0x04 /* Ack sequence number changed */
|
|
|
|
#define NEW_W 0x02 /* Window changed */
|
|
|
|
#define NEW_U 0x01 /* Urgent pointer present */
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* reserved, special-case values of above */
|
|
|
|
#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */
|
|
|
|
#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U)/* unidirectional data */
|
|
|
|
#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U)
|
|
|
|
|
|
|
|
/* Function return values */
|
|
|
|
#define VJ_OK 0
|
|
|
|
#define VJ_ERROR -1
|
|
|
|
|
|
|
|
/* Define for 0 */
|
|
|
|
#define ZERO 0
|
|
|
|
|
|
|
|
/* VJ Mem Chunk defines */
|
2001-12-19 22:39:59 +00:00
|
|
|
#define VJ_DATA_SIZE 128 /* Max IP hdr(64)+Max TCP hdr(64) */
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* IP and TCP header types */
|
|
|
|
typedef struct {
|
2002-01-10 22:07:49 +00:00
|
|
|
guint8 ihl_version;
|
2001-12-19 21:14:49 +00:00
|
|
|
guint8 tos;
|
|
|
|
guint16 tot_len;
|
|
|
|
guint16 id;
|
|
|
|
guint16 frag_off;
|
|
|
|
guint8 ttl;
|
|
|
|
guint8 proto;
|
|
|
|
guint16 cksum;
|
|
|
|
guint32 src;
|
|
|
|
guint32 dst;
|
2002-05-20 00:56:30 +00:00
|
|
|
} iphdr_type;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
guint16 srcport;
|
|
|
|
guint16 dstport;
|
|
|
|
guint32 seq;
|
|
|
|
guint32 ack_seq;
|
2002-01-10 22:07:49 +00:00
|
|
|
guint8 off_x2;
|
|
|
|
guint8 flags;
|
2001-12-19 21:14:49 +00:00
|
|
|
guint16 window;
|
|
|
|
guint16 cksum;
|
|
|
|
guint16 urg_ptr;
|
|
|
|
} tcphdr_type;
|
|
|
|
|
2002-01-10 22:07:49 +00:00
|
|
|
#define TCP_OFFSET(th) (((th)->off_x2 & 0xf0) >> 4)
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* State per active tcp conversation */
|
|
|
|
typedef struct cstate {
|
2002-08-28 21:04:11 +00:00
|
|
|
iphdr_type cs_ip;
|
2001-12-19 21:14:49 +00:00
|
|
|
tcphdr_type cs_tcp;
|
|
|
|
guint8 cs_ipopt[IP_MAX_OPT_LEN];
|
|
|
|
guint8 cs_tcpopt[TCP_MAX_OPT_LEN];
|
2002-05-22 09:49:28 +00:00
|
|
|
guint32 flags;
|
|
|
|
#define SLF_TOSS 0x00000001 /* tossing rcvd frames until id received */
|
2001-12-19 21:14:49 +00:00
|
|
|
} cstate;
|
|
|
|
|
|
|
|
/* All the state data for one serial line */
|
|
|
|
typedef struct {
|
2002-05-22 09:49:28 +00:00
|
|
|
cstate rstate[TCP_SIMUL_CONV_MAX]; /* receive connection states (array) */
|
|
|
|
guint8 recv_current; /* most recent rcvd id */
|
2001-12-19 21:14:49 +00:00
|
|
|
} slcompress;
|
|
|
|
|
|
|
|
/* Initialize the protocol and registered fields */
|
|
|
|
static int proto_vj = -1;
|
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
static int hf_vj_change_mask = -1;
|
|
|
|
static int hf_vj_change_mask_c = -1;
|
|
|
|
static int hf_vj_change_mask_i = -1;
|
|
|
|
static int hf_vj_change_mask_p = -1;
|
|
|
|
static int hf_vj_change_mask_s = -1;
|
|
|
|
static int hf_vj_change_mask_a = -1;
|
|
|
|
static int hf_vj_change_mask_w = -1;
|
|
|
|
static int hf_vj_change_mask_u = -1;
|
|
|
|
static int hf_vj_connection_number = -1;
|
|
|
|
static int hf_vj_tcp_cksum = -1;
|
|
|
|
static int hf_vj_urp = -1;
|
|
|
|
static int hf_vj_win_delta = -1;
|
|
|
|
static int hf_vj_ack_delta = -1;
|
|
|
|
static int hf_vj_seq_delta = -1;
|
|
|
|
static int hf_vj_ip_id_delta = -1;
|
|
|
|
|
|
|
|
static gint ett_vj = -1;
|
|
|
|
static gint ett_vj_changes = -1;
|
|
|
|
|
2001-12-19 21:14:49 +00:00
|
|
|
/* Protocol handles */
|
2002-02-18 01:08:44 +00:00
|
|
|
static dissector_handle_t ip_handle;
|
2001-12-19 21:14:49 +00:00
|
|
|
static dissector_handle_t data_handle;
|
|
|
|
|
|
|
|
/* State repository (Full Duplex) */
|
|
|
|
#define RX_TX_STATE_COUNT 2
|
|
|
|
static slcompress *rx_tx_state[RX_TX_STATE_COUNT] = {NULL, NULL};
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-12-19 21:14:49 +00:00
|
|
|
/* Mem Chunks for storing decompressed headers */
|
2001-12-19 22:39:59 +00:00
|
|
|
typedef struct {
|
2002-05-20 00:56:30 +00:00
|
|
|
int offset; /* uppermost bit is "can't dissect" flag */
|
2001-12-19 22:39:59 +00:00
|
|
|
guint8 data[VJ_DATA_SIZE];
|
|
|
|
} vj_header_t;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-12-19 21:14:49 +00:00
|
|
|
/* Function prototypes */
|
2002-05-20 00:56:30 +00:00
|
|
|
static int get_unsigned_delta(tvbuff_t *tvb, int *offsetp, int hf,
|
|
|
|
proto_tree *tree);
|
|
|
|
static int get_signed_delta(tvbuff_t *tvb, int *offsetp, int hf,
|
|
|
|
proto_tree *tree);
|
2001-12-19 21:14:49 +00:00
|
|
|
static guint16 ip_csum(const guint8 *ptr, guint32 len);
|
2002-05-20 00:56:30 +00:00
|
|
|
static slcompress *slhc_init(void);
|
|
|
|
static gint vjc_process(tvbuff_t *src_tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
|
slcompress *comp);
|
|
|
|
static gint vjc_tvb_setup(tvbuff_t *src_tvb, tvbuff_t **dst_tvb,
|
|
|
|
packet_info *pinfo);
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Dissector for VJ Uncompressed packets */
|
|
|
|
static void
|
|
|
|
dissect_vjuc(tvbuff_t *tvb, packet_info *pinfo, proto_tree * tree)
|
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
proto_item *ti;
|
|
|
|
proto_tree *vj_tree = NULL;
|
|
|
|
slcompress *comp;
|
2002-05-22 09:49:28 +00:00
|
|
|
int i;
|
2002-05-20 00:56:30 +00:00
|
|
|
gint conn_index;
|
2002-05-22 09:49:28 +00:00
|
|
|
cstate *cs = NULL;
|
|
|
|
guint8 ihl;
|
|
|
|
guint8 thl;
|
|
|
|
guint8 *buffer;
|
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
gint isize = tvb_length(tvb);
|
2002-07-15 09:56:04 +00:00
|
|
|
gint ipsize;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PPP VJ");
|
2002-05-20 00:56:30 +00:00
|
|
|
|
|
|
|
if(tree != NULL) {
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_vj, tvb, 0, -1,
|
|
|
|
"PPP VJ Compression: Uncompressed data");
|
|
|
|
vj_tree = proto_item_add_subtree(ti, ett_vj);
|
|
|
|
}
|
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
if(pinfo->p2p_dir == P2P_DIR_UNKNOWN) {
|
|
|
|
/* Direction of the traffic unknown - can't update state */
|
|
|
|
comp = NULL;
|
|
|
|
} else {
|
2002-05-22 10:15:28 +00:00
|
|
|
/* Get state for that direction */
|
2002-05-22 09:49:28 +00:00
|
|
|
comp = rx_tx_state[pinfo->p2p_dir];
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check to make sure we can fetch the connection index.
|
|
|
|
*/
|
|
|
|
if(!tvb_bytes_exist(tvb, IP_FIELD_PROTOCOL, 1)) {
|
|
|
|
/*
|
|
|
|
* We don't. We can't even mark a connection as non-decompressable,
|
|
|
|
* as we don't know which connection this is. Mark them all as
|
|
|
|
* non-decompressable.
|
|
|
|
*/
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (not enough data available)");
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL)
|
2002-05-22 09:49:28 +00:00
|
|
|
call_dissector(data_handle, tvb, pinfo, tree);
|
|
|
|
if(comp != NULL) {
|
|
|
|
for(i = 0; i < TCP_SIMUL_CONV_MAX; i++)
|
|
|
|
comp->rstate[i].flags |= SLF_TOSS;
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
return;
|
|
|
|
}
|
2002-05-18 21:19:48 +00:00
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
/* Get connection index */
|
|
|
|
conn_index = tvb_get_guint8(tvb, IP_FIELD_PROTOCOL);
|
|
|
|
if(tree != NULL)
|
|
|
|
proto_tree_add_uint(vj_tree, hf_vj_connection_number, tvb,
|
|
|
|
IP_FIELD_PROTOCOL, 1, conn_index);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update the current connection, and get a pointer to its state.
|
|
|
|
*/
|
|
|
|
if(comp != NULL) {
|
|
|
|
comp->recv_current = conn_index;
|
|
|
|
cs = &comp->rstate[conn_index];
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the IP header length */
|
|
|
|
ihl = tvb_get_guint8(tvb, 0) & IP_HDR_LEN_MASK;
|
|
|
|
ihl <<= 2;
|
|
|
|
|
|
|
|
/* Check IP header length */
|
|
|
|
if(ihl < IP_HDR_LEN) {
|
|
|
|
if(check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (IP header length (%u) < %u)",
|
|
|
|
ihl, IP_HDR_LEN);
|
|
|
|
}
|
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
2002-05-20 00:56:30 +00:00
|
|
|
return;
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
/* Make sure we have the full IP header */
|
|
|
|
if(isize < ihl) {
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (not enough data available)");
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL)
|
2002-05-22 09:49:28 +00:00
|
|
|
call_dissector(data_handle, tvb, pinfo, tree);
|
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
2002-05-20 00:56:30 +00:00
|
|
|
return;
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP");
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
/*
|
|
|
|
* Copy packet data to a buffer, and replace the connection index with
|
|
|
|
* the protocol type (which is always TCP), to give the actual IP header.
|
|
|
|
*/
|
2004-02-25 09:31:07 +00:00
|
|
|
buffer = tvb_memdup(tvb, 0, isize);
|
2002-05-22 09:49:28 +00:00
|
|
|
buffer[IP_FIELD_PROTOCOL] = IP_PROTO_TCP;
|
|
|
|
|
|
|
|
/* Check IP checksum */
|
|
|
|
if(ip_csum(buffer, ihl) != ZERO) {
|
|
|
|
/*
|
|
|
|
* Checksum invalid - don't update state, and don't decompress
|
|
|
|
* any subsequent compressed packets in this direction.
|
|
|
|
*/
|
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
|
|
|
cs = NULL; /* disable state updates */
|
|
|
|
} else {
|
|
|
|
/* Do we have the TCP header length in the tvbuff? */
|
|
|
|
if(!tvb_bytes_exist(tvb, ihl + TCP_FIELD_HDR_LEN, 1)) {
|
|
|
|
/* We don't, so we can't provide enough data for decompression */
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (not enough data available)");
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
|
|
|
cs = NULL; /* disable state updates */
|
|
|
|
} else {
|
|
|
|
/* Get the TCP header length */
|
|
|
|
thl = tvb_get_guint8(tvb, ihl + TCP_FIELD_HDR_LEN);
|
|
|
|
thl = ((thl & 0xf0) >> 4) * 4;
|
|
|
|
|
|
|
|
/* Check TCP header length */
|
|
|
|
if(thl < TCP_HDR_LEN) {
|
|
|
|
if(check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (TCP header length (%u) < %u)",
|
|
|
|
thl, TCP_HDR_LEN);
|
|
|
|
}
|
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
|
|
|
cs = NULL; /* disable state updates */
|
|
|
|
} else {
|
|
|
|
/* Make sure we have the full TCP header */
|
|
|
|
if(isize < thl) {
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ uncompressed TCP (not enough data available)");
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
|
|
|
cs = NULL; /* disable state updates */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If packet seen for first time, update state if we have state and can
|
|
|
|
* update it.
|
|
|
|
*/
|
|
|
|
if(!pinfo->fd->flags.visited) {
|
|
|
|
if(cs != NULL) {
|
|
|
|
cs->flags &= ~SLF_TOSS;
|
|
|
|
memcpy(&cs->cs_ip, &buffer[0], IP_HDR_LEN);
|
|
|
|
memcpy(&cs->cs_tcp, &buffer[ihl], TCP_HDR_LEN);
|
|
|
|
if(ihl > IP_HDR_LEN)
|
|
|
|
memcpy(cs->cs_ipopt, &buffer[sizeof(iphdr_type)], ihl - IP_HDR_LEN);
|
|
|
|
if(TCP_OFFSET(&(cs->cs_tcp)) > 5)
|
|
|
|
memcpy(cs->cs_tcpopt, &buffer[ihl + sizeof(tcphdr_type)],
|
|
|
|
(TCP_OFFSET(&(cs->cs_tcp)) - 5) * 4);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/*
|
2002-05-22 09:49:28 +00:00
|
|
|
* Set up tvbuff containing packet with protocol type.
|
|
|
|
* Neither header checksum is recalculated.
|
2002-07-15 09:56:04 +00:00
|
|
|
*
|
|
|
|
* Use the length field from the IP header as the reported length;
|
|
|
|
* use the minimum of that and the number of bytes we got from
|
|
|
|
* the tvbuff as the actual length, just in case the tvbuff we were
|
|
|
|
* handed includes part or all of the FCS (because the FCS preference
|
|
|
|
* for the PPP dissector doesn't match the FCS size in this session).
|
2002-05-22 09:49:28 +00:00
|
|
|
*/
|
2002-07-15 09:56:04 +00:00
|
|
|
ipsize = pntohs(&buffer[IP_FIELD_TOT_LEN]);
|
|
|
|
if (ipsize < isize)
|
|
|
|
isize = ipsize;
|
2009-05-13 19:46:11 +00:00
|
|
|
next_tvb = tvb_new_child_real_data(tvb, buffer, isize, ipsize);
|
2009-10-06 19:15:58 +00:00
|
|
|
tvb_set_free_cb(next_tvb, g_free);
|
2002-06-04 07:03:57 +00:00
|
|
|
add_new_data_source(pinfo, next_tvb, "VJ Uncompressed");
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/*
|
2002-05-22 09:49:28 +00:00
|
|
|
* Call IP dissector.
|
2002-05-20 00:56:30 +00:00
|
|
|
*/
|
|
|
|
call_dissector(ip_handle, next_tvb, pinfo, tree);
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Dissector for VJ Compressed packets */
|
|
|
|
static void
|
|
|
|
dissect_vjc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
proto_item *ti;
|
|
|
|
proto_tree *vj_tree = NULL;
|
2001-12-19 21:14:49 +00:00
|
|
|
tvbuff_t *next_tvb = NULL;
|
|
|
|
slcompress *comp = NULL;
|
2002-05-20 00:56:30 +00:00
|
|
|
gint err = VJ_ERROR;
|
2002-05-18 21:19:48 +00:00
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PPP VJ");
|
2002-05-18 21:19:48 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL) {
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_vj, tvb, 0, -1,
|
|
|
|
"PPP VJ Compression: Compressed data");
|
|
|
|
vj_tree = proto_item_add_subtree(ti, ett_vj);
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-22 10:15:28 +00:00
|
|
|
if(!ppp_vj_decomp || pinfo->p2p_dir == P2P_DIR_UNKNOWN) {
|
|
|
|
/*
|
|
|
|
* VJ decompression turned off, so we shouldn't decompress, or
|
|
|
|
* direction of the traffic unknown, so we can't decompress.
|
|
|
|
*/
|
|
|
|
comp = NULL;
|
|
|
|
} else {
|
|
|
|
/* Get state for that direction */
|
|
|
|
comp = rx_tx_state[pinfo->p2p_dir];
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/* Process the compressed data header */
|
|
|
|
if(vjc_process(tvb, pinfo, vj_tree, comp) == VJ_ERROR)
|
|
|
|
return;
|
|
|
|
|
2002-05-22 10:15:28 +00:00
|
|
|
/* Decompression possible - set up tvb containing decompressed packet */
|
2002-05-20 00:56:30 +00:00
|
|
|
err = vjc_tvb_setup(tvb, &next_tvb, pinfo);
|
|
|
|
if(err == VJ_ERROR) {
|
|
|
|
if(tree != NULL)
|
|
|
|
call_dissector(data_handle, tvb, pinfo, vj_tree);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* No errors, so call IP dissector */
|
|
|
|
call_dissector(ip_handle, next_tvb, pinfo, tree);
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Initialization function */
|
2002-08-28 21:04:11 +00:00
|
|
|
static void
|
2001-12-19 21:14:49 +00:00
|
|
|
vj_init(void)
|
|
|
|
{
|
|
|
|
gint i = ZERO;
|
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
for(i = 0; i < RX_TX_STATE_COUNT; i++) {
|
2002-05-20 00:56:30 +00:00
|
|
|
rx_tx_state[i] = slhc_init();
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Initialization routine for VJ decompression */
|
|
|
|
static slcompress *
|
2002-05-20 00:56:30 +00:00
|
|
|
slhc_init(void)
|
2001-12-19 21:14:49 +00:00
|
|
|
{
|
2010-01-02 09:46:16 +00:00
|
|
|
slcompress *comp = se_alloc0(sizeof(slcompress));
|
2002-05-22 09:49:28 +00:00
|
|
|
int i;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-22 09:49:28 +00:00
|
|
|
/*
|
|
|
|
* Initialize the state; there is no current connection, and
|
|
|
|
* we have no header data for any of the connections, as we
|
|
|
|
* haven't yet seen an uncompressed frame.
|
|
|
|
*/
|
|
|
|
comp->recv_current = TCP_SIMUL_CONV_MAX - 1;
|
|
|
|
for (i = 0; i < TCP_SIMUL_CONV_MAX; i++)
|
|
|
|
comp->rstate[i].flags |= SLF_TOSS;
|
2001-12-19 21:14:49 +00:00
|
|
|
return comp;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Setup the decompressed packet tvb for VJ compressed packets */
|
2002-08-28 21:04:11 +00:00
|
|
|
static gint
|
|
|
|
vjc_tvb_setup(tvbuff_t *src_tvb,
|
|
|
|
tvbuff_t **dst_tvb,
|
2002-05-20 00:56:30 +00:00
|
|
|
packet_info *pinfo)
|
2001-12-19 21:14:49 +00:00
|
|
|
{
|
2001-12-19 22:39:59 +00:00
|
|
|
vj_header_t *hdr_buf;
|
2002-05-20 00:56:30 +00:00
|
|
|
guint8 offset;
|
2001-12-19 22:39:59 +00:00
|
|
|
guint8 *data_ptr;
|
2002-05-20 00:56:30 +00:00
|
|
|
gint hdr_len;
|
2007-05-01 04:58:12 +00:00
|
|
|
gint tot_len;
|
2002-05-20 00:56:30 +00:00
|
|
|
gint buf_len;
|
|
|
|
guint8 *pbuf;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2005-06-10 18:28:22 +00:00
|
|
|
DISSECTOR_ASSERT(src_tvb);
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Get decompressed header stored in fd protocol area */
|
2002-05-20 00:56:30 +00:00
|
|
|
hdr_buf = p_get_proto_data(pinfo->fd, proto_vj);
|
|
|
|
if(hdr_buf == NULL) {
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ compressed TCP (previous data bad or missing)");
|
2001-12-19 21:14:49 +00:00
|
|
|
return VJ_ERROR;
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ compressed TCP");
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2001-12-19 22:39:59 +00:00
|
|
|
/* Get the data offset in the tvbuff */
|
|
|
|
offset = hdr_buf->offset;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Copy header and form tvb */
|
2001-12-19 22:39:59 +00:00
|
|
|
data_ptr = hdr_buf->data;
|
2007-05-01 04:58:12 +00:00
|
|
|
hdr_len = lo_nibble(data_ptr[0]) * 4;
|
|
|
|
hdr_len += hi_nibble(data_ptr[hdr_len + 12]) * 4;
|
2001-12-19 21:14:49 +00:00
|
|
|
buf_len = tvb_length(src_tvb) + hdr_len - offset;
|
2002-05-20 00:56:30 +00:00
|
|
|
pbuf = g_malloc(buf_len);
|
2001-12-19 22:39:59 +00:00
|
|
|
memcpy(pbuf, data_ptr, hdr_len);
|
2001-12-19 21:14:49 +00:00
|
|
|
tvb_memcpy(src_tvb, pbuf + hdr_len, offset, buf_len - hdr_len);
|
2007-05-01 04:58:12 +00:00
|
|
|
memcpy(&tot_len, data_ptr + 2, 2);
|
2009-05-13 19:46:11 +00:00
|
|
|
*dst_tvb = tvb_new_child_real_data(src_tvb, pbuf, buf_len, g_ntohs(tot_len));
|
2009-10-06 19:15:58 +00:00
|
|
|
tvb_set_free_cb(*dst_tvb, g_free);
|
2002-06-04 07:03:57 +00:00
|
|
|
add_new_data_source(pinfo, *dst_tvb, "VJ Decompressed");
|
2001-12-19 21:14:49 +00:00
|
|
|
return VJ_OK;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/*
|
|
|
|
* For VJ compressed packet:
|
|
|
|
*
|
|
|
|
* check if it is malformed;
|
|
|
|
* dissect the relevant fields;
|
|
|
|
* update the decompressor state on the first pass.
|
|
|
|
*/
|
2002-08-28 21:04:11 +00:00
|
|
|
static gint
|
2002-05-20 00:56:30 +00:00
|
|
|
vjc_process(tvbuff_t *src_tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
|
slcompress *comp)
|
2001-12-19 21:14:49 +00:00
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
int offset = ZERO;
|
2002-05-22 09:49:28 +00:00
|
|
|
int i;
|
2002-05-20 00:56:30 +00:00
|
|
|
gint changes;
|
|
|
|
proto_item *ti;
|
|
|
|
proto_tree *changes_tree;
|
|
|
|
guint8 conn_index;
|
2002-05-22 09:49:28 +00:00
|
|
|
cstate *cs = NULL;
|
|
|
|
iphdr_type *ip = NULL;
|
|
|
|
tcphdr_type *thp = NULL;
|
2002-05-20 00:56:30 +00:00
|
|
|
guint16 tcp_cksum;
|
|
|
|
gint hdrlen = ZERO;
|
|
|
|
guint16 word;
|
|
|
|
int delta;
|
|
|
|
gint len;
|
2001-12-19 22:39:59 +00:00
|
|
|
vj_header_t *buf_hdr;
|
|
|
|
guint8 *data_ptr;
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tvb_length(src_tvb) < 3){
|
2002-05-22 09:49:28 +00:00
|
|
|
/*
|
|
|
|
* We don't even have enough data for the change byte, so we can't
|
|
|
|
* determine which connection this is; mark all connections as
|
|
|
|
* non-decompressible.
|
|
|
|
*/
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ compressed TCP (not enough data available)");
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL)
|
|
|
|
call_dissector(data_handle, src_tvb, pinfo, tree);
|
2002-05-22 10:15:28 +00:00
|
|
|
if(comp != NULL) {
|
|
|
|
for(i = 0; i < TCP_SIMUL_CONV_MAX; i++)
|
|
|
|
comp->rstate[i].flags |= SLF_TOSS;
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
return VJ_ERROR;
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Read the change byte */
|
2002-05-20 00:56:30 +00:00
|
|
|
changes = tvb_get_guint8(src_tvb, offset);
|
|
|
|
if(tree != NULL) {
|
|
|
|
switch (changes & SPECIALS_MASK) {
|
|
|
|
|
|
|
|
case SPECIAL_I:
|
|
|
|
ti = proto_tree_add_uint_format(tree, hf_vj_change_mask, src_tvb,
|
|
|
|
offset, 1, changes,
|
|
|
|
"Change mask: 0x%02x (echoed interactive traffic)",
|
|
|
|
changes);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SPECIAL_D:
|
|
|
|
ti = proto_tree_add_uint_format(tree, hf_vj_change_mask, src_tvb,
|
|
|
|
offset, 1, changes,
|
|
|
|
"Change mask: 0x%02x (unidirectional data)",
|
|
|
|
changes);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* XXX - summarize bits?
|
|
|
|
*/
|
|
|
|
ti = proto_tree_add_uint_format(tree, hf_vj_change_mask, src_tvb,
|
|
|
|
offset, 1, changes,
|
|
|
|
"Change mask: 0x%02x", changes);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
changes_tree = proto_item_add_subtree(ti, ett_vj_changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_c, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_i, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_p, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_s, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_a, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_w, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
proto_tree_add_boolean(changes_tree, hf_vj_change_mask_u, src_tvb,
|
|
|
|
offset, 1, changes);
|
|
|
|
}
|
|
|
|
offset++;
|
|
|
|
|
|
|
|
if(changes & NEW_C){ /* Read conn index */
|
|
|
|
conn_index = tvb_get_guint8(src_tvb, offset);
|
|
|
|
if(tree != NULL)
|
|
|
|
proto_tree_add_uint(tree, hf_vj_connection_number, src_tvb, offset, 1,
|
|
|
|
conn_index);
|
|
|
|
offset++;
|
2002-05-22 10:15:28 +00:00
|
|
|
if(comp != NULL)
|
|
|
|
comp->recv_current = conn_index;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2002-05-22 09:49:28 +00:00
|
|
|
|
|
|
|
if(!pinfo->fd->flags.visited) {
|
|
|
|
/*
|
|
|
|
* This is the first time this frame has been seen, so we need
|
|
|
|
* state information to decompress it. If that information isn't
|
|
|
|
* available, don't use the state information, and don't update it,
|
|
|
|
* either.
|
|
|
|
*/
|
2002-05-22 10:15:28 +00:00
|
|
|
if(comp != NULL && !(comp->rstate[comp->recv_current].flags & SLF_TOSS)) {
|
2002-05-22 09:49:28 +00:00
|
|
|
cs = &comp->rstate[comp->recv_current];
|
|
|
|
thp = &cs->cs_tcp;
|
|
|
|
ip = &cs->cs_ip;
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Build TCP and IP headers */
|
2002-05-20 00:56:30 +00:00
|
|
|
tcp_cksum = tvb_get_ntohs(src_tvb, offset);
|
|
|
|
if(tree != NULL)
|
|
|
|
proto_tree_add_uint(tree, hf_vj_tcp_cksum, src_tvb, offset, 2, tcp_cksum);
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL) {
|
2002-05-20 00:56:30 +00:00
|
|
|
hdrlen = lo_nibble(ip->ihl_version) * 4 + TCP_OFFSET(thp) * 4;
|
2002-08-02 23:36:07 +00:00
|
|
|
thp->cksum = g_htons(tcp_cksum);
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
2002-04-14 23:22:22 +00:00
|
|
|
offset += 2;
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL) {
|
2002-05-20 00:56:30 +00:00
|
|
|
if(changes & CHANGE_PUSH_BIT)
|
|
|
|
thp->flags |= TCP_PUSH_BIT;
|
|
|
|
else
|
|
|
|
thp->flags &= ~TCP_PUSH_BIT;
|
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
|
|
|
/* Deal with special cases and normal deltas */
|
|
|
|
switch(changes & SPECIALS_MASK){
|
2010-01-26 15:54:12 +00:00
|
|
|
guint32 tmp;
|
2001-12-19 21:14:49 +00:00
|
|
|
case SPECIAL_I: /* Echoed terminal traffic */
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL) {
|
2002-08-02 23:36:07 +00:00
|
|
|
word = g_ntohs(ip->tot_len) - hdrlen;
|
2010-01-26 15:54:12 +00:00
|
|
|
tmp = g_ntohl(thp->ack_seq) + word;
|
|
|
|
thp->ack_seq = g_htonl(tmp);
|
|
|
|
tmp = g_ntohl(thp->seq) + word;
|
|
|
|
thp->seq = g_htonl(tmp);
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
break;
|
2001-12-19 21:14:49 +00:00
|
|
|
case SPECIAL_D: /* Unidirectional data */
|
2010-01-26 15:54:12 +00:00
|
|
|
if(cs != NULL) {
|
|
|
|
tmp = g_ntohl(thp->seq) + g_ntohs(ip->tot_len) - hdrlen;
|
|
|
|
thp->seq = g_htonl(tmp);
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
break;
|
2001-12-19 21:14:49 +00:00
|
|
|
default:
|
|
|
|
if(changes & NEW_U){
|
2002-05-20 00:56:30 +00:00
|
|
|
delta = get_unsigned_delta(src_tvb, &offset, hf_vj_urp, tree);
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL) {
|
2002-05-20 00:56:30 +00:00
|
|
|
thp->urg_ptr = delta;
|
|
|
|
thp->flags |= TCP_URG_BIT;
|
|
|
|
}
|
|
|
|
} else {
|
2002-05-22 09:49:28 +00:00
|
|
|
if(cs != NULL)
|
2002-05-20 00:56:30 +00:00
|
|
|
thp->flags &= ~TCP_URG_BIT;
|
|
|
|
}
|
|
|
|
if(changes & NEW_W) {
|
|
|
|
delta = get_signed_delta(src_tvb, &offset, hf_vj_win_delta, tree);
|
2010-01-26 15:54:12 +00:00
|
|
|
if(cs != NULL) {
|
|
|
|
tmp = g_ntohs(thp->window) + delta;
|
|
|
|
thp->window = g_htons(tmp);
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
if(changes & NEW_A) {
|
|
|
|
delta = get_unsigned_delta(src_tvb, &offset, hf_vj_ack_delta, tree);
|
2010-01-26 15:54:12 +00:00
|
|
|
if(cs != NULL) {
|
|
|
|
tmp = g_ntohl(thp->ack_seq) + delta;
|
|
|
|
thp->ack_seq = g_htonl(tmp);
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
if(changes & NEW_S) {
|
|
|
|
delta = get_unsigned_delta(src_tvb, &offset, hf_vj_seq_delta, tree);
|
2010-01-26 15:54:12 +00:00
|
|
|
if(cs != NULL) {
|
|
|
|
tmp = g_ntohl(thp->seq) + delta;
|
|
|
|
thp->seq = g_htonl(tmp);
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
}
|
|
|
|
break;
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
if(changes & NEW_I)
|
2002-05-20 00:56:30 +00:00
|
|
|
delta = get_unsigned_delta(src_tvb, &offset, hf_vj_ip_id_delta, tree);
|
2001-12-19 21:14:49 +00:00
|
|
|
else
|
2002-05-20 00:56:30 +00:00
|
|
|
delta = 1;
|
2010-01-26 15:54:12 +00:00
|
|
|
if(cs != NULL) {
|
|
|
|
guint32 tmp;
|
|
|
|
tmp = g_ntohs(ip->id) + delta;
|
|
|
|
ip->id = g_htons(tmp);
|
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
|
|
|
|
/* Compute IP packet length and the buffer length needed */
|
|
|
|
len = tvb_reported_length_remaining(src_tvb, offset);
|
|
|
|
if(len < ZERO) {
|
|
|
|
/*
|
|
|
|
* This shouldn't happen, as we *were* able to fetch stuff right before
|
|
|
|
* offset.
|
|
|
|
*/
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ compressed TCP (not enough data available)");
|
2002-05-22 10:15:28 +00:00
|
|
|
if(cs != NULL)
|
|
|
|
cs->flags |= SLF_TOSS;
|
|
|
|
return VJ_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Show the TCP payload */
|
|
|
|
if(tree != NULL && tvb_offset_exists(src_tvb, offset))
|
|
|
|
proto_tree_add_text(tree, src_tvb, offset, -1, "TCP payload");
|
|
|
|
|
|
|
|
/* Nothing more to do if we don't have any compression state */
|
|
|
|
if(comp == NULL) {
|
|
|
|
/* Direction of the traffic unknown - can't decompress */
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "VJ compressed TCP (direction unknown)");
|
2001-12-19 21:14:49 +00:00
|
|
|
return VJ_ERROR;
|
|
|
|
}
|
|
|
|
|
2005-08-12 21:21:49 +00:00
|
|
|
if((cs != NULL) && (!pinfo->fd->flags.visited)) {
|
2002-05-20 00:56:30 +00:00
|
|
|
len += hdrlen;
|
2002-08-02 23:36:07 +00:00
|
|
|
ip->tot_len = g_htons(len);
|
2002-05-20 00:56:30 +00:00
|
|
|
/* Compute IP check sum */
|
|
|
|
ip->cksum = ZERO;
|
|
|
|
ip->cksum = ip_csum((guint8 *)ip, lo_nibble(ip->ihl_version) * 4);
|
|
|
|
|
|
|
|
/* Store the reconstructed header in frame data area */
|
2005-08-12 21:21:49 +00:00
|
|
|
buf_hdr = se_alloc(sizeof (vj_header_t));
|
2002-05-20 00:56:30 +00:00
|
|
|
buf_hdr->offset = offset; /* Offset in tvbuff is also stored */
|
|
|
|
data_ptr = buf_hdr->data;
|
|
|
|
memcpy(data_ptr, ip, IP_HDR_LEN);
|
|
|
|
data_ptr += IP_HDR_LEN;
|
|
|
|
if(lo_nibble(ip->ihl_version) > 5) {
|
|
|
|
memcpy(data_ptr, cs->cs_ipopt, (lo_nibble(ip->ihl_version) - 5) * 4);
|
|
|
|
data_ptr += (lo_nibble(ip->ihl_version) - 5) * 4;
|
|
|
|
}
|
|
|
|
memcpy(data_ptr, thp, TCP_HDR_LEN);
|
|
|
|
data_ptr += TCP_HDR_LEN;
|
|
|
|
if(TCP_OFFSET(thp) > 5)
|
|
|
|
memcpy(data_ptr, cs->cs_tcpopt, (TCP_OFFSET(thp) - 5) * 4);
|
|
|
|
p_add_proto_data(pinfo->fd, proto_vj, buf_hdr);
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return VJ_OK;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/*
|
|
|
|
* Get an unsigned delta for a field, and put it into the protocol tree if
|
|
|
|
* we're building a protocol tree.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
get_unsigned_delta(tvbuff_t *tvb, int *offsetp, int hf, proto_tree *tree)
|
2001-12-19 21:14:49 +00:00
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
int offset = *offsetp;
|
|
|
|
int len;
|
|
|
|
guint16 del;
|
|
|
|
|
|
|
|
len = 1;
|
|
|
|
del = tvb_get_guint8(tvb, offset++);
|
2001-12-19 21:14:49 +00:00
|
|
|
if(del == ZERO){
|
2002-05-20 00:56:30 +00:00
|
|
|
del = tvb_get_ntohs(tvb, offset);
|
|
|
|
offset += 2;
|
|
|
|
len += 2;
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL)
|
|
|
|
proto_tree_add_uint(tree, hf, tvb, *offsetp, len, del);
|
|
|
|
*offsetp = offset;
|
|
|
|
return del;
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/*
|
|
|
|
* Get a signed delta for a field, and put it into the protocol tree if
|
|
|
|
* we're building a protocol tree.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
get_signed_delta(tvbuff_t *tvb, int *offsetp, int hf, proto_tree *tree)
|
2001-12-19 21:14:49 +00:00
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
int offset = *offsetp;
|
|
|
|
int len;
|
|
|
|
gint16 del;
|
|
|
|
|
|
|
|
len = 1;
|
|
|
|
del = tvb_get_guint8(tvb, offset++);
|
2001-12-19 21:14:49 +00:00
|
|
|
if(del == ZERO){
|
2002-05-20 00:56:30 +00:00
|
|
|
del = tvb_get_ntohs(tvb, offset);
|
|
|
|
offset += 2;
|
|
|
|
len += 2;
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
2002-05-20 00:56:30 +00:00
|
|
|
if(tree != NULL)
|
|
|
|
proto_tree_add_int(tree, hf, tvb, *offsetp, len, del);
|
|
|
|
*offsetp = offset;
|
|
|
|
return del;
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
/* Wrapper for in_cksum function */
|
2002-08-28 21:04:11 +00:00
|
|
|
static guint16
|
2001-12-19 21:14:49 +00:00
|
|
|
ip_csum(const guint8 * ptr, guint32 len)
|
|
|
|
{
|
2002-05-20 00:56:30 +00:00
|
|
|
vec_t cksum_vec[1];
|
2001-12-19 21:14:49 +00:00
|
|
|
|
2002-05-20 00:56:30 +00:00
|
|
|
cksum_vec[0].ptr = ptr;
|
|
|
|
cksum_vec[0].len = len;
|
|
|
|
return in_cksum(&cksum_vec[0], 1);
|
2001-12-19 21:14:49 +00:00
|
|
|
}
|
2009-01-28 21:52:57 +00:00
|
|
|
|
|
|
|
/* Registration functions for dissectors */
|
|
|
|
void
|
|
|
|
proto_register_vj(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_vj_change_mask,
|
|
|
|
{ "Change mask", "vj.change_mask", FT_UINT8, BASE_HEX,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_change_mask_c,
|
|
|
|
{ "Connection changed", "vj.change_mask_c", FT_BOOLEAN, 8,
|
|
|
|
NULL, NEW_C, "Connection number changed", HFILL }},
|
|
|
|
{ &hf_vj_change_mask_i,
|
|
|
|
{ "IP ID change != 1", "vj.change_mask_i", FT_BOOLEAN, 8,
|
|
|
|
NULL, NEW_I, "IP ID changed by a value other than 1", HFILL }},
|
|
|
|
{ &hf_vj_change_mask_p,
|
|
|
|
{ "Push bit set", "vj.change_mask_p", FT_BOOLEAN, 8,
|
|
|
|
NULL, CHANGE_PUSH_BIT, "TCP PSH flag set", HFILL }},
|
|
|
|
{ &hf_vj_change_mask_s,
|
|
|
|
{ "Sequence number changed", "vj.change_mask_s", FT_BOOLEAN, 8,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, NEW_S, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_change_mask_a,
|
|
|
|
{ "Ack number changed", "vj.change_mask_a", FT_BOOLEAN, 8,
|
|
|
|
NULL, NEW_A, "Acknowledgement sequence number changed", HFILL }},
|
|
|
|
{ &hf_vj_change_mask_w,
|
|
|
|
{ "Window changed", "vj.change_mask_w", FT_BOOLEAN, 8,
|
|
|
|
NULL, NEW_W, "TCP window changed", HFILL }},
|
|
|
|
{ &hf_vj_change_mask_u,
|
|
|
|
{ "Urgent pointer set", "vj.change_mask_u", FT_BOOLEAN, 8,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, NEW_U, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_connection_number,
|
|
|
|
{ "Connection number", "vj.connection_number", FT_UINT8, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_tcp_cksum,
|
|
|
|
{ "TCP checksum", "vj.tcp_cksum", FT_UINT16, BASE_HEX,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_urp,
|
|
|
|
{ "Urgent pointer", "vj.urp", FT_UINT16, BASE_DEC,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2009-01-28 21:52:57 +00:00
|
|
|
{ &hf_vj_win_delta,
|
|
|
|
{ "Window delta", "vj.win_delta", FT_INT16, BASE_DEC,
|
|
|
|
NULL, 0x0, "Delta for window", HFILL }},
|
|
|
|
{ &hf_vj_ack_delta,
|
|
|
|
{ "Ack delta", "vj.ack_delta", FT_UINT16, BASE_DEC,
|
|
|
|
NULL, 0x0, "Delta for acknowledgment sequence number", HFILL }},
|
|
|
|
{ &hf_vj_seq_delta,
|
|
|
|
{ "Sequence delta", "vj.seq_delta", FT_UINT16, BASE_DEC,
|
|
|
|
NULL, 0x0, "Delta for sequence number", HFILL }},
|
|
|
|
{ &hf_vj_ip_id_delta,
|
|
|
|
{ "IP ID delta", "vj.ip_id_delta", FT_UINT16, BASE_DEC,
|
|
|
|
NULL, 0x0, "Delta for IP ID", HFILL }},
|
|
|
|
};
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_vj,
|
|
|
|
&ett_vj_changes,
|
|
|
|
};
|
|
|
|
|
|
|
|
proto_vj = proto_register_protocol("PPP VJ Compression", "PPP VJ", "vj");
|
|
|
|
proto_register_field_array(proto_vj, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
register_init_routine(&vj_init);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_vj(void)
|
|
|
|
{
|
|
|
|
dissector_handle_t vjc_handle;
|
|
|
|
dissector_handle_t vjuc_handle;
|
|
|
|
|
|
|
|
vjc_handle = create_dissector_handle(dissect_vjc, proto_vj);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("ppp.protocol", PPP_VJC_COMP, vjc_handle);
|
2009-01-28 21:52:57 +00:00
|
|
|
|
|
|
|
vjuc_handle = create_dissector_handle(dissect_vjuc, proto_vj);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("ppp.protocol", PPP_VJC_UNCOMP, vjuc_handle);
|
2009-01-28 21:52:57 +00:00
|
|
|
|
|
|
|
ip_handle = find_dissector("ip");
|
|
|
|
data_handle = find_dissector("data");
|
|
|
|
}
|
|
|
|
|