From Thomas Boehne via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5324 :
As mentioned before, the heuristics used by packet-adwin-config were weak for UDP packets. This patch creates a stronger heuristic by checking if one of the MAC addresses in the UDP packets is in the range assigned to the manufacturer of the devices that use this protocol (or if it is a broadcast). That should be relatively safe to do because the protocol is rarely used in routed networks. svn path=/trunk/; revision=34654
This commit is contained in:
parent
758ee054ab
commit
945d917122
|
@ -374,6 +374,45 @@ dissect_TCPFlashUpdate(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *adwin
|
|||
ADWIN_ADD_BE(adwin_tree, data, offset, length);
|
||||
}
|
||||
|
||||
/* 00:50:c2:0a:2*:** */
|
||||
static char mac_iab_start[] = { 0x00, 0x50, 0xc2, 0x0a, 0x20, 0x00 };
|
||||
static char mac_iab_end[] = { 0x00, 0x50, 0xc2, 0x0a, 0x2f, 0xff };
|
||||
|
||||
/* 00:22:71:**:**:** */
|
||||
static char mac_oui_start[] = { 0x00, 0x22, 0x71, 0x00, 0x00, 0x00 };
|
||||
static char mac_oui_end[] = { 0x00, 0x22, 0x71, 0xff, 0xff, 0xff };
|
||||
|
||||
/* ff:ff:ff:ff:ff:ff */
|
||||
static char mac_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
|
||||
|
||||
/* return TRUE if mac is in mac address range assigned to ADwin or if
|
||||
* mac is broadcast */
|
||||
static gboolean
|
||||
is_adwin_mac_or_broadcast(address mac)
|
||||
{
|
||||
if (mac.type != AT_ETHER)
|
||||
return FALSE;
|
||||
|
||||
if (mac.len != 6) /* length of MAC address */
|
||||
return FALSE;
|
||||
|
||||
if ((memcmp(mac.data, mac_iab_start, mac.len) >= 0) &&
|
||||
(memcmp(mac.data, mac_iab_end , mac.len) <= 0))
|
||||
return TRUE;
|
||||
|
||||
if ((memcmp(mac.data, mac_oui_start, mac.len) >= 0) &&
|
||||
(memcmp(mac.data, mac_oui_end, mac.len) <= 0))
|
||||
return TRUE;
|
||||
|
||||
/* adwin configuration protocol uses MAC broadcasts for
|
||||
device discovery */
|
||||
if (memcmp(mac.data, mac_broadcast, mac.len) == 0)
|
||||
return TRUE;
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/* Here we determine which type of packet is sent by looking at its
|
||||
size. Let's hope that future ADwin packets always differ in size.
|
||||
They probably will, since the server classifies the packets
|
||||
|
@ -408,15 +447,18 @@ dissect_adwin_config(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
|| length == UDPInitAckLENGTH
|
||||
|| length == UDPIXP425FlashUpdateLENGTH
|
||||
|| length == UDPOutLENGTH))
|
||||
return (0);
|
||||
return 0;
|
||||
|
||||
if(pinfo->ipproto == IP_PROTO_TCP &&
|
||||
!(pinfo->srcport == ADWIN_CONFIGURATION_PORT
|
||||
|| pinfo->destport == ADWIN_CONFIGURATION_PORT))
|
||||
return(0);
|
||||
return 0;
|
||||
|
||||
if (pinfo->ipproto != IP_PROTO_UDP && pinfo->ipproto != IP_PROTO_TCP)
|
||||
return (0);
|
||||
return 0;
|
||||
|
||||
if (! (is_adwin_mac_or_broadcast(pinfo->dl_src) || is_adwin_mac_or_broadcast(pinfo->dl_dst)))
|
||||
return 0;
|
||||
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ADwin Config");
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
|
@ -428,7 +470,6 @@ dissect_adwin_config(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
adwin_config_tree = NULL;
|
||||
}
|
||||
|
||||
|
||||
switch (pinfo->ipproto) {
|
||||
case IP_PROTO_TCP:
|
||||
tcp_dissect_pdus(tvb, pinfo, tree, 1, 4, get_adwin_TCPUpdate_len, dissect_TCPFlashUpdate);
|
||||
|
@ -463,7 +504,7 @@ dissect_adwin_config(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
DISSECTOR_ASSERT_NOT_REACHED();
|
||||
}
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
col_add_str(pinfo->cinfo, COL_INFO,
|
||||
val_to_str(length, length_mapping,
|
||||
"Unknown ADwin Configuration packet, length: %d"));
|
||||
|
|
Loading…
Reference in New Issue