diff --git a/epan/dissectors/packet-imf.c b/epan/dissectors/packet-imf.c index 66a335c6de..bb6aeb1ff4 100644 --- a/epan/dissectors/packet-imf.c +++ b/epan/dissectors/packet-imf.c @@ -30,6 +30,8 @@ #include #include +#include + #include "packet-ber.h" #include "packet-http.h" #include "packet-imf.h" @@ -39,6 +41,8 @@ void proto_register_imf(void); void proto_reg_handoff_imf(void); +static int imf_eo_tap = -1; + #define PNAME "Internet Message Format" #define PSNAME "IMF" #define PFNAME "imf" @@ -692,6 +696,14 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) gboolean last_field = FALSE; tvbuff_t *next_tvb; struct imf_field *f_info; + imf_eo_t *eo_info = NULL; + + if (have_tap_listener(imf_eo_tap)) { + eo_info = wmem_new(wmem_packet_scope(), imf_eo_t); + /* initialize the eo_info fields in case they are missing later */ + eo_info->sender_data = ""; + eo_info->subject_data = ""; + } col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME); col_clear(pinfo->cinfo, COL_INFO); @@ -779,6 +791,15 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) col_append_fstr(pinfo->cinfo, COL_INFO, "%s: %s, ", f_info->name, tvb_format_text(tvb, value_offset, end_offset - value_offset - 2)); + + /* if sender or subject, store for sending to the tap */ + if (eo_info && have_tap_listener(imf_eo_tap)) { + if (*f_info->hf_id == hf_imf_from) { + eo_info->sender_data = tvb_get_string_enc(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2, ENC_ASCII|ENC_NA); + } else if(*f_info->hf_id == hf_imf_subject) { + eo_info->subject_data = tvb_get_string_enc(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2, ENC_ASCII|ENC_NA); + } + } } if(hf_id == hf_imf_content_type) { @@ -857,6 +878,15 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) start_offset = end_offset; } } + + if (eo_info && have_tap_listener(imf_eo_tap)) { + /* Set payload info */ + eo_info->payload_len = max_length; + eo_info->payload_data = (gchar *) tvb_memdup(wmem_packet_scope(), tvb, 0, max_length); + + /* Send to tap */ + tap_queue_packet(imf_eo_tap, pinfo, eo_info); + } return tvb_captured_length(tvb); } @@ -1271,6 +1301,9 @@ proto_register_imf(void) for(f = imf_fields; f->name; f++) g_hash_table_insert(imf_field_table, (gpointer)f->name, (gpointer)f); + /* Register for tapping */ + imf_eo_tap = register_tap("imf_eo"); /* IMF Export Object tap */ + } /* The registration hand-off routine */ @@ -1300,4 +1333,4 @@ proto_reg_handoff_imf(void) * * ex: set shiftwidth=2 tabstop=8 expandtab: * :indentSize=2:tabSize=8:noTabs=true: - */ + */ \ No newline at end of file diff --git a/epan/dissectors/packet-imf.h b/epan/dissectors/packet-imf.h index 568806410c..7e1717ea7c 100644 --- a/epan/dissectors/packet-imf.h +++ b/epan/dissectors/packet-imf.h @@ -22,11 +22,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#ifndef __PACKET_IMF_H__ +#define __PACKET_IMF_H__ + +#include + /* Find the end of the next IMF field in the tvb. * This is not necessarily the first \r\n as there may be continuation lines. * * If we have found the last field (terminated by \r\n\r\n) we indicate this in last_field . */ - int imf_find_field_end(tvbuff_t *tvb, int offset, gint max_length, gboolean *last_field); +/* Used for IMF Export Object feature */ +typedef struct _imf_eo_t { + gchar *filename; + gchar *sender_data; + gchar *subject_data; + guint32 payload_len; + gchar *payload_data; +} imf_eo_t; + +#endif /* __PACKET_IMF_H__ */ diff --git a/ui/CMakeLists.txt b/ui/CMakeLists.txt index 13a3df18c9..9b38bf9c93 100644 --- a/ui/CMakeLists.txt +++ b/ui/CMakeLists.txt @@ -31,6 +31,7 @@ set(COMMON_UI_SRC export_object.c export_object_dicom.c export_object_http.c + export_object_imf.c export_object_smb.c export_object_tftp.c export_pdu_ui_utils.c diff --git a/ui/Makefile.am b/ui/Makefile.am index 5a252e32cd..8359bf7358 100644 --- a/ui/Makefile.am +++ b/ui/Makefile.am @@ -58,6 +58,7 @@ WIRESHARK_UI_SRC = \ export_object.c \ export_object_dicom.c \ export_object_http.c \ + export_object_imf.c \ export_object_smb.c \ export_object_tftp.c \ export_pdu_ui_utils.c \ diff --git a/ui/export_object.h b/ui/export_object.h index b564fff5ce..af71eedbde 100644 --- a/ui/export_object.h +++ b/ui/export_object.h @@ -58,6 +58,8 @@ gboolean eo_dicom_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt const void *data); gboolean eo_http_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *data); +gboolean eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, + const void *data); gboolean eo_smb_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *data); gboolean eo_tftp_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, diff --git a/ui/export_object_imf.c b/ui/export_object_imf.c new file mode 100644 index 0000000000..5e4e275691 --- /dev/null +++ b/ui/export_object_imf.c @@ -0,0 +1,75 @@ +/* export_object_imf.c + * Routines for tracking & saving objects found in IMF streams + * See also: export_object.c / export_object.h for common code + * Copyright 2016, Moshe Kaplan + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + */ + +#include "config.h" + + +#include +#include + +#include "export_object.h" + + +gboolean +eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, + const void *data) +{ + export_object_list_t *object_list = (export_object_list_t *)tapdata; + const imf_eo_t *eo_info = (const imf_eo_t *)data; + export_object_entry_t *entry; + + if(eo_info) { /* We have data waiting for us */ + /* These values will be freed when the Export Object window + * is closed. */ + entry = (export_object_entry_t *)g_malloc(sizeof(export_object_entry_t)); + + entry->pkt_num = pinfo->num; + entry->hostname = NULL; + entry->content_type = g_strdup("EML file"); + entry->filename = g_strdup_printf("from_%s_subject_%s.eml", eo_info->sender_data, eo_info->subject_data); + entry->payload_len = eo_info->payload_len; + entry->payload_data = (guint8 *)g_memdup(eo_info->payload_data, + eo_info->payload_len); + + object_list_add_entry(object_list, entry); + + return TRUE; /* State changed - window should be redrawn */ + } else { + return FALSE; /* State unchanged - no window updates needed */ + } +} + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ diff --git a/ui/qt/export_object_dialog.cpp b/ui/qt/export_object_dialog.cpp index 83aac4b6d0..29126334ca 100644 --- a/ui/qt/export_object_dialog.cpp +++ b/ui/qt/export_object_dialog.cpp @@ -93,6 +93,11 @@ ExportObjectDialog::ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectT name_ = "HTTP"; tap_packet_ = eo_http_packet; break; + case Imf: + tap_name_ = "imf_eo"; + name_ = "IMF"; + tap_packet_ = eo_imf_packet; + break; case Smb: tap_name_ = "smb_eo"; name_ = "SMB"; diff --git a/ui/qt/export_object_dialog.h b/ui/qt/export_object_dialog.h index 507bfb9f75..9084017a80 100644 --- a/ui/qt/export_object_dialog.h +++ b/ui/qt/export_object_dialog.h @@ -57,7 +57,7 @@ class ExportObjectDialog : public WiresharkDialog Q_OBJECT public: - enum ObjectType { Dicom, Http, Smb, Tftp }; + enum ObjectType { Dicom, Http, Imf, Smb, Tftp }; explicit ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectType object_type); ~ExportObjectDialog(); diff --git a/ui/qt/main_window.h b/ui/qt/main_window.h index b0965fe02f..5c2a77a28c 100644 --- a/ui/qt/main_window.h +++ b/ui/qt/main_window.h @@ -389,6 +389,7 @@ private slots: void on_actionFileExportPacketBytes_triggered(); void on_actionFileExportObjectsDICOM_triggered(); void on_actionFileExportObjectsHTTP_triggered(); + void on_actionFileExportObjectsIMF_triggered(); void on_actionFileExportObjectsSMB_triggered(); void on_actionFileExportObjectsTFTP_triggered(); void on_actionFilePrint_triggered(); diff --git a/ui/qt/main_window.ui b/ui/qt/main_window.ui index 508b70a812..7c4085d6af 100644 --- a/ui/qt/main_window.ui +++ b/ui/qt/main_window.ui @@ -180,6 +180,7 @@ + @@ -1249,6 +1250,11 @@ &HTTP… + + + &IMF… + + &DICOM… diff --git a/ui/qt/main_window_slots.cpp b/ui/qt/main_window_slots.cpp index b6ce13de5b..c42a8b4d59 100644 --- a/ui/qt/main_window_slots.cpp +++ b/ui/qt/main_window_slots.cpp @@ -1878,6 +1878,11 @@ void MainWindow::on_actionFileExportObjectsHTTP_triggered() new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Http); } +void MainWindow::on_actionFileExportObjectsIMF_triggered() +{ + new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Imf); +} + void MainWindow::on_actionFileExportObjectsSMB_triggered() { new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Smb);