Add TSDNS (TeamSpeak 3 DNS) dissector
Change-Id: I1f828df1735bd10ef8849d208e10ea1339ba37e2 Reviewed-on: https://code.wireshark.org/review/26403 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
6db67117b5
commit
5490e4f8c4
|
@ -92,6 +92,7 @@ Ruby Marshal format
|
|||
S101 Lawo Emberplus transport frame
|
||||
STCSIG (Spirent Test Center Signature decoding for Ethernet and FibreChannel, disabled by default)
|
||||
systemd Journal Export
|
||||
TeamSpeak 3 DNS
|
||||
TDS (Sybase-specific portions of the protocol)
|
||||
TPM 2.0 protocol
|
||||
Ubiquiti Discovery Protocol (UBDP)
|
||||
|
|
|
@ -1753,6 +1753,7 @@ set(DISSECTOR_SRC
|
|||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tsp.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tte-pcf.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tte.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tsdns.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-turbocell.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-turnchannel.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tuxedo.c
|
||||
|
|
|
@ -0,0 +1,161 @@
|
|||
/* packet-dns.c
|
||||
* Routines for TSDNS (TeamSpeak3 DNS) packet disassembly
|
||||
* Copyright 2018, Maciej Krueger <mkg20001@gmail.com>
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <epan/packet.h>
|
||||
#include <epan/expert.h>
|
||||
#include <wsutil/strtoi.h>
|
||||
|
||||
#define TSDNS_PORT 41144 /* Not IANA registered */
|
||||
|
||||
void proto_register_tsdns(void);
|
||||
void proto_reg_handoff_tsdns(void);
|
||||
|
||||
static int proto_tsdns = -1;
|
||||
|
||||
static int hf_tsdns_data = -1;
|
||||
static int hf_tsdns_request = -1;
|
||||
static int hf_tsdns_request_domain = -1;
|
||||
static int hf_tsdns_response = -1;
|
||||
static int hf_tsdns_response_ip = -1;
|
||||
static int hf_tsdns_response_address = -1;
|
||||
static int hf_tsdns_response_port = -1;
|
||||
|
||||
static expert_field ei_response_port_malformed = EI_INIT;
|
||||
|
||||
static gint ett_tsdns = -1;
|
||||
|
||||
static int dissect_tsdns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
||||
{
|
||||
|
||||
int offset = 0;
|
||||
gboolean request = FALSE;
|
||||
|
||||
if (pinfo->destport == pinfo->match_uint) {
|
||||
request = TRUE;
|
||||
}
|
||||
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TSDNS");
|
||||
|
||||
int pLen = tvb_reported_length(tvb);
|
||||
|
||||
if (request) {
|
||||
col_set_str(pinfo->cinfo, COL_INFO, "Request");
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " %.*s", pLen - 5, tvb_get_string_enc(wmem_packet_scope(), tvb, 0, pLen - 5, ENC_ASCII|ENC_NA));
|
||||
} else {
|
||||
col_set_str(pinfo->cinfo, COL_INFO, "Response");
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " %.*s", pLen, tvb_get_string_enc(wmem_packet_scope(), tvb, 0, pLen, ENC_ASCII|ENC_NA));
|
||||
}
|
||||
|
||||
proto_tree *tsdns_tree;
|
||||
proto_item *ti, *hidden_item, *address_item;
|
||||
|
||||
ti = proto_tree_add_item(tree, proto_tsdns, tvb, offset, -1, ENC_NA);
|
||||
tsdns_tree = proto_item_add_subtree(ti, ett_tsdns);
|
||||
|
||||
hidden_item = proto_tree_add_item(tsdns_tree, hf_tsdns_data, tvb, offset, -1, ENC_ASCII|ENC_NA);
|
||||
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
||||
|
||||
if (request) { // request is DOMAIN\n\r\r\r\n
|
||||
hidden_item = proto_tree_add_boolean(tsdns_tree, hf_tsdns_request, tvb, 0, 0, 1); // using pLen - 5 as the last chars are \n\r\r\r\n which are just indicating the end of the request
|
||||
proto_tree_add_item(tsdns_tree, hf_tsdns_request_domain, tvb, offset, pLen - 5, ENC_ASCII|ENC_NA);
|
||||
} else { // response is IP:PORT
|
||||
hidden_item = proto_tree_add_boolean(tsdns_tree, hf_tsdns_response, tvb, 0, 0, 1);
|
||||
address_item = proto_tree_add_item(tsdns_tree, hf_tsdns_response_address, tvb, offset, pLen, ENC_ASCII|ENC_NA);
|
||||
gchar** splitAddress;
|
||||
splitAddress = wmem_strsplit(wmem_packet_scope(), tvb_format_text(tvb, 0, pLen), ":", 1); // unsure if TSDNS also does IPv6...
|
||||
if (splitAddress[1] == NULL) {
|
||||
expert_add_info(pinfo, address_item, &ei_response_port_malformed);
|
||||
} else {
|
||||
proto_tree_add_string(tsdns_tree, hf_tsdns_response_ip, tvb, 0, pLen, splitAddress[0]);
|
||||
guint32 port;
|
||||
if (ws_strtou32(splitAddress[1], NULL, &port))
|
||||
proto_tree_add_uint(tsdns_tree, hf_tsdns_response_port, tvb, 0, pLen, port);
|
||||
}
|
||||
}
|
||||
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
||||
|
||||
return tvb_captured_length(tvb);
|
||||
|
||||
} /* dissect_tsdns */
|
||||
|
||||
void proto_register_tsdns(void)
|
||||
{
|
||||
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_tsdns_data,
|
||||
{ "Data", "tsdns.data",
|
||||
FT_STRING, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_tsdns_request,
|
||||
{ "Request", "tsdns.request",
|
||||
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
||||
"TRUE if TSDNS Request", HFILL }},
|
||||
{ &hf_tsdns_request_domain,
|
||||
{ "Requested Domain", "tsdns.request.domain",
|
||||
FT_STRING, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_tsdns_response,
|
||||
{ "Response","tsdns.response",
|
||||
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
||||
"TRUE if TSDNS Response", HFILL }},
|
||||
{ &hf_tsdns_response_address,
|
||||
{ "Response Address","tsdns.response.address",
|
||||
FT_STRING, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_tsdns_response_ip,
|
||||
{ "Response IP","tsdns.response.ip",
|
||||
FT_STRING, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_tsdns_response_port,
|
||||
{ "Response Port","tsdns.response.port",
|
||||
FT_UINT16, BASE_DEC, NULL, 0x0,
|
||||
NULL, HFILL }}
|
||||
};
|
||||
|
||||
static ei_register_info ei[] = {
|
||||
{ &ei_response_port_malformed, { "tsdns.response.port.malformed", PI_MALFORMED, PI_ERROR, "Address port is not an integer or not contained in address", EXPFILL }}
|
||||
};
|
||||
expert_module_t* expert_tsdns;
|
||||
|
||||
static gint *ett[] = {
|
||||
&ett_tsdns
|
||||
};
|
||||
|
||||
proto_tsdns = proto_register_protocol("TeamSpeak3 DNS", "TSDNS", "tsdns");
|
||||
proto_register_field_array(proto_tsdns, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
expert_tsdns = expert_register_protocol(proto_tsdns);
|
||||
expert_register_field_array(expert_tsdns, ei, array_length(ei));
|
||||
}
|
||||
|
||||
void proto_reg_handoff_tsdns(void)
|
||||
{
|
||||
dissector_handle_t tsdns_handle;
|
||||
|
||||
tsdns_handle = create_dissector_handle(dissect_tsdns, proto_tsdns);
|
||||
|
||||
dissector_add_uint_with_preference("tcp.port", TSDNS_PORT, tsdns_handle);
|
||||
}
|
||||
|
||||
/*
|
||||
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
||||
*
|
||||
* Local variables:
|
||||
* c-basic-offset: 2
|
||||
* tab-width: 8
|
||||
* indent-tabs-mode: t
|
||||
* End:
|
||||
*
|
||||
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
||||
* :indentSize=8:tabSize=8:noTabs=false:
|
||||
*/
|
Loading…
Reference in New Issue