Add Object (file) export for files transferred over TFTP.

Updated following review comments. Change-Id: I56e70d8f8e332d2aea604ceec16c980ad890fa58 Reviewed-on: https://code.wireshark.org/review/1885 Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
2014-06-04 23:35:38 +01:00 · 2014-06-04 23:35:38 +01:00 · 29222aba7c
parent 6ac68b1fd5
commit 29222aba7c
8 changed files with 326 additions and 4 deletions
--- a/epan/dissectors/packet-tftp.c
+++ b/epan/dissectors/packet-tftp.c
@ -48,6 +48,9 @@
 #include <epan/expert.h>
 #include <epan/range.h>
 #include <epan/prefs.h>
+#include <epan/tap.h>
+
+#include "packet-tftp.h"

 void proto_register_tftp(void);

@ -55,6 +58,15 @@ void proto_register_tftp(void);
 typedef struct _tftp_conv_info_t {
  guint16  blocksize;
  gchar   *source_file, *destination_file;
+
+  /* Sequence analysis */
+  guint    next_block_num;
+  gboolean blocks_missing;
+
+  /* When exporting file object, build up list of data blocks here */
+  guint    next_tap_block_num;
+  GSList   *block_list;
+  guint    file_length;
 } tftp_conv_info_t;


@ -116,6 +128,8 @@ static const value_string tftp_error_code_vals[] = {
  { 0, NULL }
 };

+static int tftp_eo_tap = -1;
+
 static void
 tftp_dissect_options(tvbuff_t *tvb, packet_info *pinfo, int offset,
                     proto_tree *tree, guint16 opcode, tftp_conv_info_t *tftp_info)
@ -160,6 +174,24 @@ tftp_dissect_options(tvbuff_t *tvb, packet_info *pinfo, int offset,
  }
 }

+static void cleanup_tftp_blocks(tftp_conv_info_t *conv)
+{
+    GSList *block_iterator;
+
+    /* Walk list of block items */
+    for (block_iterator = conv->block_list; block_iterator; block_iterator = block_iterator->next) {
+        file_block_t *block = (file_block_t*)block_iterator->data;
+        /* Free block data */
+        wmem_free(NULL, block->data);
+
+        /* Free block itself */
+        g_free(block);
+    }
+    conv->block_list = NULL;
+    conv->file_length = 0;
+}
+
+
 static void dissect_tftp_message(tftp_conv_info_t *tftp_info,
                                 tvbuff_t *tvb, packet_info *pinfo,
                                 proto_tree *tree)
@ -172,6 +204,7 @@ static void dissect_tftp_message(tftp_conv_info_t *tftp_info,
  guint16     blocknum;
  guint       i1;
  guint16     error;
+  tvbuff_t    *data_tvb;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "TFTP");

@ -264,18 +297,99 @@ static void dissect_tftp_message(tftp_conv_info_t *tftp_info,
    proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2,
                        blocknum);

+    /* Sequence analysis on blocknums (first pass only) */
+    if (!pinfo->fd->flags.visited) {
+      if (blocknum > tftp_info->next_block_num) {
+        /* There is a gap.  Don't try to recover from this. */
+        tftp_info->next_block_num = blocknum + 1;
+        tftp_info->blocks_missing = TRUE;
+        /* TODO: add info to a result table for showing expert info in later passes */
+      }
+      else if (blocknum == tftp_info->next_block_num) {
+        /* OK, inc what we expect next */
+        tftp_info->next_block_num++;
+      }
+    }
    offset += 2;

+    /* Show number of bytes in this block, and whether it is the end of the file */
    bytes = tvb_reported_length_remaining(tvb, offset);
-
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i%s",
                    blocknum,
                    (bytes < tftp_info->blocksize)?" (last)":"" );

-    if (bytes != 0) {
-      tvbuff_t *data_tvb = tvb_new_subset(tvb, offset, -1, bytes);
+    /* Show data in tree */
+    if (bytes > 0) {
+      data_tvb = tvb_new_subset(tvb, offset, -1, bytes);
      call_dissector(data_handle, data_tvb, pinfo, tree);
    }
+
+    /* If Export Object tap is listening, need to accumulate blocks info list
+       to send to tap. But if already know there are blocks missing, there is no
+       point in trying. */
+    if (have_tap_listener(tftp_eo_tap) && !tftp_info->blocks_missing) {
+      file_block_t *block;
+
+      if (blocknum == 1) {
+        /* Reset data for this conversation, freeing any accumulated blocks! */
+        cleanup_tftp_blocks(tftp_info);
+        tftp_info->next_tap_block_num = 1;
+      }
+
+      if (blocknum != tftp_info->next_tap_block_num) {
+        /* Ignore.  Could be missing frames, or just clicking previous frame */
+        return;
+      }
+
+      if (bytes > 0) {
+        /* Create a block for this block */
+        block = (file_block_t*)g_malloc(sizeof(file_block_t));
+        block->length = bytes;
+        block->data = tvb_memdup(NULL, data_tvb, 0, bytes);
+
+        /* Add to the end of the list (does involve traversing whole list..) */
+        tftp_info->block_list = g_slist_append(tftp_info->block_list, block);
+        tftp_info->file_length += bytes;
+
+        /* Look for next blocknum next time */
+        tftp_info->next_tap_block_num++;
+      }
+
+      /* Tap export object only when reach end of file */
+      if (bytes < tftp_info->blocksize) {
+        tftp_eo_t        *eo_info;
+
+        /* If don't have a filename, won't tap file info */
+        if ((tftp_info->source_file == NULL) && (tftp_info->destination_file == NULL)) {
+            cleanup_tftp_blocks(tftp_info);
+            return;
+        }
+
+        /* Create the eo_info to pass to the listener */
+        eo_info = wmem_new(wmem_packet_scope(), tftp_eo_t);
+
+        /* Set filename */
+        if (tftp_info->source_file) {
+          eo_info->filename = g_strdup(tftp_info->source_file);
+        }
+        else if (tftp_info->destination_file) {
+          eo_info->filename = g_strdup(tftp_info->destination_file);
+        }
+
+        /* Send block list, which will be combined and freed at tap. */
+        eo_info->payload_len = tftp_info->file_length;
+        eo_info->pkt_num = blocknum;
+        eo_info->block_list = tftp_info->block_list;
+
+        /* Send to tap */
+        tap_queue_packet(tftp_eo_tap, pinfo, eo_info);
+
+        /* Have sent, so forget list of blocks, and only pay attention if we
+           get back to the first block again. */
+        tftp_info->block_list = NULL;
+        tftp_info->next_tap_block_num = 1;
+      }
+    }
    break;

  case TFTP_ACK:
@ -340,6 +454,12 @@ dissect_embeddedtftp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v
    tftp_info->blocksize = 512; /* TFTP default block size */
    tftp_info->source_file = NULL;
    tftp_info->destination_file = NULL;
+    tftp_info->next_block_num = 1;
+    tftp_info->blocks_missing = FALSE;
+    tftp_info->next_tap_block_num = 1;
+    tftp_info->block_list = NULL;
+    tftp_info->file_length = 0;
+
    conversation_add_proto_data(conversation, proto_tftp, tftp_info);
  }

@ -412,6 +532,11 @@ dissect_tftp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
    tftp_info->blocksize = 512; /* TFTP default block size */
    tftp_info->source_file = NULL;
    tftp_info->destination_file = NULL;
+    tftp_info->next_block_num = 1;
+    tftp_info->blocks_missing = FALSE;
+    tftp_info->next_tap_block_num = 1;
+    tftp_info->block_list = NULL;
+    tftp_info->file_length = 0;
    conversation_add_proto_data(conversation, proto_tftp, tftp_info);
  }

@ -501,6 +626,9 @@ proto_register_tftp(void)
                                  "Port numbers used for TFTP traffic "
                                  "(default " UDP_PORT_TFTP_RANGE ")",
                                  &global_tftp_port_range, MAX_UDP_PORT);
+
+  /* Register the tap for the "Export Object" function */
+  tftp_eo_tap = register_tap("tftp_eo"); /* TFTP Export Object tap */
 }

 void
--- a/epan/dissectors/packet-tftp.h
+++ b/epan/dissectors/packet-tftp.h
@ -0,0 +1,42 @@
+/* packet-tftp.h
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef __PACKET_TFTP_H__
+#define __PACKET_TFTP_H__
+
+#include <epan/packet.h>
+
+/* When export file data, store list of separate blocks */
+typedef struct file_block_t {
+  void *data;
+  guint length;
+} file_block_t;
+
+/* Used for TFTP Export Object feature */
+typedef struct _tftp_eo_t {
+	guint32  pkt_num;
+	gchar    *filename;
+	guint32  payload_len;
+	GSList   *block_list;
+} tftp_eo_t;
+
+
+#endif /* __PACKET_TFTP_H__ */
--- a/ui/Makefile.common
+++ b/ui/Makefile.common
@ -48,6 +48,7 @@ WIRESHARK_UI_SRC = \
 	export_object_dicom.c	\
 	export_object_http.c	\
 	export_object_smb.c	\
+	export_object_tftp.c	\
 	follow.c		\
 	iface_lists.c		\
 	io_graph_item.c		\
--- a/ui/export_object.h
+++ b/ui/export_object.h
@ -60,8 +60,11 @@ gboolean eo_http_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _
 	const void *data);
 gboolean eo_smb_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
 	const void *data);
+gboolean eo_tftp_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+	const void *data);

 void eo_smb_cleanup(void);
+void eo_tftp_cleanup(void);


 #ifdef __cplusplus
--- a/ui/export_object_tftp.c
+++ b/ui/export_object_tftp.c
@ -0,0 +1,139 @@
+/* export_object_tftp.c
+ * Routines for aving objects (files) found in TFTP sessions
+ * See also: export_object.c / export_object.h for common code
+ * Initial file, prototypes and general structure initially copied
+ * from export_object_smb.c
+ *
+ * Martin Mathieson
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ */
+
+#include "config.h"
+
+#include <glib.h>
+
+#include <epan/packet.h>
+#include <epan/dissectors/packet-tftp.h>
+#include <epan/tap.h>
+
+#include "export_object.h"
+
+/* A list of block list entries to delete from cleanup callback when window is closed. */
+typedef struct eo_info_dynamic_t {
+    gchar  *filename;
+    GSList *block_list;
+} eo_info_dynamic_t;
+static GSList *s_dynamic_info_list = NULL;
+
+/* Tap function */
+gboolean
+eo_tftp_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+           const void *data)
+{
+    export_object_list_t *object_list = (export_object_list_t *)tapdata;
+    const tftp_eo_t *eo_info = (const tftp_eo_t *)data;
+    export_object_entry_t *entry;
+
+    GSList *block_iterator;
+    guint  payload_data_offset = 0;
+    eo_info_dynamic_t *dynamic_info;
+
+    /* These values will be freed when the Export Object window is closed. */
+    entry = (export_object_entry_t*)g_malloc(sizeof(export_object_entry_t));
+
+    /* Remember which frame had the last block of the file */
+    entry->pkt_num = pinfo->fd->num;
+
+    /* Copy filename */
+    entry->filename = g_strdup(g_path_get_basename(eo_info->filename));
+
+    /* Iterate over list of blocks and concatenate into contiguous memory */
+    entry->payload_len = eo_info->payload_len;
+    entry->payload_data = (guint8 *)g_try_malloc((gsize)entry->payload_len);
+    for (block_iterator = eo_info->block_list; block_iterator; block_iterator = block_iterator->next) {
+        file_block_t *block = (file_block_t*)block_iterator->data;
+        memcpy(entry->payload_data + payload_data_offset,
+               block->data,
+               block->length);
+        payload_data_offset += block->length;
+    }
+
+    /* These 2 fields not used */
+    entry->hostname = NULL;
+    entry->content_type = NULL;
+
+    /* Add to list of entries to be cleaned up.  eo_info is only packet scope, so
+       need to make list only of block list now */
+    dynamic_info = (eo_info_dynamic_t*)g_malloc(sizeof(eo_info_dynamic_t));
+    dynamic_info->filename = eo_info->filename;
+    dynamic_info->block_list = eo_info->block_list;
+    s_dynamic_info_list = g_slist_append(s_dynamic_info_list, (eo_info_dynamic_t*)dynamic_info);
+
+    /* Pass out entry to the GUI */
+    object_list_add_entry(object_list, entry);
+
+    return TRUE; /* State changed - window should be redrawn */
+}
+
+/* Clean up the stored parts of a single tapped entry */
+static void cleanup_tftp_eo(eo_info_dynamic_t *dynamic_info)
+{
+    GSList *block_iterator;
+    /* Free the filename */
+    g_free(dynamic_info->filename);
+
+    /* Walk list of block items */
+    for (block_iterator = dynamic_info->block_list; block_iterator; block_iterator = block_iterator->next) {
+        file_block_t *block = (file_block_t*)(block_iterator->data);
+        /* Free block data */
+        wmem_free(NULL, block->data);
+
+        /* Free block itself */
+        g_free(block);
+    }
+}
+
+/* Callback for freeing up data supplied with taps.  The taps themselves only have
+   packet scope, so only store/free dynamic memory pointers */
+void eo_tftp_cleanup(void)
+{
+    /* Cleanup each entry in the global list */
+    GSList *dynamic_iterator;
+    for (dynamic_iterator = s_dynamic_info_list; dynamic_iterator; dynamic_iterator = dynamic_iterator->next) {
+        eo_info_dynamic_t *dynamic_info = (eo_info_dynamic_t*)dynamic_iterator->data;
+        cleanup_tftp_eo(dynamic_info);
+    }
+    /* List is empty again */
+    s_dynamic_info_list = NULL;
+}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
--- a/ui/gtk/export_object_dlg.c
+++ b/ui/gtk/export_object_dlg.c
@ -509,3 +509,10 @@ eo_smb_cb(GtkWidget *widget _U_, gpointer data _U_)
 	/* Call the export_object window */
 	export_object_window("smb_eo", "SMB", eo_smb_packet, eo_smb_cleanup);
 }
+
+void
+eo_tftp_cb(GtkWidget *widget _U_, gpointer data _U_)
+{
+	/* Call the export_object window */
+	export_object_window("tftp_eo", "TFTP", eo_tftp_packet, eo_tftp_cleanup);
+}
--- a/ui/gtk/export_object_dlg.h
+++ b/ui/gtk/export_object_dlg.h
@ -29,5 +29,6 @@
 void eo_dicom_cb(GtkWidget *widget _U_, gpointer data _U_);
 void eo_http_cb(GtkWidget *widget _U_, gpointer data _U_);
 void eo_smb_cb(GtkWidget *widget _U_, gpointer data _U_);
+void eo_tftp_cb(GtkWidget *widget _U_, gpointer data _U_);

 #endif /* __EXPORT_OBJECT_DLG_H__ */
--- a/ui/gtk/main_menubar.c
+++ b/ui/gtk/main_menubar.c
@ -994,6 +994,7 @@ static const char *ui_desc_menubar =
 "        <menuitem name='HTTP' action='/File/ExportObjects/HTTP'/>\n"
 "        <menuitem name='DICOM' action='/File/ExportObjects/DICOM'/>\n"
 "        <menuitem name='SMB' action='/File/ExportObjects/SMB'/>\n"
+"        <menuitem name='TFTP' action='/File/ExportObjects/TFTP'/>\n"
 "      </menu>\n"
 "      <separator/>\n"
 "      <menuitem name='Print' action='/File/Print'/>\n"
@ -1468,7 +1469,7 @@ static const GtkActionEntry main_menu_bar_entries[] = {
  { "/File/ExportObjects/HTTP",           NULL,       "_HTTP",                           NULL,                   NULL,           G_CALLBACK(eo_http_cb) },
  { "/File/ExportObjects/DICOM",          NULL,       "_DICOM",                          NULL,                   NULL,           G_CALLBACK(eo_dicom_cb) },
  { "/File/ExportObjects/SMB",            NULL,       "_SMB/SMB2",                            NULL,                   NULL,           G_CALLBACK(eo_smb_cb) },
-
+  { "/File/ExportObjects/TFTP",            NULL,       "_TFTP",                          NULL,                   NULL,           G_CALLBACK(eo_tftp_cb) },

  { "/Edit/Copy",                         NULL,       "Copy",                            NULL,                   NULL,           NULL },