osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dissectors/packet-dof.c

12536 lines
432 KiB
C
Raw Blame History

/* packet-dof.c
* Routines for Distributed Object Framework (DOF) Wireshark Support
* Copyright 2015 Bryant Eastham <bryant.eastham[AT]us.panasonic.com>
* See https://opendof.org for more information.
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/* INTRODUCTION
* This very large dissector implements packet decoding for the entire
* protocol suite of the OpenDOF Project. The OpenDOF Project
* (https://opendof.org) is an open-source IoT platform with
* implementations in Java, C#, and C. The protocols are documented
* on the web site, and the IP ports referenced are registered with IANA.
*
* "DOF" stands for Distributed Object Framework. The protocols define
* a complete protocol stack that can sit on top of a variety of transports.
* The stack itself is called the DPS, or "DOF Protocol Stack". It
* is a layered stack including a Network, Presentation, and Application
* layer. The underlying transport can be anything, these dissectors
* hook in to UDP and TCP. To the Wireshark user, however, this is
* referred to as "dof" and not "dps".
*
* The following protocols are defined in the stack and implemented
* here:
* DNP - DOF Network Protocol (versions: 0, 1)
* DPP - DOF Presentation Protocol (version: 0, 2) [1 is reserved and not supported]
* DAP - DOF Application Protocols:
* DSP - DOF Session Protocol (versions: 0)
* OAP - Object Access Protocol (versions: 1)
* TEP - Ticket Exchange Protocol (versions: 128)
* TRP - Ticket Request Protocol (versions: 129)
* SGMP - Secure Group Management Protocol (versions: 130)
* DOFSEC - DOF Security Protocols:
* CCM - Chained mode
* TUN - A tunneling protocol for embedding DOF in other protocols.
*/
/* VERSIONS AND NAMING
* There are several different ways in which "versions" are used
* throughout the dissector. First, each of the DNP and DPP layers
* has a defined 'version'. The DOF Application Protocols are also
* distinguished by versioning, but it is actually the registered
* application ID that is the version. This is complicated by
* the fact that many of the application IDs represent the same
* version of a protocol from a capability perspective (and
* a user perspective) with the difference being some attribute
* of the protocol - for example the security primitives used.
*
* Another means of versioning is by specification document.
* In this case the document is identified by a year and sequence,
* with specifications and PDUs using a name and sequence.
* Naming of fields and variables will use these identifiers
* as they are the easiest way to tie the code to the specifications.
*
* The specification documents are also the easiest way (although
* maybe not the clearest) to expose fields to the Wireshar user.
* A consistent naming is used, which is:
*
* (spec)-pdu-(seq)-(field)
* For example: dof-2009-1-pdu-1-value
*
* Variable naming includes a protocol name to provide clarity.
*
* This is not the clearest from a user perspective, but it
* has the benefit of tying directly to the specifications
* themselves and uniquely identifies each field.
*
* Routines that dissect are uniformly named by the PDU
* that they dissect using the PDU specification document
* and PDU name from that document as follows:
*
* dissect_(spec)_(name)
*/
/* DISSECTOR DESIGN
* The original work on these dissectors began over ten years ago, but
* shared only within Panasonic. During the opening of the protocols in
* March of 2015 the decision was made to contribute the code to the Wireshark
* community. During this process the plugin approach was rejected and the
* entire set made into standard dissectors, and further to that all of the
* dissectors were merged into a single file.
*
* There are several types of supported dissectors that are part of the DPS family.
* At the lowest level are the transport dissectors. The responsibility
* of these dissectors is to determine the transport session information, pass
* DPS packets to the DPS dissector, and properly maintain the dof_api_data
* structure.
*
* The DPS dissector API comprises:
* 1. The structure (dof_api_data) that is passed in the data field to the DPS
* dissector. Transport plugins must understand this.
* 2. The dof_transport_session structure, which contains all transport
* information that is passed to the DPS dissector.
* 3. The name of the DPS dissector.
*
* The DPS dissector API extends to dissectors that are called by the DPS dissectors.
*
* Finally, there is the DPS Security Mode dissectors. These dissectors are passed
* additional security context information and it is their job to decrypt packets
* and pass them to higher-level dissectors.
*
* The DOF Protocol Stack is strictly layered with minimal (and defined) state
* exchanged between layers. This allows a fairly structured design, using
* dissector tables at each layer. The main DPS dissector receives packets
* from the transport hooks, and then dissects the packet layer by layer using
* the different dissector tables. Dissectors and the DNP, DPP, and DAP layers.
*
* In addition to the main protocol stack with its associated protocols there are
* additional common data elements that include extensibility. If an extension
* is found then it will be used to dissect, otherwise the base dissector will be
* used.
*/
/* SESSIONS
* DOF defines sessions at many different levels, and state is always associated
* with a session. Much of the power (and complexity) of these dissectors relates
* to accurately tracking and maintaining context for each session, and displaying
* context-related decode information based on the session. This includes, for
* example, decoding encrypted data (including multicast group traffic) and
* showing full packet information even when the packet data uses aliases or
* other context specific data.
*
* Sessions are an extremely complex part of the dissectors because they occur at
* so many different levels, and that they are temporal in nature while wireshark
* is not. This means that all data structures that deal with sessions must deal
* with both the level and the time of the packet.
*
* The levels are:
* 1. Transport. These sessions are defined by the transport, and transport
* addresses. As in the transports, there is no transport information allowed
* at the dps level, but transport information is allowed to influence other
* decisions. Every dps packet must be part of a transport session. Transport
* sessions are usually managed as conversations in Wireshark. Each transport
* session is has an identifier that is defined by the DPS plugin the first
* time a packet in the transport session is passed to the plugin.
* 2. DPS. These sessions are defined by DPS, and are part of the DNP definition.
* These sessions are also assigned a unique DPS session identifier.
*
* 3. Security (Optional). Security sessions always exist inside of
* an DPS session. Security sessions are further divided into epochs, keys, etc.
*
* Temporal information is always associated with packet numbers, which always increase.
* This temporal information is used during the first pass to create sessions by
* determining that a new packet doesn't belong to a previous session.
*
* During the first pass the data structures are referenced from the transport
* session information up. The goal of the first pass is to create the most specific
* session information and associate each packet with the appropriate session. These
* sessions refer to more general session information.
*
* In order to make lookups easier, the most fine-grainded sessions are assigned
* unique identifiers. Secure sessions are always born unsecure (during security
* negotiation). These use the same session identifiers, but the state for the
* secure and unsecured times are separated. Once a session is secured it never
* transitions back to unsecured.
*
* MEMBERSHIP
* Each packet is sent by a member of the session. Session members have state related
* to the session. Packets are received by either a member of the session or the
* session itself (implying all members). This means that packet state can come
* from:
* 1. The sender.
* 2. The receiver (if directed to a receiver).
* 3. The session.
* The identity of a member is always a combination of transport and dps information.
* However, the state of the membership is in the context of the session, keyed by
* the sender.
*
* In order to make lookups easier, each unique sender in the system is
* assigned a unique identifier.
*/
#include <config.h>
#include <ctype.h>
#include <wsutil/wsgcrypt.h>
#include <epan/packet.h>
#include <epan/proto.h>
#include <epan/proto_data.h>
#include <epan/prefs.h>
#include <epan/conversation.h>
#include <epan/expert.h>
#include <epan/uat.h>
#include <wsutil/str_util.h>
#include <epan/to_str.h>
#include "packet-tcp.h"
/* DEFINES, STRUCTURES, AND SUPPORT METHOD DECLARATIONS
* The following sections includes preprocessor definitions, structure definitions,
* and method declarations for all dissectors.
* The ordering is by DPS stack order, general first and then by protocols.
*/
/**
* GENERAL SUPPORT STRUCTURES
* The following structures represent state that must be maintained for
* the dissectors to operate. They are not directly related to protocol
* information.
*/
/**
* This structure represents a SID, or Sender ID, in the system.
* This is allocated as global memory, and must be freed. SIDs
* are Object IDs, and can be displayed in hex but preferrably
* using the OID output format. Even though the OID contains
* a length, we prefix this buffer with a length (which must
* be less than 255 by the definition of a SID.
* SIDs are not versioned, so they can be used universally in
* any protocol version.
*/
typedef guint8 *dof_2009_1_pdu_19_sid;
/**
* This structure encapsulates an OPID, which is the combination of
* a source identifier (SID, and OID) and a packet number. This is a separate
* structure because some operations actually contain multiple opids, but need
* to be placed in the appropriate data structures based on SID lookup. This
* structure can be used as a key in different hash tables.
*/
typedef struct _dpp_opid
{
guint op_sid_id;
dof_2009_1_pdu_19_sid op_sid;
guint op_cnt;
} dof_2009_1_pdu_20_opid;
/**
* This structure contains all of the transport session information
* related to a particular session, but not related to the packet
* within that session. That information is separated to allow
* reuse of the structure.
*/
typedef struct _dof_transport_session
{
/**
* TRANSPORT ID: This is a unique identifier for each transport,
* used to prevent aliasing of the SENDER ID value in the
* transport packet structure. It contains the protocol id
* assigned by Wireshark (unique per protocol).
*/
gint transport_id;
/**
* For new sessions, this is left zero. The DPS dissector will
* set this value.
*/
guint32 transport_session_id;
/**
* Timestamp of start of session.
*/
nstime_t session_start_ts;
/**
* Whether negotiation is required on this session.
*/
gboolean negotiation_required;
/**
* The frame number where negotiation was complete, or zero if not complete.
*/
guint32 negotiation_complete_at;
/**
* The time when negotiation was complete, or zero if not complete.
*/
nstime_t negotiation_complete_at_ts;
/**
* Type of transport session.
*/
gboolean is_streaming; /* Inverse is 'is_datagram'. */
/**
* Cardinality of transport session.
*/
gboolean is_2_node; /* Inverse is 'is_n_node'. */
} dof_transport_session;
typedef struct _dof_transport_packet
{
/**
* Source of packet (if known, default is server).
*/
gboolean is_sent_by_client; /* Inverse is 'is_sent_by_server'. */
/**
* SENDER ID/RECEIVER ID: A unique value that identifies the unique
* transport sender/receiver address. This number is based on only
* the transport, and not session, information.
*/
guint sender_id;
guint receiver_id;
} dof_transport_packet;
/**
* This structure maintains security state throughout an DPS session.
* It is managed by the key exchange protocol, and becomes effective
* at different dps packets in each communication direction. Decrypting
* a packet requires that this structure exists.
*/
typedef struct _dof_session_key_exchange_data
{
/**
* The frame at which this becomes valid for initiator packets.
*/
guint32 i_valid;
/**
* The frame at which this becomes valid for responder packets.
*/
guint32 r_valid;
/**
* SECURITY MODE: The security mode for a secure session. Set
* by the key exchange dissector.
*/
guint32 security_mode;
/**
* SECURITY MODE INITIALIZATION DATA: Determined by the key exchange
* protocol and passed here for the reference of the security mode.
*/
guint32 security_mode_data_length;
guint8 *security_mode_data;
/**
* SECURITY MODE DATA: Created and managed by the security mode
* dissector.
*/
void *security_mode_key_data;
/**
* SESSION KEY: Pointer to seasonal data that holds the encryption key.
*/
guint8 *session_key;
/**
* The next security data in this session.
*/
struct _dof_session_key_exchange_data *next;
} dof_session_key_exchange_data;
/**
* This structure contains security keys that should be tried with
* sessions that otherwise are not known.
*/
typedef struct _dof_session_key_data
{
guint8 *session_key;
} dof_session_key_data;
/**
* This structure contains security keys for groups.
*/
typedef struct _dof_group_data
{
guint8 *domain;
guint8 domain_length;
guint8 *identity;
guint8 identity_length;
guint8 *kek;
} dof_group_data;
/**
* This structure contains security keys for non-group identities.
*/
typedef struct _dof_identity_data
{
guint8 *domain;
guint8 domain_length;
guint8 *identity;
guint8 identity_length;
guint8 *secret;
} dof_identity_data;
/**
* This structure exists for global security state. It exposes the
* configuration data associated with DPS, and also is a common location
* that learned security information is stored. Each dof_packet_data will
* contain a pointer to this structure - there is only one for the entire
* DPS.
*/
typedef struct _dof_security_data
{
/* Array of session_keys. */
dof_session_key_data *session_key;
guint16 session_key_count;
/* Array of group data. */
dof_group_data *group_data;
guint16 group_data_count;
/* Array of identity data. */
dof_identity_data *identity_data;
guint16 identity_data_count;
/* Global sessions. */
/*TODO: Figure this out */
/* dof_session_list* sessions; */
} dof_security_data;
/**
* This structure represents a key that is learned for a group and epoch.
*/
struct _dof_learned_group_data;
typedef struct _dof_learned_group_auth_data
{
guint32 epoch;
guint8 *kek;
guint mode_length;
guint8 *mode;
guint16 security_mode;
struct _dof_learned_group_data *parent;
struct _dof_learned_group_auth_data *next;
} dof_learned_group_auth_data;
/**
* This structure represents a group that is learned about.
*/
typedef struct _dof_learned_group_data
{
guint8 domain_length;
guint8 *domain;
guint8 group_length;
guint8 *group;
guint32 ssid;
dof_learned_group_auth_data *keys;
struct _dof_learned_group_data *next;
} dof_learned_group_data;
/**
* This structure exists for each secure DPS session. This is kept in
* addition to the normal session
* Each packet that has state will contain a reference to one of these.
*
* Information in this structure is invariant for the duration of the
* session *or* is only used during the initial pass through the packets.
* Information that changes (for example, security parameters, keys, etc.)
* needs to be maintained separately, although this structure is the
* starting place for this information.
*
* This structure is initialized to zero.
*/
struct _dof_session_data;
typedef struct _dof_secure_session_data
{
/**
* SSID: Zero is typically used for streaming sessions.
*/
guint32 ssid;
/**
* DOMAIN LENGTH: The length of the security domain, greater than
* zero for secure sessions. Set by the key exchange dissector.
*/
guint8 domain_length;
/**
* DOMAIN: The security domain itself, seasonal storage, non-null
* for secure sessions. Set by the key exchange dissector.
*/
guint8 *domain;
/**
* SESSION SECURITY: This is a list of security data for this
* session, created by the key exchange protocol.
*/
dof_session_key_exchange_data *session_security_data;
dof_session_key_exchange_data *session_security_data_last;
/**
* NEXT: This is the next secure session related to the parent
* unsecure session. Protocols can define new secure sessions and
* add them to this list. DPP then finds the correct secure session
* for a secure packet and caches it.
*/
struct _dof_secure_session_data *next;
struct _dof_session_data *parent;
guint32 original_session_id;
gboolean is_2_node;
} dof_secure_session_data;
/**
* This structure exists for each DPS session. Secure sessions have an
* additional data structure that includes the secure session information.
* Each packet that has state will contain a reference to one of these.
*
* Information in this structure is invariant for the duration of the
* session *or* is only used during the initial pass through the packets.
* Information that changes (for example, security parameters, keys, etc.)
* needs to be maintained separately, although this structure is the
* starting place for this information.
*
* This structure is initialized to zero.
*/
typedef struct _dof_session_data
{
/**
* SESSION ID: Set when the session is created, required.
*/
guint32 session_id;
/**
* DPS ID: The type of DPS SENDER ID (in the packet data) to prevent
* aliasing. Since DPS senders identifiers relate to DNP, this is the
* DNP version number.
*/
guint8 dof_id;
/**
* SECURE SESSIONS: When secure sessions are created from this
* unsecure session then they are added to this list. Each member
* of the list must be distinguished.
*/
dof_secure_session_data *secure_sessions;
/**
* Protocol-specific data.
*/
GSList *data_list;
} dof_session_data;
/* DOF Security Structures. */
/* Return structures for different packets. */
typedef struct _dof_2008_16_security_3_1
{
tvbuff_t *identity;
} dof_2008_16_security_3_1;
typedef struct _dof_2008_16_security_4
{
tvbuff_t *identity;
tvbuff_t *nonce;
} dof_2008_16_security_4;
typedef struct _dof_2008_16_security_6_1
{
tvbuff_t *i_identity;
tvbuff_t *i_nonce;
guint16 security_mode;
guint32 security_mode_data_length;
guint8 *security_mode_data;
} dof_2008_16_security_6_1;
typedef struct _dof_2008_16_security_6_2
{
tvbuff_t *r_identity;
tvbuff_t *r_nonce;
} dof_2008_16_security_6_2;
/**
* This structure defines the address for Wireshark transports. There is no
* DPS information associated here.
*/
typedef struct _ws_node
{
address addr;
guint32 port;
} ws_node;
typedef struct _dof_session_list
{
dof_session_data *session;
struct _dof_session_list *next;
} dof_session_list;
/**
* DOF PACKET DATA
* This structure exists for each DOF packet. There is ABSOLUTELY NO
* transport-specific information here, although there is a session
* number which may relate to transport information indirectly through
* a transport session.
* There will be one of these for each DOF packet, even if the corresponding
* Wireshark frame has multiple DOF packets encapsulated in it. The key
* to this structure is the operation identifier, and there is a hash
* lookup to go from an operation identifier to this structure.
*/
typedef struct _dof_packet_data
{
/**
* NON-DPS FIELDS, USED FOR WIRESHARK COMMUNICATION/PROCESSING
* Protocol-specific data.
*/
GSList *data_list;
/**
* The Wireshark frame. Note that a single frame can have multiple DPS packets.
*/
guint32 frame;
/**
* The DPS frame/packet. This number is unique in the entire trace.
*/
guint32 dof_frame;
/**
* Packet linked list for all dps packets.
*/
struct _dof_packet_data *next;
/**
* DPS FIELDS
* Indicator that the packet has already been processed. Processed packets
* have all their fields set that can be determined. Further attempts to
* determine NULL fields are worthless.
*/
gboolean processed;
/**
* SUMMARY: An operation summary, displayed in the Operation History. This is seasonal
* data, managed by the DPP dissector.
*/
const gchar *summary;
/**
* SENDER ID/RECEIVER ID: An identifier for each unique sender/receiver according to DPS.
* This augments the transport SENDER ID/RECEIVER ID in determining each
* unique sender.
*/
gint sender_id;
gint receiver_id;
/**
* DPP INFORMATION - CACHED INFORMATION
*/
gboolean is_command; /* Inverse is 'is_response'. */
gboolean is_sent_by_initiator;
/**
* SENDER SID ID/RECEIVER SID ID: An identifier for the sid associated with this packet's sender.
* Zero indicates that it has not been assigned. Assigned by the DPP
* dissector.
*/
guint sender_sid_id;
guint receiver_sid_id;
/**
* SENDER SID/RECEIVER SID: The SID of the sender/receiver, or NULL if not known.
*/
dof_2009_1_pdu_19_sid sender_sid;
dof_2009_1_pdu_19_sid receiver_sid;
/**
* Operation references.
*/
gboolean has_opid;
dof_2009_1_pdu_20_opid op;
gboolean has_referenced_opid;
dof_2009_1_pdu_20_opid ref_op;
struct _dof_packet_data *opid_first;
struct _dof_packet_data *opid_next;
struct _dof_packet_data *opid_last;
struct _dof_packet_data *opid_first_response;
struct _dof_packet_data *opid_next_response;
struct _dof_packet_data *opid_last_response;
/**
* SECURITY INFORMATION - CACHED
*/
const gchar *security_session_error;
dof_session_key_exchange_data *security_session;
void *security_packet;
guint8 *decrypted_buffer;
tvbuff_t *decrypted_tvb;
guint16 decrypted_offset;
gchar *decrypted_buffer_error;
/**
* OPERATION DATA: Generic data, seasonal, owned by the application protocol dissector
* for this packet.
*/
void *opid_data;
} dof_packet_data;
/**
* This structure represents globals that are passed to all dissectors.
*/
typedef struct _dof_globals
{
guint32 next_transport_session;
guint32 next_session;
dof_packet_data *dof_packet_head;
dof_packet_data *dof_packet_tail;
dof_security_data *global_security;
dof_learned_group_data *learned_group_data;
gboolean decrypt_all_packets;
gboolean track_operations;
guint track_operations_window;
} dof_globals;
/**
* This structure contains all information that is passed between
* transport dissectors/plugins and the DPS dissector. It is allocated
* by the transport plugin, and its fields are set as described here.
*/
typedef struct _dof_api_data
{
/**
* TRANSPORT SESSION: Set by the transport dissector, required.
*/
dof_transport_session *transport_session;
/**
* TRANSPORT PACKET: Set by the transport dissector, required.
*/
dof_transport_packet *transport_packet;
/**
* DPS SESSION: Set by the DPS dissector.
*/
dof_session_data *session;
/**
* DPS DATA: Set by the DPS dissector.
*/
dof_packet_data *packet;
/**
* DPS SECURE SESSION: Set by the DPP dissector.
*/
dof_secure_session_data *secure_session;
} dof_api_data;
/**
* This set of types defines the Security Mode dissector API.
* This structure identifies the context of the dissection,
* allowing a single structure to know what part of the packet
* of sequence of packets it is working with.
*
* Structure for Security Mode of Operation dissectors.
*/
typedef enum _dof_secmode_context
{
INITIALIZE,
HEADER,
TRAILER
} dof_secmode_context;
/* Seasonal, initialized to zero. */
typedef struct _dof_secmode_api_data
{
/**
* API VERSION: Set by the DPS dissector, required.
* MUST BE THE FIRST FIELD.
*/
guint8 version;
/**
* CONTEXT: Set the DPS dissector, required.
*/
dof_secmode_context context;
/**
* SECURITY MODE OFFSET: The packet offset from the DPP header of the security mode.
*/
guint security_mode_offset;
/**
* API DATA: Set by the DPS dissector, required.
*/
dof_api_data *dof_api;
/**
* SECURE SESSION DATA: Controlled by the caller, either associated
* with the current packet (HEADER mode) or not (other modes).
* Used to access session information.
*/
dof_secure_session_data *secure_session;
/**
* KEY EXCHANGE: Controlled by the caller, represents the key exchange
* for INITIALIZE mode.
*/
dof_session_key_exchange_data *session_key_data;
} dof_secmode_api_data;
/* These should be the only non-static declarations in the file. */
void proto_register_dof(void);
void proto_reg_handoff_dof(void);
/* Dissector routines. */
static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static const gchar* dof_oid_create_standard_string(guint32 bufferSize, const guint8 *pOIDBuffer);
static const gchar* dof_iid_create_standard_string(guint32 bufferSize, const guint8 *pIIDBuffer);
static guint8 dof_oid_create_internal(const char *oid, guint32 *size, guint8 *buffer);
static void dof_oid_new_standard_string(const char *data, guint32 *rsize, guint8 **oid);
static gint read_c4(tvbuff_t *tvb, gint offset, guint32 *v, gint *len);
static void validate_c4(packet_info *pinfo, proto_item *pi, guint32, gint len);
static gint read_c3(tvbuff_t *tvb, gint offset, guint32 *v, gint *len);
static void validate_c3(packet_info *pinfo, proto_item *pi, guint32, gint len);
static gint read_c2(tvbuff_t *tvb, gint offset, guint16 *v, gint *len);
static void validate_c2(packet_info *pinfo, proto_item *pi, guint16, gint len);
static gint dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result);
static gint dof_dissect_pdu_as_field(dissector_t disector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result);
#if 0 /* TODO not used yet */
static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data);
static void* dof_session_get_proto_data(dof_session_data *session, int proto);
static void dof_session_delete_proto_data(dof_session_data *session, int proto);
#endif
static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data);
static void* dof_packet_get_proto_data(dof_packet_data *packet, int proto);
#if 0 /* TODO not used yet */
static void dof_packet_delete_proto_data(dof_packet_data *packet, int proto);
#endif
/* DOF PROTOCOL STACK */
#define DOF_PROTOCOL_STACK "DOF Protocol Stack"
/**
* PORTS
* The following ports are registered with IANA and used to hook transport
* dissectors into the lower-level Wireshark transport dissectors.
*
* Related to these ports is the usage of conversations for DOF. The goal of
* using Wireshark conversations is to guarantee that DPS data is available for
* any DPS packet. However, there is no assumption that Wireshark conversations
* map in any way to DOF sessions.
*
* One exception to this use is in discovery of DOF servers. The DOF_MCAST_NEG_SEC_UDP_PORT
* is watched for all traffic. A "wildcard" conversation is then created for the
* source address, and the DPS dissector is associated with that port. In this
* way, servers on non-standard ports will automatically be decoded using DPS.
*/
#define DOF_NEG_SEC_UDP_PORT_RANGE "3567,5567" /* P2P + Multicast */
#define DOF_P2P_NEG_SEC_TCP_PORT 3567
/* Reserved UDP port 3568*/
#define DOF_TUN_SEC_TCP_PORT 3568
#define DOF_P2P_SEC_TCP_PORT 5567
/* Reserved UDP port 8567*/
#define DOF_TUN_NON_SEC_TCP_PORT 8567
/* This is needed to register multicast sessions with the UDP handler. */
static dissector_handle_t dof_udp_handle;
static int proto_2008_1_dof = -1;
static int proto_2008_1_dof_tcp = -1;
static int proto_2008_1_dof_udp = -1;
static int hf_2008_1_dof_session = -1;
static int hf_2008_1_dof_is_2_node = -1;
static int hf_2008_1_dof_is_streaming = -1;
static int hf_2008_1_dof_is_from_client = -1;
static int hf_2008_1_dof_frame = -1;
static int hf_2008_1_dof_session_transport = -1;
static int ett_2008_1_dof = -1;
/* DOF Tunnel Protocol */
/* UDP Registrations */
#define TUNNEL_PROTOCOL_STACK "DOF Tunnel Protocol Stack"
#define TUNNEL_APPLICATION_PROTOCOL "DOF Tunnel Protocol"
static dissector_table_t dof_tun_app_dissectors;
/***** TUNNEL *****/
static int proto_2012_1_tunnel = -1;
static int ett_2012_1_tunnel = -1;
static int hf_2012_1_tunnel_1_version = -1;
static int hf_2012_1_tunnel_1_length = -1;
/* DOF NETWORK PROTOCOL */
#define DNP_MAX_VERSION 1
#define DOF_NETWORK_PROTOCOL "DOF Network Protocol"
static dissector_table_t dnp_dissectors;
static dissector_table_t dnp_framing_dissectors;
static int proto_2008_1_dnp = -1;
static int hf_2008_1_dnp_1_version = -1;
static int hf_2008_1_dnp_1_flag = -1;
static int ett_2008_1_dnp = -1;
static int ett_2008_1_dnp_header = -1;
/* DNP V0 */
static int proto_2008_1_dnp_0 = -1;
static int hf_2008_1_dnp_0_1_1_padding = -1;
static int hf_2008_1_dnp_0_1_1_version = -1;
/* DNP V1 */
#define DNP_V1_DEFAULT_FLAGS (0)
static int proto_2009_9_dnp_1 = -1;
static int hf_2009_9_dnp_1_flags = -1;
static int hf_2009_9_dnp_1_flag_length = -1;
static int hf_2009_9_dnp_1_length = -1;
static int hf_2009_9_dnp_1_flag_srcport = -1;
static int hf_2009_9_dnp_1_srcport = -1;
static int hf_2009_9_dnp_1_flag_dstport = -1;
static int hf_2009_9_dnp_1_dstport = -1;
static int ett_2009_9_dnp_1_flags = -1;
static int * const bitmask_2009_9_dnp_1_flags[] = {
&hf_2009_9_dnp_1_flag_length,
&hf_2009_9_dnp_1_flag_srcport,
&hf_2009_9_dnp_1_flag_dstport,
NULL
};
/* DOF PRESENTATION PROTOCOL */
#define DOF_PRESENTATION_PROTOCOL "DOF Presentation Protocol"
static dissector_table_t dof_dpp_dissectors;
static int proto_2008_1_dpp = -1;
static int hf_2008_1_dpp_sid_num = -1;
static int hf_2008_1_dpp_rid_num = -1;
static int hf_2008_1_dpp_sid_str = -1;
static int hf_2008_1_dpp_rid_str = -1;
static int hf_2008_1_dpp_first_command = -1;
static int hf_2008_1_dpp_last_command = -1;
static int hf_2008_1_dpp_first_response = -1;
static int hf_2008_1_dpp_last_response = -1;
static int hf_2008_1_dpp_related_frame = -1;
static int hf_2008_1_dpp_1_version = -1;
static int hf_2008_1_dpp_1_flag = -1;
static int ett_2008_1_dpp = -1;
static int ett_2008_1_dpp_1_header = -1;
/* DPP V0 */
static int proto_2008_1_dpp_0 = -1;
static int hf_2008_1_dpp_0_1_1_version = -1;
/* DPP V1 - RESERVED, NOT SUPPORTED */
/* DPP V2 */
#define DPP_V2_DEFAULT_FLAGS (0)
#define DPP_V2_SEC_FLAG_E (0x80)
#define DPP_V2_SEC_FLAG_D (0x08)
#define DPP_V2_SEC_FLAG_P (0x04)
#define DPP_V2_SEC_FLAG_A (0x02)
#define DPP_V2_SEC_FLAG_S (0x01)
static int proto_2009_12_dpp = -1;
static int proto_2009_12_dpp_common = -1;
/* TODO: The complete on final and final flags are not covered. */
static int hf_2009_12_dpp_2_1_flags = -1;
static int hf_2009_12_dpp_2_1_flag_security = -1;
static int hf_2009_12_dpp_2_1_flag_opid = -1;
static int hf_2009_12_dpp_2_1_flag_seq = -1;
static int hf_2009_12_dpp_2_1_flag_retry = -1;
static int hf_2009_12_dpp_2_1_flag_cmdrsp = -1;
static int hf_2009_12_dpp_2_3_sec_flags = -1;
static int hf_2009_12_dpp_2_3_sec_flag_secure = -1;
static int hf_2009_12_dpp_2_3_sec_flag_rdid = -1;
static int hf_2009_12_dpp_2_3_sec_flag_partition = -1;
static int hf_2009_12_dpp_2_3_sec_flag_ssid = -1;
static int hf_2009_12_dpp_2_3_sec_flag_as = -1;
static int hf_2009_12_dpp_2_3_sec_ssid = -1;
static int hf_2009_12_dpp_2_3_sec_rdid = -1;
static int hf_2009_12_dpp_2_3_sec_remote_partition = -1;
static int hf_2009_12_dpp_2_3_sec_partition = -1;
static int hf_2009_12_dpp_2_1_opcnt = -1;
static int hf_2009_12_dpp_2_1_seq = -1;
static int hf_2009_12_dpp_2_1_retry = -1;
static int hf_2009_12_dpp_2_1_delay = -1;
static int hf_2009_12_dpp_2_14_opcode = -1;
static int ett_2009_12_dpp_2_1_flags = -1;
static int ett_2009_12_dpp_2_3_security = -1;
static int ett_2009_12_dpp_2_3_sec_flags = -1;
static int ett_2009_12_dpp_2_3_sec_remote_partition = -1;
static int ett_2009_12_dpp_2_3_sec_partition = -1;
static int ett_2009_12_dpp_2_opid = -1;
static int ett_2009_12_dpp_2_opid_history = -1;
static int ett_2009_12_dpp_common = -1;
static const value_string strings_2009_12_dpp_opid_types[] = {
{ 0, "Not Present" },
{ 1, "SID [Sender]" },
{ 2, "SID [Receiver]" },
{ 3, "SID [Explicit]" },
{ 0, NULL }
};
#define OP_2009_12_RESPONSE_FLAG (0x80)
#define OP_2009_12_NODE_DOWN_CMD (0)
#define OP_2009_12_NODE_DOWN_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_NODE_DOWN_CMD)
#define OP_2009_12_SOURCE_LOST_CMD (1)
#define OP_2009_12_SOURCE_LOST_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_LOST_CMD)
#define OP_2009_12_RENAME_CMD (2)
#define OP_2009_12_RENAME_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_RENAME_CMD)
#define OP_2009_12_PING_CMD (3)
#define OP_2009_12_PING_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_PING_CMD)
#define OP_2009_12_CANCEL_ALL_CMD (4)
#define OP_2009_12_CANCEL_ALL_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_CANCEL_ALL_CMD)
#define OP_2009_12_HEARTBEAT_CMD (5)
#define OP_2009_12_HEARTBEAT_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_HEARTBEAT_CMD)
#define OP_2009_12_QUERY_CMD (6)
#define OP_2009_12_QUERY_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_QUERY_CMD)
#define OP_2009_12_SOURCE_FOUND_CMD (8)
#define OP_2009_12_SOURCE_FOUND_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_FOUND_CMD)
static const value_string strings_2009_12_dpp_common_opcodes[] = {
{ OP_2009_12_NODE_DOWN_CMD, "DPP Node Down" },
{ OP_2009_12_NODE_DOWN_RSP, "DPP Node Down Response (Illegal)" },
{ OP_2009_12_SOURCE_LOST_CMD, "DPP Source Lost" },
{ OP_2009_12_SOURCE_LOST_RSP, "DPP Source Lost Response (Illegal)" },
{ OP_2009_12_SOURCE_FOUND_CMD, "DPP Source Found" },
{ OP_2009_12_SOURCE_FOUND_RSP, "DPP Source Found Response (Illegal)" },
{ OP_2009_12_RENAME_CMD, "DPP Rename" },
{ OP_2009_12_RENAME_RSP, "DPP Rename Response (Illegal)" },
{ OP_2009_12_PING_CMD, "DPP Ping" },
{ OP_2009_12_PING_RSP, "DPP Ping Response" },
{ OP_2009_12_HEARTBEAT_CMD, "DPP Heartbeat" },
{ OP_2009_12_HEARTBEAT_RSP, "DPP Heartbeat Response (Illegal)" },
{ OP_2009_12_QUERY_CMD, "DPP Query" },
{ OP_2009_12_QUERY_RSP, "DPP Query Response" },
{ OP_2009_12_CANCEL_ALL_CMD, "DPP Cancel All" },
{ OP_2009_12_CANCEL_ALL_RSP, "DPP Cancel All Response (Illegal)" },
{ 0, NULL }
};
/* DOF APPLICATION PROTOCOL */
#define DOF_APPLICATION_PROTOCOL "DOF Application Protocol"
static dissector_table_t app_dissectors;
static int proto_2008_1_app = -1;
static int hf_2008_1_app_version = -1;
/* DAP V0 (DSP - DOF SESSION PROTOCOL) */
/* Note that DSP is *always* appid 0 and so it violates the standard naming rule. */
static dissector_table_t dsp_option_dissectors;
static int hf_2008_1_dsp_12_opcode = -1;
static int hf_2008_1_dsp_attribute_code = -1;
static int hf_2008_1_dsp_attribute_data = -1;
static int hf_2008_1_dsp_value_length = -1;
static int hf_2008_1_dsp_value_data = -1;
static const value_string strings_2008_1_dsp_attribute_codes[] = {
{ 0, "TEP Family" },
{ 1, "OAP Family" },
{ 2, "CCM Family" },
{ 3, "TRP Family" },
{ 255, "General" },
{ 0, NULL }
};
#define DOF_PROTOCOL_DSP 0
#define DSP_OAP_FAMILY 0x010000
static int proto_2008_1_dsp = -1;
#define OP_2008_1_RSP (0x80)
#define OP_2008_1_QUERY_CMD 0
#define OP_2008_1_QUERY_RSP (OP_2008_1_RSP|OP_2008_1_QUERY_CMD)
#define OP_2008_1_CONFIG_REQ 1
#define OP_2008_1_CONFIG_ACK (OP_2008_1_RSP|2)
#define OP_2008_1_CONFIG_NAK (OP_2008_1_RSP|3)
#define OP_2008_1_CONFIG_REJ (OP_2008_1_RSP|4)
#define OP_2008_1_TERMINATE_CMD 5
#define OP_2008_1_TERMINATE_RSP (OP_2008_1_RSP|OP_2008_1_TERMINATE_CMD)
#define OP_2008_1_OPEN_CMD 6
#define OP_2008_1_OPEN_RSP (OP_2008_1_RSP|OP_2008_1_OPEN_CMD)
#define OP_2008_1_OPEN_SECURE_RSP (OP_2008_1_RSP|7)
static const value_string strings_2008_1_dsp_opcodes[] = {
{ OP_2008_1_QUERY_CMD, "DSP Query" },
{ OP_2008_1_QUERY_RSP, "DSP Query Response" },
{ OP_2008_1_CONFIG_REQ, "DSP Request" },
{ OP_2008_1_CONFIG_ACK, "DSP ACK Response" },
{ OP_2008_1_CONFIG_NAK, "DSP NAK Response" },
{ OP_2008_1_CONFIG_REJ, "DSP REJ Response" },
{ OP_2008_1_TERMINATE_CMD, "DSP Terminate/Close Request" },
{ OP_2008_1_TERMINATE_RSP, "DSP Terminate/Close Response" },
{ OP_2008_1_OPEN_CMD, "DSP Open" },
{ OP_2008_1_OPEN_RSP, "DSP Open Response" },
{ OP_2008_1_OPEN_SECURE_RSP, "DSP Open Secure Response" },
{ 0, NULL }
};
#define DSP_AVP_AUTHENTICATION 0
#define DSP_AVP_APPLICATION 1
#if 0 /* not used yet */
static const value_string strings_2008_1_dsp_attributes[] = {
{ DSP_AVP_AUTHENTICATION, "Authentication Protocol" },
{ DSP_AVP_APPLICATION, "Application Protocol" },
{ 0, NULL }
};
static const value_string strings_2008_1_dsp_values[] = {
{ 1, "DOF Object Access Protocol (version 1)" },
{ 3, "DOF Ticket Exchange Protocol (version 1)" },
{ 0, NULL }
};
#endif
static int ett_2008_1_dsp_12 = -1;
static int ett_2008_1_dsp_12_options = -1;
static int ett_2008_1_dsp_12_option = -1;
/* DAP V1 (OAP - OBJECT ACCESS PROTOCOL V1) */
/* This is the defined protocol id for OAP. */
#define DOF_PROTOCOL_OAP_1 1
/* There are two "protocols", one hooks into DSP and the other to DOF. */
static int proto_oap_1 = -1;
static int proto_oap_1_dsp = -1;
/* OAP DSP protocol items. */
static int hf_oap_1_dsp_option = -1;
/* OAP protocol items. */
static int hf_oap_1_opcode = -1;
static int hf_oap_1_alias_size = -1;
static int hf_oap_1_flags = -1;
static int hf_oap_1_exception_internal_flag = -1;
static int hf_oap_1_exception_final_flag = -1;
static int hf_oap_1_exception_provider_flag = -1;
static int hf_oap_1_cmdcontrol = -1;
static int hf_oap_1_cmdcontrol_cache_flag = -1;
static int hf_oap_1_cmdcontrol_verbosity_flag = -1;
static int hf_oap_1_cmdcontrol_noexecute_flag = -1;
static int hf_oap_1_cmdcontrol_ack_flag = -1;
static int hf_oap_1_cmdcontrol_delay_flag = -1;
static int hf_oap_1_cmdcontrol_heuristic_flag = -1;
static int hf_oap_1_cmdcontrol_heuristic = -1;
static int hf_oap_1_cmdcontrol_cache = -1;
static int hf_oap_1_cmdcontrol_ackcnt = -1;
static int hf_oap_1_cmdcontrol_ack = -1;
#if 0 /* not used yet */
static int hf_oap_1_opinfo_start_frame = -1;
static int hf_oap_1_opinfo_end_frame = -1;
static int hf_oap_1_opinfo_timeout = -1;
#endif
static int hf_oap_1_providerid = -1;
static int ett_oap_1_1_providerid = -1;
static int hf_oap_1_objectid = -1;
static int ett_oap_1_objectid = -1;
static int hf_oap_1_interfaceid = -1;
static int hf_oap_1_itemid = -1;
#if 0 /* not used yet */
static int hf_oap_1_distance = -1;
#endif
static int hf_oap_1_alias = -1;
static int hf_oap_1_alias_frame = -1;
static int hf_oap_1_subscription_delta = -1;
static int hf_oap_1_update_sequence = -1;
static int hf_oap_1_value_list = -1;
static int ett_oap_1_dsp = -1;
static int ett_oap_1_dsp_options = -1;
static int ett_oap_1 = -1;
static int ett_oap_1_opinfo = -1;
static int ett_oap_1_cmdcontrol = -1;
static int ett_oap_1_cmdcontrol_flags = -1;
static int ett_oap_1_cmdcontrol_ack = -1;
static int ett_oap_1_alias = -1;
static int * const bitmask_oap_1_cmdcontrol_flags[] = {
&hf_oap_1_cmdcontrol_cache_flag,
&hf_oap_1_cmdcontrol_verbosity_flag,
&hf_oap_1_cmdcontrol_noexecute_flag,
&hf_oap_1_cmdcontrol_ack_flag,
&hf_oap_1_cmdcontrol_delay_flag,
&hf_oap_1_cmdcontrol_heuristic_flag,
NULL
};
static expert_field ei_oap_no_session = EI_INIT;
static GHashTable *oap_1_alias_to_binding = NULL;
#define OAP_1_RESPONSE (0x80)
#define OAP_1_CMD_ACTIVATE 28
#define OAP_1_RSP_ACTIVATE (OAP_1_CMD_ACTIVATE|OAP_1_RESPONSE)
#define OAP_1_CMD_ADVERTISE 5
#define OAP_1_RSP_ADVERTISE (OAP_1_CMD_ADVERTISE|OAP_1_RESPONSE)
#define OAP_1_CMD_CHANGE 2
#define OAP_1_RSP_CHANGE (OAP_1_CMD_CHANGE|OAP_1_RESPONSE)
#define OAP_1_CMD_CONNECT 4
#define OAP_1_RSP_CONNECT (OAP_1_CMD_CONNECT|OAP_1_RESPONSE)
#define OAP_1_CMD_DEFINE 6
#define OAP_1_RSP_DEFINE (OAP_1_CMD_DEFINE|OAP_1_RESPONSE)
#define OAP_1_CMD_EXCEPTION 9
#define OAP_1_RSP_EXCEPTION (OAP_1_CMD_EXCEPTION|OAP_1_RESPONSE)
#define OAP_1_CMD_FULL_CONNECT 3
#define OAP_1_RSP_FULL_CONNECT (OAP_1_CMD_FULL_CONNECT|OAP_1_RESPONSE)
#define OAP_1_CMD_GET 10
#define OAP_1_RSP_GET (OAP_1_CMD_GET|OAP_1_RESPONSE)
#define OAP_1_CMD_INVOKE 12
#define OAP_1_RSP_INVOKE (OAP_1_CMD_INVOKE|OAP_1_RESPONSE)
#define OAP_1_CMD_OPEN 14
#define OAP_1_RSP_OPEN (OAP_1_CMD_OPEN|OAP_1_RESPONSE)
#define OAP_1_CMD_PROVIDE 16
#define OAP_1_RSP_PROVIDE (OAP_1_CMD_PROVIDE|OAP_1_RESPONSE)
#define OAP_1_CMD_REGISTER 25
#define OAP_1_RSP_REGISTER (OAP_1_CMD_REGISTER|OAP_1_RESPONSE)
#define OAP_1_CMD_SET 20
#define OAP_1_RSP_SET (OAP_1_CMD_SET|OAP_1_RESPONSE)
#define OAP_1_CMD_SIGNAL 22
#define OAP_1_RSP_SIGNAL (OAP_1_CMD_SIGNAL|OAP_1_RESPONSE)
#define OAP_1_CMD_SUBSCRIBE 24
#define OAP_1_RSP_SUBSCRIBE (OAP_1_CMD_SUBSCRIBE|OAP_1_RESPONSE)
#define OAP_1_CMD_WATCH 30
#define OAP_1_RSP_WATCH (OAP_1_CMD_WATCH|OAP_1_RESPONSE)
static const value_string oap_opcode_strings[] = {
{ OAP_1_CMD_ACTIVATE, "OAP Activate" },
{ OAP_1_RSP_ACTIVATE, "OAP Activate Response (Illegal)" },
{ OAP_1_CMD_ADVERTISE, "OAP Advertise" },
{ OAP_1_RSP_ADVERTISE, "OAP Advertise Response (Illegal)" },
{ OAP_1_CMD_CHANGE, "OAP Change" },
{ OAP_1_RSP_CHANGE, "OAP Change Response (Illegal)" },
{ OAP_1_CMD_CONNECT, "OAP Connect" },
{ OAP_1_RSP_CONNECT, "OAP Connect Response (Illegal)" },
{ OAP_1_CMD_DEFINE, "OAP Define" },
{ OAP_1_RSP_DEFINE, "OAP Define Response" },
{ OAP_1_CMD_EXCEPTION, "OAP Exception (Illegal)" },
{ OAP_1_RSP_EXCEPTION, "OAP Exception Response" },
{ OAP_1_CMD_FULL_CONNECT, "OAP Full Connect" },
{ OAP_1_RSP_FULL_CONNECT, "OAP Full Connect Response (Illegal)" },
{ OAP_1_CMD_GET, "OAP Get" },
{ OAP_1_RSP_GET, "OAP Get Response" },
{ OAP_1_CMD_INVOKE, "OAP Invoke" },
{ OAP_1_RSP_INVOKE, "OAP Invoke Response" },
{ OAP_1_CMD_OPEN, "OAP Open" },
{ OAP_1_RSP_OPEN, "OAP Open Response" },
{ OAP_1_CMD_PROVIDE, "OAP Provide" },
{ OAP_1_RSP_PROVIDE, "OAP Provide Response (Illegal)" },
{ OAP_1_CMD_REGISTER, "OAP Register" },
{ OAP_1_RSP_REGISTER, "OAP Register Response" },
{ OAP_1_CMD_SET, "OAP Set" },
{ OAP_1_RSP_SET, "OAP Set Response" },
{ OAP_1_CMD_SIGNAL, "OAP Signal" },
{ OAP_1_RSP_SIGNAL, "OAP Signal Response (Illegal)" },
{ OAP_1_CMD_SUBSCRIBE, "OAP Subscribe" },
{ OAP_1_RSP_SUBSCRIBE, "OAP Subscribe Response" },
{ OAP_1_CMD_WATCH, "OAP Watch" },
{ OAP_1_RSP_WATCH, "OAP Watch Response (Illegal)" },
{ 0, NULL }
};
typedef struct _alias_key
{
guint32 session;
guint32 sender;
guint32 alias;
} oap_1_alias_key;
static guint oap_1_alias_hash_func(gconstpointer ptr)
{
const oap_1_alias_key *key = (const oap_1_alias_key *)ptr;
return g_int_hash(&key->session) + g_int_hash(&key->sender) + g_int_hash(&key->alias);
}
static int oap_1_alias_equal_func(gconstpointer ptr1, gconstpointer ptr2)
{
const oap_1_alias_key *key1 = (const oap_1_alias_key *)ptr1;
const oap_1_alias_key *key2 = (const oap_1_alias_key *)ptr2;
if (key1->session != key2->session)
return 0;
if (key1->sender != key2->sender)
return 0;
if (key1->alias != key2->alias)
return 0;
return 1;
}
typedef struct
{
guint8 *oid;
guint16 oid_length;
guint8 *iid;
guint16 iid_length;
guint32 frame;
} oap_1_binding;
typedef struct oap_1_binding_list
{
oap_1_binding *binding;
struct oap_1_binding_list *next;
} oap_1_binding_list;
typedef struct
{
oap_1_binding *resolved_alias;
} oap_1_packet_data;
static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key);
static int oap_1_tree_add_alias(dof_api_data *api_data, oap_1_packet_data *oap_packet _U_, dof_packet_data *packet, proto_tree *tree, tvbuff_t *tvb, gint offset, guint8 alias_length, guint8 resolve)
{
dof_session_data *session = api_data->session;
proto_item *ti;
proto_tree *options_tree;
if (alias_length == 0)
/* TODO: Output error. */
return offset;
if (session == NULL)
/* TODO: Output error. */
return offset;
ti = proto_tree_add_item(tree, hf_oap_1_alias, tvb, offset, alias_length, ENC_BIG_ENDIAN);
if (resolve)
{
oap_1_binding *binding = NULL;
oap_1_alias_key key;
int i;
guint32 alias;
alias = 0;
for (i = 0; i < alias_length; i++)
alias = (alias << 8) | tvb_get_guint8(tvb, offset + i);
key.session = session->session_id;
key.sender = packet->sender_id;
key.alias = alias;
binding = oap_1_resolve_alias(&key);
if (binding)
{
options_tree = proto_item_add_subtree(ti, ett_oap_1_alias);
/* Decode the Interface */
ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, 0, 0, binding->iid, "%s", dof_iid_create_standard_string(binding->iid_length, binding->iid));
proto_item_set_generated(ti);
/* Decode the Object ID */
ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, 0, 0, binding->oid, "%s", dof_oid_create_standard_string(binding->oid_length, binding->oid));
proto_item_set_generated(ti);
proto_tree_add_uint_format(options_tree, hf_oap_1_alias_frame,
tvb, 0, 0, binding->frame,
"This alias is defined in frame %u",
binding->frame);
}
}
return offset + alias_length;
}
static int oap_1_tree_add_interface(proto_tree *tree, tvbuff_t *tvb, int offset)
{
guint8 registry;
guint8 len;
registry = tvb_get_guint8(tvb, offset);
len = registry & 0x03;
if (len == 0)
len = 16;
else
len = 1 << (len - 1);
proto_tree_add_item(tree, hf_oap_1_interfaceid, tvb, offset, 1 + len, ENC_NA);
return offset + 1 + len;
}
static int oap_1_tree_add_binding(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset)
{
guint8 len;
/* guint8 cl; */
len = tvb_get_guint8(tvb, offset);
len = len & 0x03;
if (len == 0)
len = 16;
else
len = 1 << (len - 1);
proto_tree_add_item(tree, hf_oap_1_interfaceid, tvb, offset, 1 + len, ENC_NA);
offset += 1 + len;
#if 0 /* this seems to be dead code - check! */
cl = tvb_get_guint8(tvb, offset);
if (cl & 0x80)
len = tvb_get_guint8(tvb, offset + 2);
else
len = tvb_get_guint8(tvb, offset + 1);
#endif
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, tree,
offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);
return offset;
}
static int oap_1_tree_add_cmdcontrol(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
proto_item *ti;
proto_tree *opinfo_tree;
guint8 flags;
flags = tvb_get_guint8(tvb, offset);
ti = proto_tree_add_bitmask(tree, tvb, offset, hf_oap_1_cmdcontrol, ett_oap_1_cmdcontrol_flags, bitmask_oap_1_cmdcontrol_flags, ENC_NA);
opinfo_tree = proto_item_add_subtree(ti, ett_oap_1_cmdcontrol);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_cache_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_verbosity_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_noexecute_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ack_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_delay_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_heuristic_flag, tvb, offset, 1, ENC_NA);
offset += 1;
if (flags & 0x01)
{
/* Heuristic */
gint heur_len;
guint16 heur;
proto_item *pi;
read_c2(tvb, offset, &heur, &heur_len);
pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_heuristic, tvb, offset, heur_len, heur, "Heuristic Value: %hu", heur);
validate_c2(pinfo, pi, heur, heur_len);
offset += heur_len;
}
if (flags & 0x04)
{
/* Ack List */
guint8 ackcnt;
guint8 i;
ackcnt = tvb_get_guint8(tvb, offset);
proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ackcnt, tvb, offset, 1, ENC_NA);
offset += 1;
for (i = 0; i < ackcnt; i++)
{
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, opinfo_tree,
offset, hf_oap_1_cmdcontrol_ack, ett_oap_1_cmdcontrol_ack, NULL);
}
}
if (flags & 0x40)
{
/* Cache Delay */
gint cache_len;
guint16 cache;
proto_item *pi;
read_c2(tvb, offset, &cache, &cache_len);
pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_cache, tvb, offset, cache_len, cache, "Cache Delay: %hu", cache);
validate_c2(pinfo, pi, cache, cache_len);
offset += cache_len;
}
return offset;
}
/**
* Define an alias. This routine is called for each Provide operation that includes an alias assignment.
* It is also called for retries of Provide operations.
* The alias is defined for the duration of the Provide. This means that if the operation is cancelled
* then the alias should no longer be valid.
* The alias is associated with an oap_session, an dof_node, and the alias itself. Aliases
* may be reused as long as the previous use has expired, and so the list is stored in reverse
* order.
*
* NOTE: The alias is passed as a structure pointer, and must be reallocated if it is stored in
* the hash.
*/
static void oap_1_define_alias(dof_api_data *api_data, guint32 alias, oap_1_binding *binding)
{
/* The definer of an alias is the sender, in the session. */
dof_session_data *session = api_data->session;
dof_packet_data *packet = (dof_packet_data *)api_data->packet;
guint32 session_id;
guint32 sender_id;
oap_1_alias_key key;
if (!session)
return;
session_id = session->session_id;
sender_id = packet->sender_id;
if (!binding)
return;
key.session = session_id;
key.sender = sender_id;
key.alias = alias;
/* If there isn't an entry for the alias, then we need to create one.
* The first entry will be the binding we are defining.
*/
if (!g_hash_table_lookup(oap_1_alias_to_binding, &key))
{
oap_1_alias_key *alias_ptr = wmem_new0(wmem_file_scope(), oap_1_alias_key);
memcpy(alias_ptr, &key, sizeof(oap_1_alias_key));
g_hash_table_insert(oap_1_alias_to_binding, alias_ptr, binding);
}
}
/**
* Given an oap_alias, resolve it to an oap_1_binding. This assumes that the destination of the
* packet is the one that defined the alias.
*/
static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key)
{
/* The first lookup is inside the session based on defining node. */
return (oap_1_binding *)g_hash_table_lookup(oap_1_alias_to_binding, key);
}
/* DAP V128 (TEP - TICKET EXCHANGE PROTOCOL V1) */
#define DOF_PROTOCOL_TEP 128
#define DSP_TEP_FAMILY 0x000000
static int proto_tep = -1;
static int proto_tep_dsp = -1;
static int hf_dsp_option = -1;
static int ett_tep_operation = -1;
static int hf_tep_operation = -1;
static int hf_tep_operation_type = -1;
static int hf_tep_opcode = -1;
static int hf_tep_k = -1;
static int hf_tep_c = -1;
static int hf_tep_reject_code = -1;
static int hf_tep_reject_data = -1;
static const true_false_string tep_optype_vals = { "DPP Response", "DPP Command" };
/* TEP.2.1 */
static int ett_tep_2_1_domain = -1;
static int hf_tep_2_1_domain = -1;
static int ett_tep_2_1_initiator_block = -1;
static int hf_tep_2_1_initiator_block = -1;
static int hf_tep_2_1_ticket_confirmation = -1;
/* TEP.2.2 */
static int ett_tep_2_2_initiator_ticket = -1;
static int hf_tep_2_2_initiator_ticket = -1;
static int hf_tep_2_2_ticket_confirmation = -1;
static int ett_tep_2_2_responder_initialization = -1;
static int hf_tep_2_2_responder_initialization = -1;
static int ett_tep_2_2_responder_block = -1;
static int hf_tep_2_2_responder_block = -1;
static int ett_tep_2_2_authenticator_initialization = -1;
static int hf_tep_2_2_authenticator_initialization = -1;
/* TEP.2.2.1 */
static int hf_tep_2_2_1_state_identifier = -1;
static int ett_tep_2_2_1_initial_state = -1;
static int hf_tep_2_2_1_initial_state = -1;
static int hf_tep_session_key = -1;
static int ett_tep_dsp = -1;
static int ett_tep_dsp_options = -1;
static int ett_tep = -1;
#if 0 /* not used yet */
static const value_string tep_filter_existing[] = {
{ 1, "Include Existing Matches" },
{ 0, "Exclude Existing Matches" },
{ 0, NULL }
};
#endif
#define TEP_OPCODE_RSP (0x80)
#define TEP_OPCODE_C (0x20)
#define TEP_OPCODE_K (0x10)
#define TEP_PDU_REJECT (TEP_OPCODE_RSP|0)
#define TEP_PDU_REQUEST (1)
#define TEP_PDU_END_SESSION (5)
#define TEP_PDU_SESSION_ENDING (6)
#define TEP_PDU_REQUEST_KEY (TEP_OPCODE_K|TEP_PDU_REQUEST)
#define TEP_PDU_CONFIRM (TEP_OPCODE_C|TEP_PDU_REQUEST)
#define TEP_PDU_ACCEPT (TEP_OPCODE_RSP|TEP_PDU_REQUEST)
#define TEP_PDU_CONFIRM_ACK (TEP_OPCODE_RSP|TEP_OPCODE_C|TEP_PDU_REQUEST)
static const value_string tep_opcode_strings[] = {
{ TEP_PDU_REJECT, "TEP Reject" },
{ TEP_PDU_REQUEST, "TEP Request" },
{ TEP_PDU_END_SESSION, "TEP End Session" },
{ TEP_PDU_SESSION_ENDING, "TEP Session Ending" },
{ TEP_PDU_REQUEST_KEY, "TEP Rekey" },
{ TEP_PDU_CONFIRM, "TEP Confirm" },
{ TEP_PDU_ACCEPT, "TEP Accept" },
{ TEP_PDU_CONFIRM_ACK, "TEP Confirm Ack" },
{ 0, NULL }
};
#if 0 /* not use yet */
static const value_string tep_error_strings[] = {
{ 1, "Parse Error" },
{ 2, "Access Denied" },
{ 3, "Duration Not Supported" },
{ 4, "Authentication Failed" },
{ 0, NULL }
};
#endif
/* Initialized to zero. */
typedef struct tep_rekey_data
{
/* Stored from the K bit of the Request PDU. */
gboolean is_rekey;
/* Stored from the key request for non-secure rekeys. Otherwise 0 and NULL. */
guint8 domain_length;
guint8 *domain;
/* Stored from the identity of the Request PDU. Seasonal. */
guint8 *i_identity;
guint8 i_identity_length;
/* Stored from the nonce of the Request PDU. Seasonal. */
guint8 *i_nonce;
guint8 i_nonce_length;
/* Stored from the identity of the Request response PDU. Seasonal. */
guint8 *r_identity;
guint8 r_identity_length;
/* Stored from the nonce of the Request response PDU. Seasonal. */
guint8 *r_nonce;
guint8 r_nonce_length;
guint16 security_mode;
guint32 security_mode_data_length;
guint8 *security_mode_data;
/* Security session data for this rekey, if is_rekey is TRUE. */
dof_session_key_exchange_data *key_data;
} tep_rekey_data;
/* DAP V129 (TRP - TICKET REQUEST PROTOCOL V2) */
#define DOF_PROTOCOL_TRP 129
#define DSP_TRP_FAMILY 0x030000
typedef struct _trp_packet_data
{
guint8 *domain;
guint8 domain_length;
guint8 *identity;
guint8 identity_length;
guint8 *group;
guint8 group_length;
guint8 *block_I;
guint16 block_I_length;
guint8 *secret;
gboolean kek_known;
} trp_packet_data;
static int proto_trp = -1;
static int proto_trp_dsp = -1;
static int hf_trp_dsp_option = -1;
static int hf_trp_opcode = -1;
static int hf_domain = -1;
static int hf_identity_resolution = -1;
static int hf_initiator_request = -1;
static int hf_responder_request = -1;
static int hf_initiator_ticket = -1;
static int hf_responder_ticket = -1;
static int hf_authentication_block = -1;
static int hf_group_identifier = -1;
static int hf_node_identifier = -1;
static int hf_thb = -1;
static int hf_tmin = -1;
static int hf_tmax = -1;
static int hf_trp_epoch = -1;
static int hf_sidg = -1;
static int hf_security_scope = -1;
static int hf_security_mode = -1;
static int hf_ssid = -1;
#if 0 /* not used yet */
static int hf_initiator_pg = -1;
#endif
static int hf_initiator_validation = -1;
static int hf_responder_pg = -1;
static int hf_responder_validation = -1;
static int hf_trp_errorcode = -1;
static int hf_trp_duration = -1;
#if 0 /* not used yet */
static int hf_trp_rnonce = -1;
static int hf_trp_pnonce = -1;
static int hf_trp_reqid = -1;
static int hf_trp_provid = -1;
static int hf_trp_perm_count = -1;
static int hf_trp_perm_type = -1;
static int hf_trp_perm_rcache = -1;
static int hf_trp_perm_rsrp = -1;
static int hf_trp_perm_rsrp_a = -1;
static int hf_trp_perm_rsrp_u = -1;
static int hf_trp_perm_rflags = -1;
static int hf_trp_perm_pcache = -1;
static int hf_trp_perm_psrp = -1;
static int hf_trp_perm_psrp_a = -1;
static int hf_trp_perm_psrp_u = -1;
static int hf_trp_perm_psrp_b = -1;
static int hf_trp_perm_psrp_s = -1;
static int hf_trp_perm_pflags = -1;
static int hf_trp_confirmation = -1;
static int hf_trp_perm_pke = -1;
static int hf_trp_perm_pka = -1;
#endif
static int ett_trp_dsp = -1;
static int ett_trp = -1;
static int ett_domain = -1;
static int ett_identity_resolution = -1;
static int ett_initiator_request = -1;
static int ett_initiator_ticket = -1;
static int ett_responder_request = -1;
static int ett_responder_ticket = -1;
static int ett_authentication_block = -1;
static int ett_group_identifier = -1;
static int ett_node_identifier = -1;
static int ett_sidg = -1;
static int ett_security_scope = -1;
static int ett_security_mode = -1;
static int ett_initiator_pg = -1;
static int ett_initiator_validation = -1;
static int ett_responder_pg = -1;
static int ett_responder_validation = -1;
static int ett_trp_permset = -1;
static int ett_srp_flags = -1;
static int ett_trp_ticket = -1;
static expert_field ei_trp_initiator_id_known = EI_INIT;
static expert_field ei_trp_kek_discovered = EI_INIT;
#define TRP_RESPONSE (0x80)
#define TRP_RSP_REJECT (TRP_RESPONSE|0)
#define TRP_CMD_REQUEST_KEK (1)
#define TRP_RSP_REQUEST_KEK (TRP_RESPONSE|TRP_CMD_REQUEST_KEK)
#define TRP_CMD_REQUEST_RANDOM (2)
#define TRP_RSP_REQUEST_RANDOM (TRP_RESPONSE|TRP_CMD_REQUEST_RANDOM)
#define TRP_CMD_REQUEST_SESSION (3)
#define TRP_RSP_REQUEST_SESSION (TRP_RESPONSE|TRP_CMD_REQUEST_SESSION)
#define TRP_CMD_REQUEST_SECURITY_SCOPES (4)
#define TRP_RSP_REQUEST_SECURITY_SCOPES (TRP_RESPONSE|TRP_CMD_REQUEST_SECURITY_SCOPES)
#define TRP_CMD_RESOLVE_CREDENTIAL (6)
#define TRP_RSP_RESOLVE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_RESOLVE_CREDENTIAL)
#define TRP_CMD_REQUEST_LOCAL_DOMAIN (7)
#define TRP_RSP_REQUEST_LOCAL_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_LOCAL_DOMAIN)
#define TRP_CMD_REQUEST_REMOTE_DOMAIN (8)
#define TRP_RSP_REQUEST_REMOTE_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_REMOTE_DOMAIN)
#define TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN (TRP_RESPONSE|0x0A)
#define TRP_CMD_VALIDATE_CREDENTIAL (9)
#define TRP_RSP_VALIDATE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_VALIDATE_CREDENTIAL)
static const value_string trp_opcode_strings[] = {
{ TRP_RSP_REJECT, "Reject" },
{ TRP_CMD_REQUEST_KEK, "TRP Request KEK" },
{ TRP_RSP_REQUEST_KEK, "TRP Request KEK Response" },
{ TRP_CMD_REQUEST_RANDOM, "TRP Request Random" },
{ TRP_RSP_REQUEST_RANDOM, "TRP Request Random Response" },
{ TRP_CMD_REQUEST_SESSION, "TRP Request Session" },
{ TRP_RSP_REQUEST_SESSION, "TRP Request Session Response" },
{ TRP_CMD_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes" },
{ TRP_RSP_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes Response" },
{ TRP_CMD_RESOLVE_CREDENTIAL, "TRP Resolve Credential" },
{ TRP_RSP_RESOLVE_CREDENTIAL, "TRP Resolve Credential Response" },
{ TRP_CMD_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain" },
{ TRP_RSP_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain Response" },
{ TRP_CMD_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain" },
{ TRP_RSP_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain Response" },
{ TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN, "TRP Request Discovered Remote Domain Response" },
{ TRP_CMD_VALIDATE_CREDENTIAL, "TRP Validate Credential" },
{ TRP_RSP_VALIDATE_CREDENTIAL, "TRP Validate Credential Response" },
{ 0, NULL }
};
static const value_string trp_error_strings[] = {
{ 1, "Parse Error" },
{ 2, "Access Denied" },
{ 3, "Unknown Initiator" },
{ 4, "Unknown Responder" },
{ 5, "Unknown Domain" },
{ 6, "High Load" },
{ 7, "Bad Mode" },
{ 8, "Incompatible Security Identifiers" },
{ 127, "Internal Error" },
{ 0, NULL }
};
/* DAP V130 (SGMP - SECURE GROUP MANAGEMENT PROTOCOL V1) */
#define DOF_PROTOCOL_SGMP 130
typedef struct _sgmp_packet_data
{
guint8 domain_length;
guint8 *domain;
guint8 group_length;
guint8 *group;
guint16 epoch;
guint8 *kek;
guint I_length;
guint8 *I;
guint A_length;
guint8 *A;
dof_session_data *request_session;
} sgmp_packet_data;
static int proto_sgmp = -1;
static int hf_opcode = -1;
static int hf_sgmp_domain = -1;
static int hf_sgmp_epoch = -1;
static int hf_initiator_block = -1;
static int hf_sgmp_security_scope = -1;
static int hf_initial_state = -1;
static int hf_latest_version = -1;
static int hf_desire = -1;
static int hf_ticket = -1;
static int hf_sgmp_tmin = -1;
static int hf_tie_breaker = -1;
static int hf_delay = -1;
static int hf_key = -1;
static int ett_sgmp = -1;
static int ett_sgmp_domain = -1;
static int ett_initiator_block = -1;
static int ett_sgmp_security_scope = -1;
static int ett_initial_state = -1;
static int ett_ticket = -1;
#define SGMP_RESPONSE (0x80)
#define SGMP_CMD_HEARTBEAT (0)
#define SGMP_RSP_HEARTBEAT (SGMP_CMD_HEARTBEAT|SGMP_RESPONSE)
#define SGMP_CMD_EPOCH_CHANGED (1)
#define SGMP_RSP_EPOCH_CHANGED (SGMP_CMD_EPOCH_CHANGED|SGMP_RESPONSE)
#define SGMP_CMD_REKEY (2)
#define SGMP_RSP_REKEY (SGMP_CMD_REKEY|SGMP_RESPONSE)
#define SGMP_CMD_REQUEST_GROUP (3)
#define SGMP_RSP_REQUEST_GROUP (SGMP_CMD_REQUEST_GROUP|SGMP_RESPONSE)
#define SGMP_CMD_REKEY_EPOCH (5)
#define SGMP_RSP_REKEY_EPOCH (SGMP_CMD_REKEY_EPOCH|SGMP_RESPONSE)
#define SGMP_CMD_REKEY_MERGE (7)
#define SGMP_RSP_REKEY_MERGE (SGMP_CMD_REKEY_MERGE|SGMP_RESPONSE)
static const value_string sgmp_opcode_strings[] = {
{ SGMP_CMD_HEARTBEAT, "SGMP Heartbeat" },
{ SGMP_RSP_HEARTBEAT, "SGMP Heartbeat Response (Illegal)" },
{ SGMP_CMD_EPOCH_CHANGED, "SGMP Epoch Changed" },
{ SGMP_RSP_EPOCH_CHANGED, "SGMP Epoch Changed Response (Illegal)" },
{ SGMP_CMD_REKEY, "SGMP Rekey" },
{ SGMP_RSP_REKEY, "SGMP Rekey Response (Illegal)" },
{ SGMP_CMD_REQUEST_GROUP, "SGMP Request Group" },
{ SGMP_RSP_REQUEST_GROUP, "SGMP Request Group Response" },
{ SGMP_CMD_REKEY_EPOCH, "SGMP Rekey Epoch" },
{ SGMP_RSP_REKEY_EPOCH, "SGMP Rekey Epoch Response (Illegal)" },
{ SGMP_CMD_REKEY_MERGE, "SGMP Rekey Merge" },
{ SGMP_RSP_REKEY_MERGE, "SGMP Rekey Merge Response (Illegal)" },
{ 0, NULL }
};
#if 0 /* TODO not used yet */
static gboolean sgmp_validate_session_key(sgmp_packet_data *cmd_data, guint8 *confirmation, guint8 *kek, guint8 *key)
{
gcry_mac_hd_t hmac;
gcry_error_t result;
result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL);
if (result != 0)
return FALSE;
gcry_mac_setkey(hmac, kek, 32);
gcry_mac_write(hmac, cmd_data->I, cmd_data->I_length);
gcry_mac_write(hmac, cmd_data->A, cmd_data->A_length);
gcry_mac_write(hmac, key, 32);
result = gcry_mac_verify(hmac, confirmation, sizeof(confirmation));
return result == 0;
}
#endif
/* DOF SECURITY PROTOCOL */
#define DOF_SECURITY_PROTOCOL "DOF Security Protocol"
static dissector_table_t dof_sec_dissectors;
#define AS_ASSIGNED_SSID 0x40000000
/* DOFSEC Vxxxx (CCM - COUNTER WITH CBC-MAC PROTOCOL V1) */
#define DOF_PROTOCOL_CCM 24577
#define DSP_CCM_FAMILY 0x020000
static int proto_ccm_app = -1;
static int proto_ccm = -1;
static int proto_ccm_dsp = -1;
static int hf_ccm_dsp_option = -1;
static int hf_ccm_dsp_strength_count = -1;
static int hf_ccm_dsp_strength = -1;
static int hf_ccm_dsp_e_flag = -1;
static int hf_ccm_dsp_m_flag = -1;
static int hf_ccm_dsp_tmax = -1;
static int hf_ccm_dsp_tmin = -1;
static const value_string ccm_strengths[] = {
{ 1, "256-bit" },
{ 2, "192-bit" },
{ 3, "128-bit" },
{ 0, NULL }
};
static int hf_ccm_opcode = -1;
static int hf_epp_v1_ccm_flags = -1;
static int hf_epp_v1_ccm_flags_manager = -1;
static int hf_epp_v1_ccm_flags_period = -1;
static int hf_epp_v1_ccm_flags_target = -1;
static int hf_epp_v1_ccm_flags_next_nid = -1;
static int hf_epp_v1_ccm_flags_packet = -1;
static int hf_epp_v1_ccm_tnid = -1;
static int hf_epp_v1_ccm_nnid = -1;
static int hf_epp_v1_ccm_nid = -1;
static int hf_epp_v1_ccm_slot = -1;
static int hf_epp_v1_ccm_pn = -1;
static int ett_header = -1;
static int ett_epp_v1_ccm_flags = -1;
static int ett_ccm_dsp_option = -1;
static int ett_ccm_dsp = -1;
static int ett_ccm = -1;
static expert_field ei_decode_failure = EI_INIT;
typedef struct _ccm_session_data
{
guint protocol_id;
gcry_cipher_hd_t cipher_data;
GHashTable *cipher_data_table;
/* Starts at 1, incrementing for each new key. */
guint32 period;
/* Mapping from wire period to absolute periods. */
guint8 periods[8];
guint8 cipher;
gboolean encrypted;
guint8 mac_len;
guint32 client_datagram_number;
guint32 server_datagram_number;
} ccm_session_data;
typedef struct _ccm_packet_data
{
guint32 nid;
guint32 dn;
guint32 period;
} ccm_packet_data;
#define CCM_PDU_PROBE (0)
static const value_string ccm_opcode_strings[] = {
{ CCM_PDU_PROBE, "Probe" },
{ 0, NULL }
};
/* DOF OBJECT IDENTIFIER (OID) */
#define DOF_OBJECT_IDENTIFIER "DOF Object Identifier"
static dissector_handle_t dof_oid_handle;
static int oid_proto = -1;
static int hf_oid_class = -1;
static int hf_oid_header = -1;
static int hf_oid_attribute = -1;
static int hf_oid_length = -1;
static int hf_oid_data = -1;
static int hf_oid_all_attribute_data = -1;
static int hf_oid_attribute_header = -1;
static int hf_oid_attribute_attribute = -1;
static int hf_oid_attribute_id = -1;
static int hf_oid_attribute_length = -1;
static int hf_oid_attribute_data = -1;
static int hf_oid_attribute_oid = -1;
static int ett_oid = -1;
static int ett_oid_header = -1;
static int ett_oid_attribute = -1;
static int ett_oid_attribute_header = -1;
static int ett_oid_attribute_oid = -1;
/**
* EXPERT INFOS
* Expert infos are related to either a PDU type or a specification, and so
* they are listed separately.
*/
#if 0
static expert_field ei_undecoded = EI_INIT;
#endif
static expert_field ei_malformed = EI_INIT;
static expert_field ei_implicit_no_op = EI_INIT;
static expert_field ei_c2_c3_c4_format = EI_INIT;
static expert_field ei_type_4_header_zero = EI_INIT;
static expert_field ei_dof_10_flags_zero = EI_INIT;
#if 0
static expert_field ei_dof_13_length_specified = EI_INIT;
#endif
static expert_field ei_dpp2_dof_10_flags_zero = EI_INIT;
static expert_field ei_dpp_default_flags = EI_INIT;
static expert_field ei_dpp_explicit_sender_sid_included = EI_INIT;
static expert_field ei_dpp_explicit_receiver_sid_included = EI_INIT;
static expert_field ei_dpp_no_security_context = EI_INIT;
static expert_field ei_dof_6_timeout = EI_INIT;
static expert_field ei_security_3_1_invalid_stage = EI_INIT;
static expert_field ei_security_4_invalid_bit = EI_INIT;
static expert_field ei_security_13_out_of_range = EI_INIT;
/**
* SOURCE IDENTIFIER (SID) SUPPORT
* Source identifiers are used as part of operation tracking in the
* DOF Protocol Stack. They are version independent, and associated with
* a node in the DOF mesh network. Each session is associated with a SID.
*
* DPP Manages the SID information, since it is DPP that learns about SIDs.
* SIDs are complicated because the can be 'unknown' for periods, and then
* learned later. The requirement here is that all SIDs that can be known
* are known by the second pass of the dissector (pinfo->visited != 0).
*
* There are two hash tables to map to an actual SID. The first goes
* from sender information to SID ID. During the first pass multiple SID ID
* may actually refer to the same SID, and so the system must be able to "patch"
* these values as actual SIDs are learned. The second hash table goes from SID ID
* to actual SID. This lookup is only known after a real SID has been learned.
*
* The hash tables are used in order to look up full SID information when only
* partial information is known, and must support looking up in both directions
* based on what is known from a particular PDU.
*/
static GHashTable *node_key_to_sid_id = NULL;
static GHashTable *sid_buffer_to_sid_id = NULL;
static GHashTable *sid_id_to_sid_buffer = NULL;
typedef struct _node_key_to_sid_id_key
{
gint transport_id;
gint transport_node_id;
gint dof_id;
gint dof_node_id;
gint dof_session_id;
} node_key_to_sid_id_key;
static guint sender_key_hash_fn(gconstpointer key)
{
const node_key_to_sid_id_key *sid_key_ptr = (const node_key_to_sid_id_key *)key;
guint result = 0;
result += g_int_hash(&(sid_key_ptr->transport_id));
result += g_int_hash(&(sid_key_ptr->transport_node_id));
result += g_int_hash(&(sid_key_ptr->dof_id));
result += g_int_hash(&(sid_key_ptr->dof_node_id));
result += g_int_hash(&(sid_key_ptr->dof_session_id));
return result;
}
static guint sid_buffer_hash_fn(gconstpointer key)
{
/* The sid buffer is a length byte followed by data. */
guint hash = 5381;
const guint8 *str = (const guint8 *)key;
guint16 i;
for (i = 0; i <= str[0]; i++)
hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */
return hash;
}
static gboolean sender_key_equal_fn(gconstpointer key1, gconstpointer key2)
{
const node_key_to_sid_id_key *sid_key_ptr1 = (const node_key_to_sid_id_key *)key1;
const node_key_to_sid_id_key *sid_key_ptr2 = (const node_key_to_sid_id_key *)key2;
if (sid_key_ptr1->transport_id != sid_key_ptr2->transport_id)
return FALSE;
if (sid_key_ptr1->transport_node_id != sid_key_ptr2->transport_node_id)
return FALSE;
if (sid_key_ptr1->dof_id != sid_key_ptr2->dof_id)
return FALSE;
if (sid_key_ptr1->dof_node_id != sid_key_ptr2->dof_node_id)
return FALSE;
if (sid_key_ptr1->dof_session_id != sid_key_ptr2->dof_session_id)
return FALSE;
return TRUE;
}
static gboolean sid_buffer_equal_fn(gconstpointer key1, gconstpointer key2)
{
const guint8 *sb1 = (const guint8 *)key1;
const guint8 *sb2 = (const guint8 *)key2;
if (sb1[0] != sb2[0])
return FALSE;
return memcmp(sb1 + 1, sb2 + 1, sb1[0]) == 0;
}
static guint dpp_next_sid_id = 1;
/**
* This routine is called for each reset (file load, capture) and is responsible
* for allocating the SID support hash tables. Previous information is freed
* if needed.
*/
static void dpp_reset_sid_support(void)
{
dpp_next_sid_id = 1;
if (node_key_to_sid_id != NULL)
{
g_hash_table_destroy(node_key_to_sid_id);
node_key_to_sid_id = NULL;
}
if (sid_buffer_to_sid_id != NULL)
{
g_hash_table_destroy(sid_buffer_to_sid_id);
sid_buffer_to_sid_id = NULL;
}
if (sid_id_to_sid_buffer != NULL)
{
g_hash_table_destroy(sid_id_to_sid_buffer);
sid_id_to_sid_buffer = NULL;
}
/* The value is not allocated, so does not need to be freed. */
node_key_to_sid_id = g_hash_table_new_full(sender_key_hash_fn, sender_key_equal_fn, g_free, NULL);
sid_buffer_to_sid_id = g_hash_table_new_full(sid_buffer_hash_fn, sid_buffer_equal_fn, g_free, NULL);
sid_id_to_sid_buffer = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, NULL);
}
/**
* OPERATION IDENTIFIER SUPPORT
* Operation identifiers are an extension of a SID, and represent each separate
* operation in the DOF. They are identified by a SID and an operation count.
* Like SIDs, they are indepenent of version (at least in meaning, the formatting
* may change).
*
* The hash is used to look up common operation information each time an operation
* is seen in any packet.
*/
static GHashTable *dpp_opid_to_packet_data = NULL;
static guint dpp_opid_hash_fn(gconstpointer opid)
{
const dof_2009_1_pdu_20_opid *ptr = (const dof_2009_1_pdu_20_opid *)opid;
return g_int_hash(&ptr->op_sid_id) + g_int_hash(&ptr->op_cnt);
}
static gboolean dpp_opid_equal_fn(gconstpointer opid1, gconstpointer opid2)
{
const dof_2009_1_pdu_20_opid *ptr1 = (const dof_2009_1_pdu_20_opid *)opid1;
const dof_2009_1_pdu_20_opid *ptr2 = (const dof_2009_1_pdu_20_opid *)opid2;
if (ptr1->op_cnt != ptr2->op_cnt)
return FALSE;
if (ptr1->op_sid_id != ptr2->op_sid_id)
return FALSE;
return TRUE;
}
static void dpp_reset_opid_support(void)
{
if (dpp_opid_to_packet_data != NULL)
{
/* Clear it out. Note that this calls the destroy functions for each element. */
g_hash_table_destroy(dpp_opid_to_packet_data);
dpp_opid_to_packet_data = NULL;
}
dpp_opid_to_packet_data = g_hash_table_new_full(dpp_opid_hash_fn, dpp_opid_equal_fn, NULL, NULL);
}
/**
* NON-SECURE SESSION LOOKUP SUPPORT
*/
static GHashTable *dof_ns_session_lookup = NULL;
/**
* NON-SECURE DPS SESSION
* This is defined by the transport session and the DNP port information.
*/
typedef struct _dof_ns_session_key
{
guint transport_session_id;
guint client;
guint server;
gboolean is_secure;
} dof_ns_session_key;
static dof_session_data* dof_ns_session_retrieve(guint transport_session_id, guint client, guint server)
{
dof_ns_session_key lookup_key;
dof_session_data *value;
/* Build a (non-allocated) key to do the lookup. */
lookup_key.transport_session_id = transport_session_id;
lookup_key.client = client;
lookup_key.server = server;
value = (dof_session_data *)g_hash_table_lookup(dof_ns_session_lookup, &lookup_key);
if (value)
{
/* We found a match. */
return value;
}
return NULL;
}
static void dof_ns_session_define(guint transport_session_id, guint client, guint server, dof_session_data *session_data)
{
dof_ns_session_key *key;
/* No match, need to add a key. */
key = g_new0(dof_ns_session_key, 1);
key->transport_session_id = transport_session_id;
key->client = client;
key->server = server;
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(dof_ns_session_lookup, key, session_data);
}
/* COMMON PDU DISSECTORS */
/* Security.1 */
static int hf_security_1_permission_type = -1;
static int hf_security_1_length = -1;
static int hf_security_1_data = -1;
static const value_string dof_2008_16_permission_type[] = {
{ 1, "Binding" },
{ 3, "IAM" },
{ 5, "ACTAS" },
{ 128, "Requestor" },
{ 130, "Provider" },
{ 131, "Define" },
{ 133, "Tunnel Domain" },
{ 0, NULL }
};
/* Security.2 */
static int hf_security_2_count = -1;
static int ett_security_2_permission = -1;
static int hf_security_2_permission = -1;
/* Security.3.1 */
static int hf_security_3_1_credential_type = -1;
static int hf_security_3_1_stage = -1;
static int ett_security_3_1_security_node_identifier = -1;
static int hf_security_3_1_security_node_identifier = -1;
/* Security.3.2 */
static int hf_security_3_2_credential_type = -1;
static int hf_security_3_2_stage = -1;
static int hf_security_3_2_length = -1;
static int hf_security_3_2_public_data = -1;
/* Security.4 */
static int hf_security_4_l = -1;
static int hf_security_4_f = -1;
static int hf_security_4_ln = -1;
static int ett_security_4_identity = -1;
static int hf_security_4_identity = -1;
static int hf_security_4_nonce = -1;
static int ett_security_4_permission_set = -1;
static int hf_security_4_permission_set = -1;
/* Security.5 */
static int hf_security_5_mac = -1;
static int hf_security_5_key = -1;
/* Security.6.1 */
static int hf_security_6_1_desired_duration = -1;
static int ett_security_6_1_desired_security_mode = -1;
static int hf_security_6_1_desired_security_mode = -1;
static int ett_security_6_1_initiator_request = -1;
static int hf_security_6_1_initiator_request = -1;
/* Security.6.2 */
static int ett_security_6_2_responder_request = -1;
static int hf_security_6_2_responder_request = -1;
/* Security.6.3 */
static int hf_security_6_3_granted_duration = -1;
static int ett_security_6_3_session_security_scope = -1;
static int hf_security_6_3_session_security_scope = -1;
static int ett_security_6_3_initiator_validation = -1;
static int hf_security_6_3_initiator_validation = -1;
static int ett_security_6_3_responder_validation = -1;
static int hf_security_6_3_responder_validation = -1;
/* Security.9 */
static int hf_security_9_length = -1;
static int hf_security_9_initial_state = -1;
/* Security.10 */
static int hf_security_10_count = -1;
static int hf_security_10_permission_group_identifier = -1;
/* Security.11 */
static int hf_security_11_count = -1;
static int ett_security_11_permission_security_scope = -1;
static int hf_security_11_permission_security_scope = -1;
/* Security.12 */
static int hf_security_12_m = -1;
static const value_string dof_2008_16_security_12_m[] = {
{ 0, "Reference" },
{ 1, "Relative" },
{ 2, "Absolute" },
{ 3, "Continued" },
{ 0, NULL }
};
static int hf_security_12_count = -1;
static int hf_security_12_permission_group_identifier = -1;
static gboolean
dof_sessions_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data)
{
ccm_session_data *ccm_data = (ccm_session_data*) user_data;
gcry_cipher_close(ccm_data->cipher_data);
if (ccm_data->cipher_data_table) {
g_hash_table_destroy(ccm_data->cipher_data_table);
}
/* unregister this callback */
return FALSE;
}
static void dof_cipher_data_destroy (gpointer data)
{
gcry_cipher_hd_t cipher_data = (gcry_cipher_hd_t) data;
gcry_cipher_close(cipher_data);
}
static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *parent = proto_tree_get_parent(tree);
guint8 attribute_code = tvb_get_guint8(tvb, 0);
guint16 attribute_data = tvb_get_ntohs(tvb, 1);
guint8 option_length = tvb_get_guint8(tvb, 3);
/* Add the generic representation of the fields. */
proto_tree_add_item(tree, hf_2008_1_dsp_attribute_code, tvb, 0, 1, ENC_NA);
proto_tree_add_item(tree, hf_2008_1_dsp_attribute_data, tvb, 1, 2, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_2008_1_dsp_value_length, tvb, 3, 1, ENC_NA);
/* Append description to the parent. */
proto_item_append_text(parent, " (Code=%s/Data=0x%04x)", val_to_str(attribute_code, strings_2008_1_dsp_attribute_codes, "%u"), attribute_data);
if (option_length)
{
proto_tree_add_item(tree, hf_2008_1_dsp_value_data, tvb, 4, option_length, ENC_NA);
/* call the next dissector */
tvb_set_reported_length(tvb, option_length + 4);
dissector_try_uint(dsp_option_dissectors, (attribute_code << 16) | attribute_data, tvb, pinfo, tree);
}
return option_length + 4;
}
/**
* Security.1: Permission. This is the base type for
* permissions, and supports extension.
*/
static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
gboolean has_length;
guint16 length;
/* Permission Type */
{
gint start = offset;
guint16 value;
gint val_len;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &val_len);
has_length = (gboolean)(value % 2);
pi = proto_tree_add_uint(tree, hf_security_1_permission_type, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, val_len);
}
if (!has_length)
return offset;
/* Length */
{
gint start = offset;
guint16 value;
gint value_len;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &value_len);
length = value;
pi = proto_tree_add_uint(tree, hf_security_1_length, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, value_len);
}
/* Data */
proto_tree_add_item(tree, hf_security_1_data, tvb, offset, length, ENC_NA);
offset += length;
return offset;
}
/**
* Security.2: Permission Request.
*/
static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint16 count;
/* Count */
{
gint start = offset;
guint16 value;
gint length;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &length);
count = value;
pi = proto_tree_add_uint(tree, hf_security_2_count, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, length);
}
while (count--)
{
proto_item *ti = proto_tree_add_item(tree, hf_security_2_permission, tvb, offset, -1, ENC_NA);
proto_tree *subtree = proto_item_add_subtree(ti, ett_security_2_permission);
tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
gint len = dissect_2008_16_security_1(next_tvb, pinfo, subtree, NULL);
proto_item_set_len(ti, len);
offset += len;
}
return offset;
}
/**
* Security.3.1: Base Credential Format.
* Returns: dof_2008_16_security_3_1
*/
static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
gint offset = 0;
guint8 stage;
proto_item *ti;
dof_2008_16_security_3_1 *return_data = (dof_2008_16_security_3_1 *)data;
/* Credential Type */
{
gint start = offset;
guint16 value;
gint length;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &length);
pi = proto_tree_add_uint(tree, hf_security_3_1_credential_type, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, length);
}
/* Stage */
stage = tvb_get_guint8(tvb, offset);
ti = proto_tree_add_item(tree, hf_security_3_1_stage, tvb, offset, 1, ENC_NA);
offset += 1;
if (stage != 0)
expert_add_info(pinfo, ti, &ei_security_3_1_invalid_stage);
/* Security Node Identifier */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_3_1_security_node_identifier, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_3_1_security_node_identifier);
block_length = dissect_2008_16_security_8(start, pinfo, subtree, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
tvb_set_reported_length(start, block_length);
if (return_data)
return_data->identity = start;
}
return offset;
}
/**
* Security.3.2: Identity Resolution.
*/
int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint16 length;
/* Credential Type */
{
gint start = offset;
guint16 value;
gint val_len;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &val_len);
pi = proto_tree_add_uint(tree, hf_security_3_2_credential_type, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, val_len);
}
/* Stage */
proto_tree_add_item(tree, hf_security_3_2_stage, tvb, offset, 1, ENC_NA);
offset += 1;
/* Length */
{
gint start = offset;
guint16 value;
gint value_len;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &value_len);
length = value;
pi = proto_tree_add_uint(tree, hf_security_3_2_length, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, value_len);
}
/* Public Data */
proto_tree_add_item(tree, hf_security_3_2_public_data, tvb, offset, length, ENC_NA);
offset += length;
return offset;
}
/**
* Security.4: Key Request. Returns: dof_2008_16_security_4
*/
static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
gint offset = 0;
guint8 flag;
dof_2008_16_security_4 *return_data = (dof_2008_16_security_4 *)data;
flag = tvb_get_guint8(tvb, offset);
if (flag & 0x30)
expert_add_info(pinfo, tree, &ei_security_4_invalid_bit);
proto_tree_add_item(tree, hf_security_4_l, tvb, offset, 1, ENC_NA);
proto_tree_add_item(tree, hf_security_4_f, tvb, offset, 1, ENC_NA);
proto_tree_add_item(tree, hf_security_4_ln, tvb, offset, 1, ENC_NA);
offset += 1;
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
dof_2008_16_security_3_1 return_3_1;
ti = proto_tree_add_item(tree, hf_security_4_identity, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_4_identity);
block_length = dissect_2008_16_security_3_1(start, pinfo, subtree, &return_3_1);
proto_item_set_len(ti, block_length);
offset += block_length;
if (return_data)
{
return_data->identity = return_3_1.identity;
}
}
{
tvbuff_t *start = tvb_new_subset_length_caplen(tvb, offset, (flag & 0x0F) + 1, (flag & 0x0F) + 1);
if (return_data)
return_data->nonce = start;
proto_tree_add_item(tree, hf_security_4_nonce, start, 0, (flag & 0x0F) + 1, ENC_NA);
offset += (flag & 0x0F) + 1;
}
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_4_permission_set, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_4_permission_set);
block_length = dissect_2008_16_security_2(start, pinfo, subtree, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
}
return offset;
}
/**
* Security.5: Key Grant.
*/
static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
gint offset = 0;
proto_tree_add_item(tree, hf_security_5_mac, tvb, offset, 32, ENC_NA);
offset += 32;
proto_tree_add_item(tree, hf_security_5_key, tvb, offset, 32, ENC_NA);
offset += 32;
return offset;
}
/**
* Security.6.1: Session Initator Block.
* Returns dof_2008_16_security_6_1
*/
static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
gint offset = 0;
/* Allocate the return structure. */
dof_2008_16_security_6_1 *return_data = (dof_2008_16_security_6_1 *)data;
/* Desired Duration */
proto_tree_add_item(tree, hf_security_6_1_desired_duration, tvb, offset, 1, ENC_NA);
offset += 1;
/* Desired Security Mode */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_1_desired_security_mode, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_1_desired_security_mode);
block_length = dissect_2008_16_security_13(start, pinfo, subtree, NULL);
offset += block_length;
tvb_set_reported_length(start, block_length);
proto_item_set_len(ti, block_length);
if (return_data)
{
return_data->security_mode = tvb_get_ntohs(start, 1);
return_data->security_mode_data_length = block_length - 4;
return_data->security_mode_data = (guint8 *)tvb_memdup(wmem_file_scope(), start, 4, block_length - 4);
}
}
/* Initiator Request */
{
int block_length;
dof_2008_16_security_4 output;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_1_initiator_request, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_1_initiator_request);
block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output);
proto_item_set_len(ti, block_length);
offset += block_length;
if (return_data)
{
return_data->i_identity = output.identity;
return_data->i_nonce = output.nonce;
}
}
return offset;
}
/**
* Security.6.2: Session Responder Block.
* Returns dof_2008_16_security_6_2
*/
static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
gint offset = 0;
dof_2008_16_security_6_2 *return_data = (dof_2008_16_security_6_2 *)data;
/* Responder Request */
{
int block_length;
dof_2008_16_security_4 output;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_2_responder_request, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_2_responder_request);
block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output);
proto_item_set_len(ti, block_length);
offset += block_length;
if (return_data)
{
return_data->r_identity = output.identity;
return_data->r_nonce = output.nonce;
}
}
return offset;
}
/**
* Security.6.3: Authentication Response Block.
*/
static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
/* Granted Duration */
proto_tree_add_item(tree, hf_security_6_3_granted_duration, tvb, offset, 1, ENC_NA);
offset += 1;
/* Session Security Scope */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_3_session_security_scope, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_3_session_security_scope);
block_length = dissect_2008_16_security_10(start, pinfo, subtree, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
}
/* Initiator Validation */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_3_initiator_validation, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_3_initiator_validation);
block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
}
/* Responder Validation */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_item *ti;
proto_tree *subtree;
ti = proto_tree_add_item(tree, hf_security_6_3_responder_validation, tvb, offset, 0, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_security_6_3_responder_validation);
block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
}
return offset;
}
/**
* Security.7: Security Domain.
*/
static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
/* Parse the base type. */
gint block_length;
block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL);
return block_length;
}
/**
* Security.8: Security Node Identifier.
*/
static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
/* Parse the base type. */
gint block_length;
block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL);
return block_length;
}
/**
* Security.9: Security Mode of Operation Initialization.
* If the packet info has knowledge of the active security mode
* of operation then this datagram can be further decoded.
*/
static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint16 length;
/* Length */
{
gint start = offset;
guint16 value;
gint value_len;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &value_len);
length = value;
pi = proto_tree_add_uint(tree, hf_security_9_length, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, value_len);
}
if (length > 0)
{
proto_tree_add_item(tree, hf_security_9_initial_state, tvb, offset, length, ENC_NA);
offset += length;
}
return offset;
}
/**
* Security.10: Security Scope.
*/
static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint16 count;
/* Count */
{
gint start = offset;
guint16 value;
gint length;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &length);
count = value;
pi = proto_tree_add_uint(tree, hf_security_10_count, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, length);
}
while (count--)
{
const char *def = "";
gint start = offset;
guint32 value;
gint length;
proto_item *pi;
offset = read_c4(tvb, offset, &value, &length);
switch (value)
{
case 0x3FFFFFFF:
def = " (all scopes)";
break;
case 0x3FFFFFFE:
def = " (doesn't mask)";
break;
case 0x3FFFFFFD:
def = " (session scope)";
break;
}
pi = proto_tree_add_uint_format_value(tree, hf_security_10_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
validate_c4(pinfo, pi, value, length);
}
return offset;
}
/**
* Security.11: Permission Validation.
*/
static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint16 count;
/* Count */
{
gint start = offset;
guint16 value;
gint length;
proto_item *pi;
offset = read_c2(tvb, offset, &value, &length);
count = value;
pi = proto_tree_add_uint(tree, hf_security_11_count, tvb, start, offset - start, value);
validate_c2(pinfo, pi, value, length);
}
while (count--)
{
proto_item *ti = proto_tree_add_item(tree, hf_security_11_permission_security_scope, tvb, offset, -1, ENC_NA);
proto_tree *subtree = proto_item_add_subtree(ti, ett_security_11_permission_security_scope);
tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
gint len;
len = dissect_2008_16_security_12(next_tvb, pinfo, subtree, NULL);
proto_item_set_len(ti, len);
offset += len;
}
return offset;
}
/**
* Security.12: Permission Security Scope.
*/
static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint8 m = tvb_get_guint8(tvb, offset) >> 6;
guint16 count = tvb_get_guint8(tvb, offset) & 0x3F;
proto_item *pi;
proto_tree_add_item(tree, hf_security_12_m, tvb, offset, 1, ENC_NA);
proto_tree_add_item(tree, hf_security_12_count, tvb, offset, 1, ENC_NA);
offset += 1;
if (m == 0)
return offset;
while (count--)
{
const char *def = "";
gint start = offset;
guint32 value;
gint length;
offset = read_c4(tvb, offset, &value, &length);
switch (value)
{
case 0x3FFFFFFF:
def = " (all scopes)";
break;
case 0x3FFFFFFE:
def = " (doesn't mask)";
break;
case 0x3FFFFFFD:
def = " (session scope)";
break;
}
pi = proto_tree_add_uint_format_value(tree, hf_security_12_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
validate_c4(pinfo, pi, value, length);
}
return offset;
}
/**
* Security.13: Security Mode of Operation Negotiation.
*/
static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
/* Parse the base type. */
gint block_length;
guint16 attribute_data;
/* TODO: Skipping this first byte means that no other encryption modes can be supported. */
attribute_data = tvb_get_ntohs(tvb, 1);
if (attribute_data < 0x6000 || attribute_data >= 0x7000)
expert_add_info(pinfo, tree, &ei_security_13_out_of_range);
block_length = dissect_2008_1_dsp_1(tvb, pinfo, tree);
return block_length;
}
/**
* Dissects a buffer that is pointing at an OID.
* Adds a subtree with detailed information about the fields of
* the OID,
* returns the length of the OID,
* and appends text to the tree (really a tree item) that is
* passed in that gives a more accurate description of the OID.
* Note that the tree already shows the bytes of the OID, so if
* no additional information can be displayed then it should not
* be.
*
* If 'tree' is NULL then just return the length.
*/
static gint dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
proto_item *ti;
gint start_offset = 0;
gint offset = 0;
guint32 oid_class;
gint oid_class_len;
guint8 oid_len_byte;
proto_tree *oid_tree = tree;
proto_tree *header_tree;
if (tree)
{
ti = proto_tree_get_parent(tree);
proto_item_set_text(ti, "Object ID: %s", dof_oid_create_standard_string(tvb_reported_length(tvb), tvb_get_ptr(tvb, 0, tvb_reported_length(tvb))));
}
offset = read_c4(tvb, offset, &oid_class, &oid_class_len);
ti = proto_tree_add_uint_format(oid_tree, hf_oid_class, tvb, start_offset, offset - start_offset, oid_class, "Class: %u", oid_class);
validate_c4(pinfo, ti, oid_class, oid_class_len);
oid_len_byte = tvb_get_guint8(tvb, offset);
ti = proto_tree_add_uint_format(oid_tree, hf_oid_header, tvb,
offset, 1, oid_len_byte, "Header: 0x%02x (%sLength=%d)", oid_len_byte, oid_len_byte & 0x80 ? "Attribute, " : "", oid_len_byte & 0x3F);
header_tree = proto_item_add_subtree(ti, ett_oid_header);
proto_tree_add_item(header_tree, hf_oid_attribute, tvb, offset, 1, ENC_NA);
proto_tree_add_item(header_tree, hf_oid_length, tvb, offset, 1, ENC_NA);
offset += 1;
/* Validate the flag byte */
if (oid_len_byte & 0x40)
{
/* Type.4 Malformed (bit mandated zero). */
expert_add_info(pinfo, ti, &ei_type_4_header_zero);
}
if ((oid_len_byte & 0x3F) > 0)
{
/* Add the raw data. */
proto_tree_add_item(oid_tree, hf_oid_data, tvb, offset, oid_len_byte & 0x3F, ENC_NA);
offset += oid_len_byte & 0x3F;
}
/* Check for attributes */
if (oid_len_byte & 0x80)
{
/* Read attributes, adding them to oid_tree. */
guint8 flag;
do
{
tvbuff_t *packet = tvb_new_subset_remaining(tvb, offset);
proto_tree *attribute_tree;
gint attribute_length;
ti = proto_tree_add_item(tree, hf_oid_all_attribute_data, tvb, offset, -1, ENC_NA);
attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute);
flag = tvb_get_guint8(tvb, offset);
attribute_length = dissect_2009_11_type_5(packet, pinfo, attribute_tree);
proto_item_set_len(ti, (const gint)attribute_length);
offset += attribute_length;
}
while (flag & 0x80);
}
if (tree)
{
ti = proto_tree_get_parent(tree);
proto_item_set_len(ti, offset - start_offset);
}
/* TODO: Add the description. */
/* proto_item_append_text( oid_tree, ": %s", "TODO" ); */
return offset;
}
/**
* Dissects a buffer that is pointing at an attribute.
* Adds a subtree with detailed information about the fields of
* the attribute,
* returns the new offset,
* and appends text to the tree (really a tree item) that is
* passed in that gives a more accurate description of the
* attribute.
* Note that the tree already shows the bytes of the OID, so if
* no additional information can be displayed then it should not
* be.
*
* If 'tree' is NULL then just return the length.
*/
static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
gint offset = 0;
guint8 attribute_id_byte;
guint8 attribute_length_byte;
proto_tree *oid_tree = tree;
proto_tree *header_tree;
attribute_id_byte = tvb_get_guint8(tvb, offset);
ti = proto_tree_add_uint_format(oid_tree, hf_oid_attribute_header, tvb,
offset, 1, attribute_id_byte, "Header: 0x%02x (%sLength=%d)", attribute_id_byte, attribute_id_byte & 0x80 ? "Attribute, " : "", attribute_id_byte & 0x3F);
header_tree = proto_item_add_subtree(ti, ett_oid_attribute_header);
proto_tree_add_item(header_tree, hf_oid_attribute_attribute, tvb, offset, 1, ENC_NA);
proto_tree_add_item(header_tree, hf_oid_attribute_id, tvb, offset, 1, ENC_NA);
offset += 1;
attribute_length_byte = tvb_get_guint8(tvb, offset);
proto_tree_add_item(oid_tree, hf_oid_attribute_length, tvb, offset, 1, ENC_NA);
offset += 1;
switch (attribute_id_byte & 0x7F)
{
case 1:
/* TODO: Check length */
proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
offset += attribute_length_byte;
break;
case 0:
case 2:
{
tvbuff_t *packet = tvb_new_subset_length_caplen(tvb, offset, attribute_length_byte, attribute_length_byte);
proto_tree *attribute_tree;
ti = proto_tree_add_item(tree, hf_oid_attribute_oid, tvb, offset, -1, ENC_NA);
attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute_oid);
offset += dissect_2009_11_type_4(packet, pinfo, attribute_tree, NULL);
}
break;
default:
proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
offset += attribute_length_byte;
}
return offset;
}
/* Transport Session ID */
static dof_globals globals;
/* Static Methods. */
static dof_packet_data* create_packet_data(packet_info *pinfo);
static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, guint8 version, gint *offset);
#define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )
/* Configuration structures. These tables allow for security
* mode templates, security keys, and secrets to be configured.
*/
static gboolean decrypt_all_packets = FALSE;
static gboolean track_operations = FALSE;
static guint track_operations_window = 5;
static guint32 next_dof_frame = 1;
/* Structure for security mode of operation templates. */
typedef struct _secmode_field_t {
gchar *domain;
gchar *identity;
gchar *kek;
} secmode_field_t;
static secmode_field_t *secmode_list = NULL;
static guint num_secmode_list = 0;
/* Structure for security keys. */
typedef struct _seckey_field_t {
gchar *key;
} seckey_field_t;
/* Structure for secrets (for identities) */
typedef struct _identsecret_field_t {
gchar *domain;
gchar *identity;
gchar *secret;
} identsecret_field_t;
typedef struct _tcp_ignore_data
{
guint32 sequence;
gboolean ignore;
struct _tcp_ignore_data *next;
} tcp_ignore_data;
typedef struct _tcp_dof_packet_ref
{
/* A single TCP frame can contain multiple packets. We must
* be able to keep track of them all.
*/
dof_api_data api_data;
guint16 start_offset;
dof_transport_packet transport_packet;
struct _tcp_dof_packet_ref *next;
} tcp_dof_packet_ref;
/**
* This structure exists for TCP packets and allows matching Wireshark frames to
* DPS packets.
*/
typedef struct _tcp_packet_data
{
/* Packets are ignored based on the starting TCP SEQ (sequence of first byte). */
tcp_ignore_data *from_client_ignore_list;
tcp_ignore_data *from_server_ignore_list;
/* DPS packet structures contained within a TCP frame. */
tcp_dof_packet_ref *dof_packets;
} tcp_packet_data;
/**
* This structure exists for UDP sessions and allows for advanced stream handling
* and matching Wireshark frames to DPS packets.
*/
typedef struct _udp_session_data
{
/* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
dof_transport_session common;
/* For the associated TCP conversation, this tracks the client and server
* addresses.
*/
ws_node server;
} udp_session_data;
/* This structure exists for TCP sessions and allows for advanced stream handling
* and matching Wireshark frames to DPS packets.
*/
typedef struct _tcp_session_data
{
/* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
dof_transport_session common;
/* This flag is used to determine that an entire TCP session is NOT OpenDOF.
* Because of TCP/IP negotation in the DPS it is easy to confuse arbitrary
* protocols as OpenDOF. Once it is determined that it is not then this
* flag can be set, which will turn off all the OpenDOF dissectors.
*/
gboolean not_dps;
/* For the associated TCP conversation, this tracks the client and server
* addresses.
*/
ws_node client, server;
/* TCP sequence numbers, used to detect retransmissions. These are only valid
* during the first pass through the packets.
*/
guint32 from_client_seq;
guint32 from_server_seq;
} tcp_session_data;
static dof_security_data global_security;
static guint8 count_hex_bytes(gchar *str);
/* Global DPS data structures for security keys. */
static seckey_field_t *seckey_list = NULL;
static guint num_seckey_list = 0;
/* Global DPS data structures for identity secrets. */
static identsecret_field_t *identsecret_list = NULL;
static guint num_identsecret_list = 0;
/* Callbacks for Configuration security templates. */
UAT_CSTRING_CB_DEF(secmode_list, domain, secmode_field_t)
UAT_CSTRING_CB_DEF(secmode_list, identity, secmode_field_t)
UAT_CSTRING_CB_DEF(secmode_list, kek, secmode_field_t)
static void secmode_list_post_update_cb(void)
{
}
static gboolean secmode_list_update_cb(void *r, char **err)
{
secmode_field_t *rec = (secmode_field_t *)r;
guint32 size;
*err = NULL;
size = (guint32)strlen(rec->domain);
if (!VALIDHEX(rec->domain[0]) && !dof_oid_create_internal(rec->domain, &size, NULL))
{
*err = g_strdup("Invalid domain [must be valid OID].");
return FALSE;
}
else if (!count_hex_bytes(rec->domain))
{
*err = g_strdup("Invalid domain [must be valid OID].");
return FALSE;
}
size = (guint32)strlen(rec->identity);
if (!VALIDHEX(rec->identity[0]) && !dof_oid_create_internal(rec->identity, &size, NULL))
{
*err = g_strdup("Invalid identity [must be valid OID].");
return FALSE;
}
else if (!count_hex_bytes(rec->identity))
{
*err = g_strdup("Invalid identity [must be valid OID].");
return FALSE;
}
if (count_hex_bytes(rec->kek) != 32)
{
*err = g_strdup("Invalid KEK [must be 32 byte key].");
return FALSE;
}
return TRUE;
}
static void* secmode_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
secmode_field_t *new_rec = (secmode_field_t *)n;
const secmode_field_t *old_rec = (const secmode_field_t *)o;
new_rec->domain = g_strdup(old_rec->domain);
new_rec->identity = g_strdup(old_rec->identity);
new_rec->kek = g_strdup(old_rec->kek);
return new_rec;
}
static void secmode_list_free_cb(void *r)
{
secmode_field_t *rec = (secmode_field_t *)r;
g_free(rec->domain);
g_free(rec->identity);
g_free(rec->kek);
}
/* Callbacks for security keys. */
UAT_CSTRING_CB_DEF(seckey_list, key, seckey_field_t)
static void seckey_list_post_update_cb(void)
{
}
static gboolean seckey_list_update_cb(void *r, char **err)
{
seckey_field_t *rec = (seckey_field_t *)r;
*err = NULL;
if (count_hex_bytes(rec->key) != 32)
{
*err = g_strdup("Invalid secret [must be 32 bytes].");
return FALSE;
}
return TRUE;
}
static void* seckey_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
seckey_field_t *new_rec = (seckey_field_t *)n;
const seckey_field_t *old_rec = (const seckey_field_t *)o;
new_rec->key = g_strdup(old_rec->key);
return new_rec;
}
static void seckey_list_free_cb(void *r)
{
seckey_field_t *rec = (seckey_field_t *)r;
g_free(rec->key);
}
/* Callbacks for identity secrets. */
UAT_CSTRING_CB_DEF(identsecret_list, domain, identsecret_field_t)
UAT_CSTRING_CB_DEF(identsecret_list, identity, identsecret_field_t)
UAT_CSTRING_CB_DEF(identsecret_list, secret, identsecret_field_t)
static void identsecret_list_post_update_cb(void)
{
}
static gboolean identsecret_list_update_cb(void *r, char **err)
{
identsecret_field_t *rec = (identsecret_field_t *)r;
guint32 size;
*err = NULL;
size = (guint32)strlen(rec->domain);
if (!VALIDHEX(rec->domain[0]))
{
if (dof_oid_create_internal(rec->domain, &size, NULL))
{
*err = g_strdup("Invalid domain [must be valid OID].");
return FALSE;
}
}
else if (!count_hex_bytes(rec->domain))
{
*err = g_strdup("Invalid domain [must be valid OID].");
return FALSE;
}
size = (guint32)strlen(rec->identity);
if (!VALIDHEX(rec->identity[0]))
{
if (dof_oid_create_internal(rec->identity, &size, NULL))
{
*err = g_strdup("Invalid identity [must be valid OID].");
return FALSE;
}
}
else if (!count_hex_bytes(rec->identity))
{
*err = g_strdup("Invalid identity [must be valid OID].");
return FALSE;
}
if (count_hex_bytes(rec->secret) != 32)
{
*err = g_strdup("Invalid secret [must be 32 byte key].");
return FALSE;
}
return TRUE;
}
static void* identsecret_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
identsecret_field_t *new_rec = (identsecret_field_t *)n;
const identsecret_field_t *old_rec = (const identsecret_field_t *)o;
new_rec->domain = g_strdup(old_rec->domain);
new_rec->identity = g_strdup(old_rec->identity);
new_rec->secret = g_strdup(old_rec->secret);
return new_rec;
}
static void identsecret_list_free_cb(void *r)
{
identsecret_field_t *rec = (identsecret_field_t *)r;
g_free(rec->domain);
g_free(rec->identity);
g_free(rec->secret);
}
static void init_addr_port_tables(void);
/* The IP transport protocols need to assign SENDER ID based on the
* transport address. This requires a hash lookup from address/port to ID.
*/
static GHashTable *addr_port_to_id = NULL;
typedef struct _addr_port_key
{
address addr;
guint16 port;
} addr_port_key;
static guint addr_port_key_hash_fn(gconstpointer key)
{
const addr_port_key *addr_key = (const addr_port_key *)key;
guint result = 0;
guint port_as_int = addr_key->port;
guint type_as_int = addr_key->addr.type;
result += g_int_hash(&port_as_int);
result += g_int_hash(&type_as_int);
{
guint hash = 5381;
const guint8 *str = (const guint8 *)addr_key->addr.data;
guint8 i;
for (i = 0; i < addr_key->addr.len; i++)
hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */
result += hash;
}
return result;
}
static gboolean addr_port_key_equal_fn(gconstpointer key1, gconstpointer key2)
{
const addr_port_key *addr_key_ptr1 = (const addr_port_key *)key1;
const addr_port_key *addr_key_ptr2 = (const addr_port_key *)key2;
if (addr_key_ptr1->port != addr_key_ptr2->port)
return FALSE;
return addresses_equal(&addr_key_ptr1->addr, &addr_key_ptr2->addr);
}
static void addr_port_key_free_fn(gpointer key)
{
addr_port_key *addr_port = (addr_port_key *)key;
g_free(addr_port->addr.priv);
g_free(addr_port);
}
static void init_addr_port_tables(void)
{
/* This routine is called each time the system is reset (file load, capture)
* and so it should take care of freeing any of our persistent stuff.
*/
if (addr_port_to_id != NULL)
{
/* Clear it out. Note that this calls the destroy functions for each element. */
g_hash_table_destroy(addr_port_to_id);
addr_port_to_id = NULL;
}
/* The value is not allocated, so does not need to be freed. */
addr_port_to_id = g_hash_table_new_full(addr_port_key_hash_fn, addr_port_key_equal_fn, addr_port_key_free_fn, NULL);
}
static guint next_addr_port_id = 1;
#define EP_COPY_ADDRESS(to, from) { \
guint8 *EP_COPY_ADDRESS_data; \
(to)->type = (from)->type; \
(to)->len = (from)->len; \
EP_COPY_ADDRESS_data = (guint8*) wmem_alloc(wmem_packet_scope(),(from)->len); \
memcpy(EP_COPY_ADDRESS_data, (from)->data, (from)->len); \
(to)->priv = EP_COPY_ADDRESS_data; \
(to)->data = (to)->priv; \
}
/* Return the transport ID, a unique number for each transport sender.
*/
static guint assign_addr_port_id(address *addr, guint16 port)
{
addr_port_key lookup_key;
addr_port_key *key;
guint value;
/* ensure the address contains actual data */
if (addr->type == AT_NONE)
return 0;
/* Build a (non-allocated) key to do the lookup. */
EP_COPY_ADDRESS(&lookup_key.addr, addr);
lookup_key.port = port;
value = GPOINTER_TO_UINT(g_hash_table_lookup(addr_port_to_id, &lookup_key));
if (value)
{
/* We found a match. */
return value;
}
/* No match, need to add a key. */
key = g_new0(addr_port_key, 1);
copy_address(&key->addr, addr);
key->port = port;
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(addr_port_to_id, key, GUINT_TO_POINTER(next_addr_port_id));
return next_addr_port_id++;
}
/* Wireshark Configuration Dialog Routines*/
static gboolean identsecret_chk_cb(void *r _U_, const char *p _U_, unsigned len _U_, const void *u1 _U_, const void *u2 _U_, char **err _U_)
{
#if 0
gchar** protos;
gchar* line = ep_strndup(p, len);
guint num_protos, i;
g_strstrip(line);
ascii_strdown_inplace(line);
protos = ep_strsplit(line, ":", 0);
for (num_protos = 0; protos[num_protos]; num_protos++)
g_strstrip(protos[num_protos]);
if (!num_protos)
{
*err = g_strdup("No protocols given");
return FALSE;
}
for (i = 0; i < num_protos; i++)
{
if (!find_dissector(protos[i]))
{
*err = g_strdup("Could not find dissector for: '%s'", protos[i]);
return FALSE;
}
}
#endif
return TRUE;
}
/* Utility Methods */
static guint8 count_hex_bytes(gchar *str)
{
guint8 total = 0;
while (str != NULL && *str != '\0' && *str != '#')
{
if (!g_ascii_isxdigit(*str))
{
str += 1;
continue;
}
if (!g_ascii_isxdigit(str[1]))
return 0;
total += 1;
str += 2;
}
return total;
}
static void parse_hex_string(gchar *str, guint8 **ptr, guint8 *len)
{
guint8 j = 0;
*len = count_hex_bytes(str);
*ptr = (guint8 *)g_malloc0(*len);
while (j < *len)
{
int high, low;
if (!g_ascii_isxdigit(*str))
{
str += 1;
continue;
}
high = ws_xton(str[0]);
low = ws_xton(str[1]);
(*ptr)[j++] = (high << 4) | low;
str += 2;
}
}
/* OID and IID Parsing */
static const guint8 OALString_HexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
#define IS_PRINTABLE(c) ( ((guint8)c) >= 32U && ((guint8)c) < 127U )
#define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )
#define DOFOBJECTID_MAX_CLASS_SIZE (4)
#define MAX_OID_DATA_SIZE (63)
#define OID_DATA_LEN_MASK (MAX_OID_DATA_SIZE)
#define ObjectID_DataToStringLength( data, dataSize ) ObjectID_DataToString( (data), (dataSize), NULL )
#define OALString_HexDigitToChar(c) (OALString_HexChar[(c)])
#define DOFObjectIDAttribute_IsValid( attribute ) ((attribute).id < DOFOBJECTIDATTRIBUTE_INVALID)
#define DOFOBJECTID_HEADER_SIZE (offsetof( DOFObjectID_t, oid ))
#define DOFObjectIDAttribute_GetValueSize( attribute ) ((attribute).dataSize)
#define DOFObjectIDAttribute_GetValue( attribute ) ((attribute).data)
#define DOFObjectIDAttribute_GetType( attribute ) ((DOFObjectIDAttributeType)(attribute).id)
typedef enum DOFObjectIDAttributeID_t
{
/**
* Provider attribute. This attribute identifies an object as being
* provided by a specific service provider. The associated data must
* be an object identifier.
*/
DOFOBJECTIDATTRIBUTE_PROVIDER = 0,
/**
* Session attribute. This attribute associates the object with the
* specified session. The associated data must be exactly 16 bytes long.
*/
DOFOBJECTIDATTRIBUTE_SESSION = 1,
/**
* Group attribute. This attribute is normally used in association
* with the BROADCAST object identifier. It defines a target that is
* a multicast group in the DOF network (as opposed to the transport).
* The associated data must be an object identifier.
*/
DOFOBJECTIDATTRIBUTE_GROUP = 2,
/**
* Invalid, used to signal that an error has occurred.
*/
DOFOBJECTIDATTRIBUTE_INVALID = 128
} DOFObjectIDAttributeType;
typedef guint32 DOFObjectIDClass;
typedef struct DOFObjectID_t
{
guint32 refCount;
guint16 len; /* Actual length of oid's wire representation. Max is 32707: 4 + 1 + 63 + (127 * 257). */
guint8 oid[1]; /* Extends beyond end of this defined structure, so oid MUST be last structure member! */
} DOFObjectID_t;
typedef DOFObjectID_t *DOFObjectID;
typedef guint8 DOFObjectIDAttributeDataSize;
typedef struct DOFObjectIDAttribute_t
{
guint8 id; /**< Attribute Identifier. Intentionally defined as uint8 for size, but holds all valid values for DOFObjectIDAttributeType. **/
DOFObjectIDAttributeDataSize dataSize; /**< Size of the attribute data. **/
const guint8 *data; /**< Attribute data. **/
} DOFObjectIDAttribute;
/**
* Read variable-length value from buffer.
*
* @param maxSize [in] Maximum size of value to be read
* @param bufLength [in,out] Input: size of buffer, output: size of value in buffer
* @param buffer [in] Actual buffer
* @return Uncompressed value if buffer size is valid (or 0 on error)
*/
static guint32 OALMarshal_UncompressValue(guint8 maxSize, guint32 *bufLength, const guint8 *buffer)
{
guint32 value = 0;
guint8 used = 0;
guint8 size = maxSize;
guint8 mask;
switch (buffer[0] >> 6)
{
case 0x02:
/* Two Bytes */
if (maxSize > 2)
mask = 0x3F;
else
mask = 0x7F;
size = 2;
break;
case 0x03:
/* Three/Four Bytes */
if (maxSize > 2)
mask = 0x3F;
else
mask = 0x7F;
break;
default:
/* One Byte */
size = 1;
mask = 0x7F;
break;
}
/* Sanity check */
if (size > *bufLength)
return 0;
value = buffer[used++] & mask;
while (used < size)
value = (value << 8) | buffer[used++];
*bufLength = used;
return (value);
}
static guint32 DOFObjectID_GetClassSize(DOFObjectID self)
{
guint32 size = self->len;
(void)OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid);
return size;
}
static guint32 DOFObjectID_GetDataSize(const DOFObjectID self)
{
return ((*((const guint8 *)self->oid + DOFObjectID_GetClassSize(self))) & OID_DATA_LEN_MASK);
}
static guint32 ObjectID_DataToString(const guint8 *data, guint32 dataSize, char *pBuf)
{
guint32 len = 0, i, nonprintable, escaped;
/* Determine if the data is printable... */
for (i = 0, nonprintable = 0, escaped = 0; i < dataSize; i++)
{
if (!IS_PRINTABLE(data[i]))
nonprintable++;
else if (IS_ESCAPED(data[i]))
escaped++;
}
if (nonprintable == 0)
{
/* Printable, so copy as a string, escaping where necessary. */
if (pBuf)
{
for (i = 0; i < dataSize; i++)
{
if (IS_ESCAPED(data[i]))
{
pBuf[len++] = '\\';
pBuf[len++] = data[i];
}
else
pBuf[len++] = data[i];
}
}
else
{
len = dataSize + escaped; /* Count escaped characters twice. */
}
}
else
{
/* Non-printable, so format as hex string. */
if (pBuf)
{
pBuf[len++] = '{';
for (i = 0; i < dataSize; i++)
{
pBuf[len++] = OALString_HexDigitToChar((data[i] >> 4) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((data[i]) & 0x0F);
}
pBuf[len++] = '}';
}
else
{
len = dataSize * 2 + 2;
}
}
return len;
}
static const guint8* DOFObjectID_GetData(const DOFObjectID self)
{
if (DOFObjectID_GetDataSize(self) > 0)
return (const guint8 *)self->oid + DOFObjectID_GetClassSize(self) + 1; /* 1: length of length byte. */
return NULL;
}
static guint32 DOFObjectID_GetIDClass(const DOFObjectID self)
{
guint32 size = 4;
return OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid);
}
static gboolean DOFObjectID_HasAttributes(const DOFObjectID self)
{
if (!self)
return FALSE;
/* bit 7: next attribute flag. */
return (gboolean)(((*(const guint8 *)((const guint8 *)(self->oid) + DOFObjectID_GetClassSize(self))) & 0x80) != 0);
}
static guint8 DOFObjectID_GetBaseSize(const DOFObjectID oid)
{
return DOFObjectID_GetClassSize(oid) + 1 + DOFObjectID_GetDataSize(oid);
}
static guint8 DOFObjectID_GetAttributeCount(const DOFObjectID self)
{
guint8 retVal = 0;
/* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-126. So max count fits in uint8. */
if (self && DOFObjectID_HasAttributes(self))
{
const guint8 *pNextAttribute = (const guint8 *)self->oid + DOFObjectID_GetBaseSize(self);
++retVal;
while (*pNextAttribute & 0x80) /* bit 7: next attribute present flag. */
{
++retVal;
pNextAttribute += (2 + *((const guint8 *)pNextAttribute + 1)); /* 2: attribute marshalling overhead. */
}
}
return retVal;
}
static DOFObjectIDAttribute DOFObjectID_GetAttributeAtIndex(const DOFObjectID self, guint8 attribute_index)
{
DOFObjectIDAttribute retAttributeDescriptor = { DOFOBJECTIDATTRIBUTE_INVALID, 0, NULL };
/* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-127. So max index fits in uint8. */
if (self && attribute_index < DOFOBJECTIDATTRIBUTE_INVALID)
{
if (DOFObjectID_HasAttributes(self))
{
guint8 count = 0;
const guint8 *pNextAttribute = (const guint8 *)self->oid + DOFObjectID_GetBaseSize(self);
while (1) /* Parse through the N Attributes. */
{
if (attribute_index == count++)
{
retAttributeDescriptor.id = *pNextAttribute & 0x7F;
retAttributeDescriptor.dataSize = (DOFObjectIDAttributeDataSize) * ((const guint8 *)pNextAttribute + 1);
retAttributeDescriptor.data = (const guint8 *)pNextAttribute + 2; /* 2: attr marshalling overhead. */
break; /* Success. */
}
if (!(*pNextAttribute & 0x80))
break; /* Fail: no more Attributes */
pNextAttribute += (2 + *((const guint8 *)pNextAttribute + 1));
}
}
}
return retAttributeDescriptor;
}
static void DOFObjectID_Destroy(DOFObjectID self _U_)
{
/* Ephemeral memory doesn't need to be freed. */
}
static void DOFObjectID_InitStruct(DOFObjectID newObjID, guint32 dataLen)
{
newObjID->refCount = 1;
newObjID->len = dataLen;
}
static DOFObjectID DOFObjectID_Create_Unmarshal(guint32 *length, const guint8 *buffer)
{
guint32 len = *length;
/* Legal OID described at buffer must have at least 2 bytes. */
if (buffer && len >= 2)
{
guint32 classSize = len;
guint32 classv = OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &classSize, buffer);
/* Legal OID described at buffer must have its class representation be correctly compressed. */
if (1)
{
guint32 computedSize;
/* Above call won't return 3 because DOFOBJECTID_MAX_CLASS_SIZE (4) was passed in. */
computedSize = classSize + 1; /* 1: length of length byte. */
/* Legal OID described at buffer must have enough bytes to describe its OID class. */
if (len >= computedSize)
{
guint8 lenByte = buffer[classSize];
/* Legal OID described at buffer must have its length byte bit 6 be 0. */
if (!(lenByte & 0x40))
{
gboolean hasAttr;
guint8 dataLen = lenByte & OID_DATA_LEN_MASK;
/* Legal broadcast OID described at buffer must have no base data, though it can have attribute(s)*/
if ((classv == 0) && (dataLen > 0))
goto notvalid;
computedSize += dataLen;
hasAttr = lenByte & 0x80; /* Valid OID base; check attributes. */
while (hasAttr)
{
/* Legal OID described at buffer must have enough bytes to hold each new found attribute. */
if (len >= computedSize + 2) /* 2: attribute marshalling overhead. */
{
hasAttr = buffer[computedSize] & 0x80; /* bit 7: next attribute present flag. */
computedSize += (2 + buffer[computedSize + 1]);
}
else
goto notvalid;
}
/* Legal OID described at buffer must have enough buffer bytes, final check. */
if (len >= computedSize)
{
DOFObjectID newObjID = (DOFObjectID)wmem_alloc0(wmem_packet_scope(), DOFOBJECTID_HEADER_SIZE + computedSize + 1);
/* Adds space for null-terminator, just in case. */
*length = computedSize;
if (newObjID)
{
DOFObjectID_InitStruct(newObjID, computedSize);
memcpy(newObjID->oid, buffer, computedSize);
newObjID->oid[computedSize] = 0;
return newObjID; /* Success. */
}
/* buffer describes valid OID, but due to alloc failure we cannot return the newly created OID*/
goto allocErrorOut;
}
}
}
}
}
notvalid:
/* buffer does not describe a valid OID, but do not log a message. The caller may have called us to find out if the
buffer does or does not obey the rules of a valid OID. He learns that by our NULL return. */
allocErrorOut :
*length = 0;
return NULL;
}
static DOFObjectID DOFObjectID_Create_Bytes(guint32 bufferSize, const guint8 *pOIDBuffer)
{
guint32 len = bufferSize;
DOFObjectID rval = DOFObjectID_Create_Unmarshal(&len, pOIDBuffer);
if (rval)
{
if (len != bufferSize)
{
DOFObjectID_Destroy(rval);
rval = NULL;
}
}
return rval;
}
static guint32 ObjectID_ToStringLength(const DOFObjectID oid)
{
guint32 len = 0;
/* Note: All these string functions can be exercised with objectid_test.c, which outputs the string to console. */
len = 7 /* [{xx}: and trailing ] */ + ObjectID_DataToStringLength(DOFObjectID_GetData(oid),
DOFObjectID_GetDataSize(oid));
if (DOFObjectID_GetIDClass(oid) & 0xFF000000)
len += 6; /* Six more hex digits. */
else if (DOFObjectID_GetIDClass(oid) & 0xFF0000)
len += 4; /* Four more hex digits. */
else if (DOFObjectID_GetIDClass(oid) & 0xFF00)
len += 2; /* Two more hex digits. */
/* Handle Attributes, if any. */
if (DOFObjectID_HasAttributes(oid))
{
guint8 i; /* Max attribute count is under uint8. */
guint8 attributeCount = DOFObjectID_GetAttributeCount(oid);
len += 2; /* surrounding ( ) */
for (i = 0; i < attributeCount; i++)
{
DOFObjectID embedOID;
DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i);
if (!DOFObjectIDAttribute_IsValid(avpDescriptor))
break; /* Done with Attributes. If here, some error took place. */
if (i)
len++;
len += 5; /* {xx}: */
/* Handle embedded Object IDs. */
embedOID = DOFObjectID_Create_Bytes(DOFObjectIDAttribute_GetValueSize(avpDescriptor),
DOFObjectIDAttribute_GetValue(avpDescriptor));
if (embedOID)
{
len += ObjectID_ToStringLength(embedOID); /* Recurse to compute string rep length of found OID. */
DOFObjectID_Destroy(embedOID);
}
else
{
/* Hex Data. */
len += ObjectID_DataToStringLength(DOFObjectIDAttribute_GetValue(avpDescriptor),
DOFObjectIDAttribute_GetValueSize(avpDescriptor));
}
} /* end for(). */
}
return len;
}
static guint32 InterfaceID_ToString(const guint8 *iid, char *pBuf)
{
guint32 len = 0;
guint iid_len = iid[0] & 0x03;
guint i;
if (iid_len == 3)
iid_len = 4;
pBuf[len++] = '[';
pBuf[len++] = '{';
pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 6) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 2) & 0x0F);
pBuf[len++] = '}';
pBuf[len++] = ':';
pBuf[len++] = '{';
/* Data */
for (i = 0; i < iid_len; i++)
{
pBuf[len++] = OALString_HexDigitToChar((iid[i + 1] >> 4) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar(iid[i + 1] & 0x0F);
}
pBuf[len++] = '}';
pBuf[len++] = ']';
return len;
}
static guint32 ObjectID_ToString(const DOFObjectID oid, char *pBuf)
{
DOFObjectIDClass oidClass;
guint32 len = 0;
pBuf[len++] = '[';
pBuf[len++] = '{';
/* Class */
oidClass = DOFObjectID_GetIDClass(oid);
if (oidClass & 0xFF000000)
{
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 28) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 24) & 0x0F);
}
if (oidClass & 0xFFFF0000)
{
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 20) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 16) & 0x0F);
}
if (oidClass & 0xFFFFFF00)
{
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 12) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 8) & 0x0F);
}
pBuf[len++] = OALString_HexDigitToChar((oidClass >> 4) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((oidClass) & 0x0F);
pBuf[len++] = '}';
pBuf[len++] = ':';
/* Data */
len += ObjectID_DataToString(DOFObjectID_GetData(oid), DOFObjectID_GetDataSize(oid), &pBuf[len]);
/* Handle Attributes, if any. */
if (DOFObjectID_HasAttributes(oid))
{
guint8 i;
guint8 attributeCount = DOFObjectID_GetAttributeCount(oid);
pBuf[len++] = '(';
for (i = 0; i < attributeCount; i++)
{
DOFObjectID embedOID;
DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i);
if (!DOFObjectIDAttribute_IsValid(avpDescriptor))
break; /* Done with Attributes. If here, some error took place. */
if (i)
pBuf[len++] = '|';
pBuf[len++] = '{';
pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor) >> 4) & 0x0F);
pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor)) & 0x0F);
pBuf[len++] = '}';
pBuf[len++] = ':';
/* Handle embedded Object IDs. */
embedOID = DOFObjectID_Create_Bytes(DOFObjectIDAttribute_GetValueSize(avpDescriptor),
DOFObjectIDAttribute_GetValue(avpDescriptor));
if (embedOID)
{
len += ObjectID_ToString(embedOID, &pBuf[len]); /* Recurse to output string rep of found OID. */
DOFObjectID_Destroy(embedOID);
}
else
{
/* Hex Data. */
len += ObjectID_DataToString(DOFObjectIDAttribute_GetValue(avpDescriptor),
DOFObjectIDAttribute_GetValueSize(avpDescriptor), &pBuf[len]);
}
} /* end for(). */
pBuf[len++] = ')';
}
pBuf[len++] = ']';
return len;
}
static const gchar* dof_iid_create_standard_string(guint32 bufferSize, const guint8 *pIIDBuffer)
{
gchar *pRetval;
guint len = 9 + (bufferSize - 1) * 2; /* Alias is always [{AA}:{01234567}] */
pRetval = (gchar *)wmem_alloc(wmem_packet_scope(), len + 1);
if (pRetval)
{
InterfaceID_ToString(pIIDBuffer, pRetval);
pRetval[len] = 0;
}
return pRetval;
}
static const gchar* dof_oid_create_standard_string(guint32 bufferSize, const guint8 *pOIDBuffer)
{
DOFObjectID oid;
gchar *pRetval;
guint32 len = bufferSize;
oid = DOFObjectID_Create_Unmarshal(&len, pOIDBuffer);
if (!oid)
return "Illegal OID";
len = ObjectID_ToStringLength(oid);
/* Use PCRMem_Alloc() and not DOFMem_Alloc() because app caller will be freeing memory with PCRMem_Destroy(). */
pRetval = (gchar *)wmem_alloc(wmem_packet_scope(), len + 1);
if (pRetval)
{
ObjectID_ToString(oid, pRetval);
pRetval[len] = 0;
}
return pRetval;
}
struct parseCtx
{
const char *oid;
guint8 *buffer;
guint32 buffLen;
guint32 oidLen;
guint32 currOidPos;
guint32 currBufferPos;
}parseCtx;
/* Operations on OID string */
#define PARSECTX_PEEK_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos] )
#define PARSECTX_PEEK_NEXT_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos+1] )
#define PARSECTX_READ_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos++] )
#define PARSECTX_GET_CURRENT_POS_OID(ctx) ( (ctx)->oid+(ctx)->currOidPos )
#define PARSECTX_STEP_OID(ctx, count)((ctx)->currOidPos+=(count))
/* Operations on DOFObjectID buffer */
#define PARSECTX_GET_CURRENT_POS_BUF(ctx)( ((ctx)->buffer)? (ctx)->buffer+(ctx)->currBufferPos: NULL )
#define PARSECTX_STEP_BUF(ctx, count)( (ctx)->currBufferPos+=(count))
#define PARSECTX_WRITE_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) = (value); } while(0)
#define PARSECTX_OR_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) |= (value); } while(0)
#define PARSECTX_WRITE_BUF(ctx, value)( ((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (value): (ctx)->currBufferPos++ )
#define PARSECTX_CHECK_LEN(ctx, len) (((ctx)->buffer)? (((ctx)->currBufferPos+len <= (ctx)->buffLen)? 0: 1): 0)
/* Operation to read from OID straight to buffer */
#define PARSECTX_WRITE_BUF_FROM_OID(ctx) (((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (ctx)->oid[(ctx)->currOidPos]: ((ctx)->currBufferPos++),((ctx)->currOidPos++))
#define IS_DIGIT(c) (((c) >= '0' && (c) <= '9'))
#define DIGIT2VALUE(c) (c-48)
#define HEX2VALUE(c) ( (IS_DIGIT(c))? DIGIT2VALUE(c) : ((c) >= 'A' && (c) <= 'F')? (c-55): (c-87) )
#define VALIDHEXSEP(c) ( (c) == ' ' || (c) == ':' || (c) == '-' )
#define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )
#define VALIDHEXBYTE(s) ( VALIDHEX((s)[0]) && VALIDHEX((s)[1]) )
#define VALIDNUMBER(c) ((c) >= '0' && (c) <= '9')
#define VALIDASCIICHAR(c) (((guint8)c) >= 32 && ((guint8)c) <= 126 )
#define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )
static guint8 parseFormatOID(struct parseCtx *ctx);
static guint8 parseHexField(struct parseCtx *ctx)
{
/* Hex fields start with { and end with } can contain space, dash and colon*/
if (PARSECTX_READ_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_CHAR_OID(ctx) != '}')
{
while (PARSECTX_PEEK_CHAR_OID(ctx) != '}')
{
if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx)))
{
if (PARSECTX_CHECK_LEN(ctx, 1) == 0)
{
PARSECTX_WRITE_BUF(ctx, HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
PARSECTX_STEP_OID(ctx, 2);
if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx)))
{
if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}')
{
/* no seperator after byte block */
return 1;
}
PARSECTX_STEP_OID(ctx, 1);
}
}
else
{
return 1;
}
}
else
{
return 1;
}
}
PARSECTX_STEP_OID(ctx, 1);
return 0;
}
return 1;
}
static guint8 parseStringField(struct parseCtx *ctx)
{
/* Copy into buffer until end or */
while (ctx->currOidPos < (ctx->oidLen - 1))
{
char curr = PARSECTX_PEEK_CHAR_OID(ctx);
if (curr == ']' || curr == '(')
{
break; /* End of string field */
}
else if (curr == '\\')
{
/* Handle escaped char */
PARSECTX_STEP_OID(ctx, 1);
if (!IS_ESCAPED(PARSECTX_PEEK_CHAR_OID(ctx)) || PARSECTX_CHECK_LEN(ctx, 1) != 0)
return 1;
PARSECTX_WRITE_BUF_FROM_OID(ctx);
}
else
{
if (VALIDASCIICHAR(curr) && PARSECTX_CHECK_LEN(ctx, 1) == 0)
PARSECTX_WRITE_BUF_FROM_OID(ctx);
else
return 1;
}
}
return 0;
}
static guint8 OALMarshal_GetCompressedValueSize(guint8 maxSize, guint32 value)
{
guint8 lenbytes = (1 + (value > 0x7F) + (value > 0x3FFF));
if (lenbytes > 2)
return (maxSize);
return (lenbytes);
}
static guint32 OALMarshal_CompressValue(guint8 maxSize, guint32 value, guint32 bufLength, guint8 *buffer)
{
guint8 lenSize = OALMarshal_GetCompressedValueSize(maxSize, value);
if (bufLength < lenSize)
return 0;
switch (lenSize)
{
case 4:
*(buffer++) = (guint8)((value >> 24) & 0x3F) | 0xC0;
*(buffer++) = (guint8)((value >> 16) & 0xFF);
*(buffer++) = (guint8)((value >> 8) & 0xFF);
*(buffer++) = (guint8)(value & 0xFF);
break;
case 3:
*(buffer++) = (guint8)((value >> 16) & 0x3F) | 0xC0;
*(buffer++) = (guint8)((value >> 8) & 0xFF);
*(buffer++) = (guint8)(value & 0xFF);
break;
case 2:
if (maxSize == 2)
{
*(buffer++) = (guint8)((value >> 8) & 0x7F) | 0x80;
}
else
{
*(buffer++) = (guint8)((value >> 8) & 0x3F) | 0x80;
}
*(buffer++) = (guint8)(value & 0xFF);
break;
case 1:
*(buffer++) = (guint8)(value & 0x7F);
break;
default:
/* Invalid computed size! */
break;
}
return (lenSize);
}
static guint8 parseOIDClass(struct parseCtx *ctx)
{
if (PARSECTX_PEEK_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != '}')
{
/* Hex */
guint8 classSize = 0;
guint32 oidClass = 0;
PARSECTX_STEP_OID(ctx, 1);
while (PARSECTX_PEEK_CHAR_OID(ctx) != '}')
{
if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx)))
{
oidClass <<= 8;
oidClass += (HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
PARSECTX_STEP_OID(ctx, 2);
if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx)))
{
if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}')
{
/* no seperator after byte block */
return 1;
}
PARSECTX_STEP_OID(ctx, 1);
}
}
else
{
return 1;
}
}
PARSECTX_STEP_OID(ctx, 1);
classSize = OALMarshal_GetCompressedValueSize(4, oidClass);
if (PARSECTX_CHECK_LEN(ctx, classSize) == 0)
{
if (PARSECTX_GET_CURRENT_POS_BUF(ctx))
classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));
PARSECTX_STEP_BUF(ctx, classSize);
}
return 0;
}
else
{
/* Number */
guint8 classSize = 0;
guint32 oidClass = 0;
while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx)))
{
oidClass *= 10;
oidClass += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx));
PARSECTX_STEP_OID(ctx, 1);
}
classSize = OALMarshal_GetCompressedValueSize(4, oidClass);
if (PARSECTX_CHECK_LEN(ctx, classSize) == 0)
{
if (PARSECTX_GET_CURRENT_POS_BUF(ctx))
classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));
PARSECTX_STEP_BUF(ctx, classSize);
}
return 0;
}
}
static guint8 parseAttributeID(struct parseCtx *ctx)
{
if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
{
return parseHexField(ctx);
}
else
{
guint8 avpid = 0;
while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx)))
{
avpid *= 10;
avpid += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx));
PARSECTX_STEP_OID(ctx, 1);
}
if (PARSECTX_CHECK_LEN(ctx, 1) == 0)
{
PARSECTX_WRITE_BUF(ctx, avpid);
return 0;
}
}
return 1;
}
static guint8 parseAttributeData(struct parseCtx *ctx)
{
if (PARSECTX_PEEK_CHAR_OID(ctx) == '[')
{
return parseFormatOID(ctx);
}
else if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
{
return parseHexField(ctx);
}
else
{
return parseStringField(ctx);
}
}
static guint8 parseAttribute(struct parseCtx *ctx)
{
if (parseAttributeID(ctx) == 0)
{
/* seperated by ':' */
if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0)
{
guint8 *length = PARSECTX_GET_CURRENT_POS_BUF(ctx);
if (length == NULL)
return 0;
PARSECTX_STEP_BUF(ctx, 1);
if (parseAttributeData(ctx) == 0)
{
PARSECTX_WRITE_AT_POS_BUF(ctx, length, (guint8)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));
return 0;
}
}
}
return 1;
}
static guint8 parseAttributes(struct parseCtx *ctx)
{
/* AVPs surrounded by '(' ')' but needs at least an avp */
if (PARSECTX_READ_CHAR_OID(ctx) == '(' && PARSECTX_PEEK_CHAR_OID(ctx) != ')')
{
while (PARSECTX_PEEK_CHAR_OID(ctx) != ')')
{
guint8 *avpID = PARSECTX_GET_CURRENT_POS_BUF(ctx);
if (avpID == NULL)
return 0;
if (parseAttribute(ctx) != 0)
return 1;
/* multiple seperated by '|' */
if (PARSECTX_PEEK_CHAR_OID(ctx) == '|' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != ')')
{
PARSECTX_OR_AT_POS_BUF(ctx, avpID, 0x80); /* set that there is a next attribute */
PARSECTX_STEP_OID(ctx, 1);
}
}
PARSECTX_STEP_OID(ctx, 1);
return 0;
}
return 1;
}
static guint8 parseFormatOID(struct parseCtx *ctx)
{
/* oid must start with '[' */
if (PARSECTX_PEEK_CHAR_OID(ctx) == '[')
{
PARSECTX_STEP_OID(ctx, 1);
/* Get class id */
if (parseOIDClass(ctx) == 0)
{
/* seperated by ':' */
if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0)
{
guint8 *length = PARSECTX_GET_CURRENT_POS_BUF(ctx);
PARSECTX_STEP_BUF(ctx, 1);
/* Get data */
if (PARSECTX_PEEK_CHAR_OID(ctx) == '{')
{
/* hex data */
if (parseHexField(ctx) != 0)
return 1;
}
else
{
/* string data */
if (parseStringField(ctx) != 0)
return 1;
}
/* Write length */
if (length == NULL)
return 0;
PARSECTX_WRITE_AT_POS_BUF(ctx, length, (guint8)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));
/* Check if attributes exist */
if (PARSECTX_PEEK_CHAR_OID(ctx) == '(')
{
PARSECTX_OR_AT_POS_BUF(ctx, length, 0x80); /* set that there are attributes */
if (parseAttributes(ctx) != 0)
return 1;
}
/* Ends with ] */
if (PARSECTX_READ_CHAR_OID(ctx) == ']')
{
return 0;
}
}
}
}
return 1;
}
static guint8 dof_oid_create_internal(const char *oid, guint32 *size, guint8 *buffer)
{
struct parseCtx ctx;
ctx.oid = oid;
ctx.buffer = buffer;
ctx.currOidPos = 0;
ctx.currBufferPos = 0;
if (oid)
{
if (size)
{
ctx.buffLen = (*size);
ctx.oidLen = (guint32)strlen(oid);
if (PARSECTX_PEEK_CHAR_OID(&ctx) == '[')
{
/* Format OID */
if (parseFormatOID(&ctx) == 0)
{
(*size) = ctx.currBufferPos;
return 0;
}
}
else if (PARSECTX_PEEK_CHAR_OID(&ctx) == '{')
{
/* HEX OID */
if (parseHexField(&ctx) == 0)
{
(*size) = ctx.currBufferPos;
return 0;
}
}
(*size) = 0;
}
}
return 1;
}
static void dof_oid_new_standard_string(const char *data, guint32 *rsize, guint8 **oid)
{
if (data)
{
guint8 err;
guint32 size = 0;
/* Call parseInternal to find out how big the buffer needs to be. */
err = dof_oid_create_internal(data, &size, NULL);
if (err == 0)
{
/* Create the DOFObjectID using the size that was just computed. */
*oid = (guint8 *)g_malloc(size + 1); /* Adds space for null-terminator, just in case. */
if (*oid)
{
/* Now that the size is computed and the DOFObjectID is created, call parseInternal again to fill the oid buffer. */
err = dof_oid_create_internal(data, &size, *oid);
if (err == 0)
{
*rsize = size;
return;
}
g_free(*oid);
}
}
}
*rsize = 0;
*oid = NULL;
}
/* Binary Parsing Support */
/**
* Read a compressed 32-bit quantity (PDU Type.3).
* Since the value is variable length, the new offset is
* returned. The value can also be returned, along with the size, although
* NULL is allowed for those parameters.
*/
static gint read_c4(tvbuff_t *tvb, gint offset, guint32 *v, gint *L)
{
guint32 val = 0;
guint8 len = 0;
guint8 b = tvb_get_guint8(tvb, offset++);
int i;
if ((b & 0x80) == 0)
{
len = 1;
b = b & 0x7F;
}
else if ((b & 0x40) == 0)
{
len = 2;
b = b & 0x3F;
}
else
{
len = 4;
b = b & 0x3F;
}
val = b;
for (i = 1; i < len; i++)
val = (val << 8) | tvb_get_guint8(tvb, offset++);
if (L)
*L = len;
if (v)
*v = val;
return offset;
}
/**
* Validate PDU Type.3
* Validaes the encoding.
* Add Expert Info if format invalid
* This also validates Spec Type.3.1.
*/
static void validate_c4(packet_info *pinfo, proto_item *pi, guint32 val, gint len)
{
if (len > 1 && val < 0x80)
{
/* SPEC Type.3.1 Violation. */
expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
}
if (len > 2 && val < 0x4000)
{
/* SPEC Type.3.1 Violation. */
expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
}
}
/**
* Reads a compressed 24-bit quantity (PDU Type.2).
* Since the value is variable length, the new offset is
* returned.
* The value can also be returned, along with the size, although
* NULL is allowed for those parameters.
*/
static gint read_c3(tvbuff_t *tvb, gint offset, guint32 *v, gint *L)
{
guint32 val = 0;
guint8 len = 0;
guint8 b = tvb_get_guint8(tvb, offset++);
int i;
if ((b & 0x80) == 0)
{
len = 1;
b = b & 0x7F;
}
else if ((b & 0x40) == 0)
{
len = 2;
b = b & 0x3F;
}
else
{
len = 3;
b = b & 0x3F;
}
val = b;
for (i = 1; i < len; i++)
val = (val << 8) | tvb_get_guint8(tvb, offset++);
if (L)
*L = len;
if (v)
*v = val;
return offset;
}
/**
* Validate PDU Type.2
* Validaes the encoding.
* Adds Expert Info if format invalid
* This also validates Spec Type.2.1.
*/
static void validate_c3(packet_info *pinfo, proto_item *pi, guint32 val, gint len)
{
if (len > 1 && val < 0x80)
{
/* SPEC Type.2.1 Violation. */
expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory." );
}
if (len > 2 && val < 0x4000)
{
/* SPEC Type.2.1 Violation. */
expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory.");
}
}
/**
* Reads a compressed 16-bit quantity (PDU Type.1).
* Since the value is variable length, the new offset is
* returned. The value can also be returned, along with the size, although
* NULL is allowed for those parameters.
*/
static gint read_c2(tvbuff_t *tvb, gint offset, guint16 *v, gint *L)
{
guint16 val = 0;
guint8 b = tvb_get_guint8(tvb, offset++);
if (b & 0x80)
{
b = b & 0x7F;
val = (b << 8) | tvb_get_guint8(tvb, offset++);
if (L)
*L = 2;
}
else
{
val = b;
if (L)
*L = 1;
}
if (v)
*v = val;
return offset;
}
/**
* Validates PDU Type.1
* Validaes the encoding.
* Adds Expert Info if format invalid
* This also validates Spec Type.1.1.
*/
static void validate_c2(packet_info *pinfo, proto_item *pi, guint16 val, gint len)
{
if (len > 1 && val < 0x80)
{
/* SPEC Type.1.1 Violation. */
expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.1.1: Compressed 16-bit Compression Mandatory." );
}
}
/**
* Given a packet data, and assuming that all of the prerequisite information is known,
* assign a SID ID to the packet if not already assigned.
* A SID ID is the *possibility* of a unique SID, but until the SID is learned the
* association is not made. Further, multiple SID ID may end up referring to the
* same SID, in which case the assignment must be repaired.
*/
static void assign_sid_id(dof_api_data *api_data)
{
node_key_to_sid_id_key lookup_key;
node_key_to_sid_id_key *key;
dof_session_data *session;
dof_packet_data *packet;
guint value;
/* Validate input. These represent dissector misuse, not decoding problems. */
/* TODO: Diagnostic/programmer message. */
if (!api_data || !api_data->packet || !api_data->session)
return;
session = api_data->session;
packet = (dof_packet_data *)api_data->packet;
/* Check if the sender_sid_id is already assigned, if so we are done. */
if (!packet->sender_sid_id)
{
/* Build a (non-allocated) key to do the lookup. */
lookup_key.transport_id = api_data->transport_session->transport_id;
lookup_key.transport_node_id = api_data->transport_packet->sender_id;
lookup_key.dof_id = session->dof_id;
lookup_key.dof_node_id = packet->sender_id;
lookup_key.dof_session_id = session->session_id;
value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key));
if (value)
{
gpointer sid_id_key = GUINT_TO_POINTER(value);
gpointer sid_buffer;
/* We found a match. */
packet->sender_sid_id = value;
/* If we know the SID, we must get it now. */
sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key);
if (sid_buffer)
{
/* We found a match. */
packet->sender_sid = (dof_2009_1_pdu_19_sid)sid_buffer;
}
}
else
{
/* No match, need to add a key. */
key = g_new0(node_key_to_sid_id_key, 1);
memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key));
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id));
packet->sender_sid_id = dpp_next_sid_id++;
}
}
/* Check if the receiver_sid_id is already assigned, if so we are done. */
if (!packet->receiver_sid_id)
{
/* Build a (non-allocated) key to do the lookup. */
lookup_key.transport_id = api_data->transport_session->transport_id;
lookup_key.transport_node_id = api_data->transport_packet->receiver_id;
lookup_key.dof_id = session->dof_id;
lookup_key.dof_node_id = packet->receiver_id;
lookup_key.dof_session_id = session->session_id;
value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key));
if (value)
{
gpointer sid_id_key = GUINT_TO_POINTER(value);
gpointer sid_buffer;
/* We found a match. */
packet->receiver_sid_id = value;
/* If we know the SID, we must get it now. */
sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key);
if (sid_buffer)
{
/* We found a match. */
packet->receiver_sid = (dof_2009_1_pdu_19_sid)sid_buffer;
}
}
else
{
/* No match, need to add a key. */
key = g_new0(node_key_to_sid_id_key, 1);
memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key));
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id));
packet->receiver_sid_id = dpp_next_sid_id++;
}
}
}
/**
* Declare that the sender of the packet is known to have a SID
* that is identified by the specified buffer. There are a few
* cases here:
* 1. The sid of the sender is already assigned. This is a NOP.
* 2. The sid has never been seen. This associates the SID with the sender SID ID.
* 3. The sid has been seen, and matches the SID ID of the sender. This just sets the sid field.
* 4. The sid has been seen, but with a different SID ID than ours. Patch up all the packets.
*/
static void learn_sender_sid(dof_api_data *api_data, guint8 length, const guint8 *sid)
{
dof_packet_data *packet;
guint8 lookup_key[256];
guint8 *key;
gpointer value;
/* Validate input. */
if (!api_data)
{
/* TODO: Print error. */
return;
}
if (!api_data->packet)
{
/* TODO: Print error. */
return;
}
packet = (dof_packet_data *)api_data->packet;
if (!packet->sender_sid_id)
return;
/* Check for sender SID already known. */
if (packet->sender_sid)
return;
/* Check for SID already known (has assigned SID ID) */
/* Build a (non-allocated) key to do the lookup. */
lookup_key[0] = length;
memcpy(lookup_key + 1, sid, length);
if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (gpointer *)&key, &value))
{
guint sid_id = GPOINTER_TO_UINT(value);
/* We found a match. */
if (packet->sender_sid_id == sid_id)
{
/* It matches our SID ID. Set the sid field. */
packet->sender_sid = key;
return;
}
else
{
/* There is a mis-match between SID and SID ID. We have to go through
* all the packets that have SID ID (ours) and update them to SID ID (sid).
*/
guint sid_id_correct = sid_id;
guint sid_id_incorrect = packet->sender_sid_id;
dof_packet_data *ptr = globals.dof_packet_head;
while (ptr)
{
if (ptr->sender_sid_id == sid_id_incorrect)
ptr->sender_sid_id = sid_id_correct;
if (ptr->receiver_sid_id == sid_id_incorrect)
ptr->receiver_sid_id = sid_id_correct;
if (ptr->op.op_sid_id == sid_id_incorrect)
ptr->op.op_sid_id = sid_id_correct;
if (ptr->ref_op.op_sid_id == sid_id_incorrect)
ptr->ref_op.op_sid_id = sid_id_correct;
ptr = ptr->next;
}
}
return;
}
/* The SID has never been seen. Associate with the SID ID. */
key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1);
memcpy(key, lookup_key, length + 1);
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(packet->sender_sid_id));
g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(packet->sender_sid_id), key);
/* NOTE: We are storing a reference to the SID in the packet data. This memory
* will be freed by the dissector init routine when the SID hash table is destroyed.
* Nothing else should free this SID.
*/
packet->sender_sid = (dof_2009_1_pdu_19_sid)key;
/* We have learned the "correct" sid and sid_id, so we can set the sid of
* any packets that have this sid_id (saves hash lookups in the future).
*/
{
dof_packet_data *ptr = globals.dof_packet_head;
while (ptr)
{
if (ptr->sender_sid_id == packet->sender_sid_id)
ptr->sender_sid = key;
if (ptr->receiver_sid_id == packet->sender_sid_id)
ptr->receiver_sid = key;
ptr = ptr->next;
}
}
}
/**
* Learn a SID from an explict operation. This only defines sids and sid ids.
*/
static void learn_operation_sid(dof_2009_1_pdu_20_opid *opid, guint8 length, const guint8 *sid)
{
guint8 lookup_key[256];
guint8 *key;
gpointer value;
/* Check for sender SID already known. */
if (opid->op_sid)
return;
/* Check for SID already known (has assigned SID ID) */
/* Build a (non-allocated) key to do the lookup. */
lookup_key[0] = length;
memcpy(lookup_key + 1, sid, length);
if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (gpointer *)&key, &value))
{
guint sid_id = GPOINTER_TO_UINT(value);
opid->op_sid_id = sid_id;
opid->op_sid = key;
return;
}
/* The SID has never been seen. Associate with the SID ID. */
key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1);
memcpy(key, lookup_key, length + 1);
/* Assign the op_sid_id. */
opid->op_sid_id = dpp_next_sid_id++;
/* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(opid->op_sid_id));
g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(opid->op_sid_id), key);
/* NOTE: We are storing a reference to the SID in the packet data. This memory
* will be freed by the dissector init routine when the SID hash table is destroyed.
* Nothing else should free this SID.
*/
opid->op_sid = (dof_2009_1_pdu_19_sid)key;
}
static void generateMac(gcry_cipher_hd_t cipher_state, guint8 *nonce, const guint8 *epp, gint a_len, guint8 *data, gint len, guint8 *mac, gint mac_len)
{
guint16 i;
guint16 cnt;
/* a_len = 1, t = mac_len, q = 4: (t-2)/2 : (q-1) -> 4B */
mac[0] = 0x43 | (((mac_len - 2) / 2) << 3);
memcpy(mac + 1, nonce, 11);
memset(mac + 12, 0, 4);
mac[14] = len >> 8;
mac[15] = len & 0xFF;
gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);
mac[0] ^= (a_len >> 8);
mac[1] ^= (a_len);
i = 2;
for (cnt = 0; cnt < a_len; cnt++, i++)
{
if (i % 16 == 0)
gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);
mac[i % 16] ^= epp[cnt];
}
i = 0;
for (cnt = 0; cnt < len; cnt++, i++)
{
if (i % 16 == 0)
gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);
mac[i % 16] ^= data[cnt];
}
gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0);
}
static int decrypt(ccm_session_data *session, ccm_packet_data *pdata, guint8 *nonce, const guint8 *epp, gint a_len, guint8 *data, gint len)
{
unsigned short i;
unsigned char ctr[16];
unsigned char encrypted_ctr[16];
unsigned char mac[16];
unsigned char computed_mac[16];
unsigned int skip;
guint8 *ekey;
if (data == NULL || len == 0)
return 0;
/* Check the mac length. */
if (session->mac_len < 4 || session->mac_len > 16)
return 0;
if (pdata->period == 0)
ekey = (guint8 *)session->cipher_data;
else
ekey = (guint8 *)g_hash_table_lookup(session->cipher_data_table, GUINT_TO_POINTER(pdata->period));
if (!ekey)
return 0;
/* Determine how many blocks are skipped. */
#if 0 /* seems to be dead code... check this! */
skip = a_len + 2;
skip /= 16;
if ((a_len + 2) % 16)
skip += 1;
#endif
skip = 0;
/* This is hard-coded for q=4. This can only change with a protocol revision.
Note the value is stored as (q-1). */
ctr[0] = 0x03;
memcpy(ctr + 1, nonce, 11);
ctr[12] = 0;
ctr[13] = 0;
ctr[14] = 0;
ctr[15] = skip; /* Preincremented below. */
for (i = 0; i < len - session->mac_len; i++)
{
if (i % 16 == 0)
{
if (ctr[15] == 255)
ctr[14] += 1;
ctr[15] += 1;
memcpy(encrypted_ctr, ctr, 16);
gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0);
}
data[i] ^= encrypted_ctr[i % 16];
}
memcpy(mac, data + i, session->mac_len);
ctr[12] = 0;
ctr[13] = 0;
ctr[14] = 0;
ctr[15] = 0;
memcpy(encrypted_ctr, ctr, 16);
gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0);
for (i = 0; i < session->mac_len; i++)
mac[i] ^= encrypted_ctr[i];
/* Now we have to generate the MAC... */
generateMac(session->cipher_data, nonce, epp, a_len, data, (gint)(len - session->mac_len), computed_mac, session->mac_len);
if (!memcmp(mac, computed_mac, session->mac_len))
return 1;
/* Failure */
return 0;
}
/* Master Protocol Layer Handlers */
/**
* This dissector is handed a DPP packet of any version. It is responsible for decoding
* the common header fields and then passing off to the specific DPP dissector
*/
static int dissect_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the APP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint16 app;
gint app_len;
read_c2(tvb, 0, &app, &app_len);
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app);
/* call the next dissector */
if (dissector_try_uint_new(app_dissectors, app, tvb, pinfo, tree, TRUE, data))
{
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return tvb_reported_length(tvb);
}
else
{
proto_tree_add_protocol_format(tree, proto_2008_1_app, tvb, 0, app_len,
DOF_APPLICATION_PROTOCOL ", Version: %u", app);
}
}
return 0;
}
/**
* This dissector is handed a DPP packet of any version. It is responsible for decoding
* the common header fields and then passing off to the specific DPP dissector
*/
static int dof_dissect_dpp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
guint offset = 0;
DISSECTOR_ASSERT(api_data != NULL);
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the DPP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 header = tvb_get_guint8(tvb, offset);
guint8 dpp_version = header & 0x7F;
guint8 dpp_flags_included = header & 0x80;
proto_item *hi;
proto_tree * dpp_root,*dpp_tree;
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DPPv%u", dpp_version);
hi = proto_tree_add_protocol_format(tree, proto_2008_1_dpp, tvb, offset, 0,
DOF_PRESENTATION_PROTOCOL " Version %u, Flags: %s", dpp_version, dpp_flags_included ? "Included" : "Default");
dpp_root = proto_item_add_subtree(hi, ett_2008_1_dpp);
dpp_tree = proto_tree_add_subtree(dpp_root, tvb, offset, 1, ett_2008_1_dpp_1_header, NULL, "Header");
/* Version and Flag bit */
proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_version, tvb, offset, 1, ENC_NA);
offset += 1;
/* This may, in some cases, be the end of the packet. This is only valid in some
* situations, which are checked here.
*/
if (offset == tvb_reported_length(tvb))
{
/* TODO: Complete this logic. */
proto_item_set_len(hi, offset);
if (!api_data)
return offset;
if (api_data->transport_session->is_streaming)
{
col_append_fstr(pinfo->cinfo, COL_INFO, "DNP/DPP Negotiation");
if (pinfo->fd->visited &&
api_data->transport_session->negotiation_required &&
((api_data->transport_session->negotiation_complete_at == 0) || (api_data->transport_session->negotiation_complete_at_ts.secs - api_data->transport_session->session_start_ts.secs > 10)))
{
/* This is the second pass, so we can check for timeouts. */
expert_add_info(pinfo, hi, &ei_dof_6_timeout);
}
return offset;
}
}
/* call the next dissector */
if (dissector_try_uint_new(dof_dpp_dissectors, dpp_version, tvb, pinfo, dpp_root, FALSE, data))
{
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return tvb_reported_length(tvb);
}
}
return 0;
}
/**
* This dissector is handed a DNP packet of any version. It is responsible for decoding
* the common header fields and then passing off to the specific DNP dissector
*/
static int dof_dissect_dnp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, dof_api_data *api_data, gint offset)
{
guint8 header = tvb_get_guint8(tvb, offset);
guint8 dnp_version = header & 0x7F;
guint8 dnp_flags_included = header & 0x80;
proto_item *main_ti;
proto_tree * dnp_root,*dnp_tree;
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DNPv%u", dnp_version);
main_ti = proto_tree_add_protocol_format(tree, proto_2008_1_dnp, tvb, offset, 0,
DOF_NETWORK_PROTOCOL " Version %u, Flags: %s", dnp_version, dnp_flags_included ? "Included" : "Default");
dnp_root = proto_item_add_subtree(main_ti, ett_2008_1_dnp);
dnp_tree = proto_tree_add_subtree(dnp_root, tvb, offset, 1, ett_2008_1_dnp_header, NULL, "Header");
/* Version and Flag bit */
proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_version, tvb, offset, 1, ENC_NA);
/* call the next dissector */
if (dissector_try_uint_new(dnp_dissectors, dnp_version, tvb, pinfo, dnp_root, FALSE, api_data))
{
/* Since the transport may have additional packets in this frame, protect our work. */
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
}
else
{
proto_item_set_end(main_ti, tvb, 1);
/* During negotiation, we can move past DNP even if it is not known. */
if (((header & 0x80) == 0) && api_data->transport_session->negotiation_required && ((pinfo->fd->num < api_data->transport_session->negotiation_complete_at) || (api_data->transport_session->negotiation_complete_at == 0)))
{
offset += dof_dissect_dpp_common(tvb_new_subset_remaining(tvb, offset + 1), pinfo, tree, api_data);
}
}
if (dnp_flags_included && !api_data->transport_session->negotiation_complete_at)
{
api_data->transport_session->negotiation_complete_at = pinfo->fd->num;
api_data->transport_session->negotiation_complete_at_ts = pinfo->abs_ts;
}
return offset;
}
/**
* This dissector is called for each DPS packet. It assumes that the first layer is
* DNP, but it does not know anything about versioning. Further, it only worries
* about decoding DNP (DNP will decode DPP, and so on).
*
* This routine is given the DPS packet for the first packet, but doesn't know anything
* about DPS sessions. It may understand transport sessions, but these are surprisingly
* worthless for DPS.
*/
static int dissect_dof_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
proto_tree *dof_root;
dof_packet_data *packet;
DISSECTOR_ASSERT(api_data != NULL);
DISSECTOR_ASSERT(api_data->transport_session != NULL);
DISSECTOR_ASSERT(api_data->transport_packet != NULL);
packet = (dof_packet_data *)api_data->packet;
/* Create the packet if it doesn't exist. */
if (packet == NULL)
{
api_data->packet = packet = create_packet_data(pinfo);
DISSECTOR_ASSERT(packet != NULL);
/* TODO: This is not correct for reversed sessions. */
packet->is_sent_by_initiator = api_data->transport_packet->is_sent_by_client;
}
/* Assign the transport sequence if it does not exist. */
if (api_data->transport_session->transport_session_id == 0)
api_data->transport_session->transport_session_id = globals.next_transport_session++;
/* Compute the DPS information. This is a master holder for general information. */
{
proto_item *ti;
ti = proto_tree_add_protocol_format(tree, proto_2008_1_dof, tvb, 0, tvb_reported_length(tvb), DOF_PROTOCOL_STACK);
dof_root = proto_item_add_subtree(ti, ett_2008_1_dof);
/* Add the general packet information. */
{
ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session_transport, tvb, 0, 0, api_data->transport_session->transport_session_id);
proto_item_set_generated(ti);
ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_2_node, tvb, 0, 0, api_data->transport_session->is_2_node);
proto_item_set_generated(ti);
ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_streaming, tvb, 0, 0, api_data->transport_session->is_streaming);
proto_item_set_generated(ti);
if (api_data->session)
{
ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->session->session_id);
proto_item_set_generated(ti);
}
if (api_data->secure_session)
{
ti = proto_tree_add_uint_format(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->secure_session->original_session_id, "DPS Session (Non-secure): %d", api_data->secure_session->original_session_id);
proto_item_set_generated(ti);
}
ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_frame, tvb, 0, 0, packet->dof_frame);
proto_item_set_generated(ti);
ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_from_client, tvb, 0, 0, api_data->transport_packet->is_sent_by_client);
proto_item_set_generated(ti);
}
}
dof_dissect_dnp_common(tvb, pinfo, tree, api_data, 0);
packet->processed = TRUE;
return tvb_reported_length(tvb);
}
/**
* This dissector is called for each DPS packet. It assumes that the first layer is
* ENP, but it does not know anything about versioning. Further, it only worries
* about decoding ENP (ENP will decode EPP, and so on).
*
* This routine is given the DPS packet for the first packet, but doesn't know anything
* about DPS sessions. It may understand transport sessions, but these are surprisingly
* worthless for DPS.
*/
static int dissect_tunnel_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
/* The packet data is the private_data, and must exist. */
tcp_dof_packet_ref *ref = (tcp_dof_packet_ref *)data;
gint offset = 0;
offset = 0;
/* Compute the APP control information. This is the version and the length bytes.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 version = tvb_get_guint8(tvb, offset);
guint8 opcode;
proto_item *ti;
proto_tree *app_root;
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "TUNv%u", version);
ti = proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, offset, 0,
"DOF Tunnel Protocol, Version: %u", version);
app_root = proto_item_add_subtree(ti, ett_2012_1_tunnel);
proto_tree_add_item(app_root, hf_2012_1_tunnel_1_version, tvb, offset, 1, ENC_NA);
proto_tree_add_item(app_root, hf_2012_1_tunnel_1_length, tvb, offset + 1, 2, ENC_BIG_ENDIAN);
opcode = tvb_get_guint8(tvb, offset + 3);
if (opcode == 3)
{
tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset + 5);
dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data);
}
}
return tvb_captured_length(tvb);
}
static int dissect_tun_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the APP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint16 app;
gint app_len;
app = tvb_get_guint8(tvb, 0);
app_len = 1;
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app);
/* call the next dissector */
if (dissector_try_uint(dof_tun_app_dissectors, app, tvb, pinfo, tree))
{
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return tvb_captured_length(tvb);
}
else
{
proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, 0, app_len,
DOF_APPLICATION_PROTOCOL ", Version: %u", app);
}
}
return 0;
}
/* Packet and Session Data Creation */
static udp_session_data* create_udp_session_data(packet_info *pinfo, conversation_t *conversation _U_)
{
udp_session_data *packet = wmem_new0(wmem_file_scope(), udp_session_data);
/* TODO: Determine if this is valid or not. */
/* WMEM_COPY_ADDRESS( wmem_file_scope(), &packet->server.address, &conversation->key_ptr->addr1 );
packet->server.port = conversation->key_ptr->port1; */
copy_address_wmem(wmem_file_scope(), &packet->server.addr, &pinfo->dst);
packet->server.port = pinfo->destport;
packet->common.transport_id = proto_2008_1_dof_udp;
{
const guint8 *addr = (const guint8 *)packet->server.addr.data;
if ((packet->server.addr.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224))
packet->common.is_2_node = TRUE;
else
packet->common.is_2_node = FALSE;
}
packet->common.is_streaming = FALSE;
packet->common.session_start_ts = pinfo->abs_ts;
packet->common.negotiation_required = FALSE;
packet->common.negotiation_complete_at = 0;
return packet;
}
static tcp_session_data* create_tcp_session_data(packet_info *pinfo, conversation_t *conversation)
{
tcp_session_data *packet = wmem_new0(wmem_file_scope(), tcp_session_data);
copy_address_wmem(wmem_file_scope(), &packet->client.addr, conversation_key_addr1(conversation->key_ptr));
packet->client.port = conversation_key_port1(conversation->key_ptr);
copy_address_wmem(wmem_file_scope(), &packet->server.addr, conversation_key_addr2(conversation->key_ptr));
packet->server.port = conversation_key_port2(conversation->key_ptr);
packet->not_dps = FALSE;
packet->common.transport_id = proto_2008_1_dof_tcp;
packet->common.is_2_node = TRUE;
packet->common.is_streaming = TRUE;
packet->common.session_start_ts = pinfo->abs_ts;
packet->common.negotiation_required = TRUE;
packet->common.negotiation_complete_at = 0;
return packet;
}
static dof_packet_data* create_packet_data(packet_info *pinfo)
{
/* Create the packet data. */
dof_packet_data *packet = wmem_new0(wmem_file_scope(), dof_packet_data);
packet->frame = pinfo->fd->num;
packet->dof_frame = next_dof_frame++;
/* Add the packet into the list of packets. */
if (!globals.dof_packet_head)
{
globals.dof_packet_head = packet;
globals.dof_packet_tail = packet;
}
else
{
globals.dof_packet_tail->next = packet;
globals.dof_packet_tail = packet;
}
return packet;
}
/* Dissectors for Transports (UDP/TCP) */
/**
* Dissect a UDP packet. The parent protocol is UDP. No assumptions about DPS
* data structures are made on input, but before calling common they must
* be set up.
* This dissector is registered with the UDP protocol on the standard DPS port.
* It will be used for anything that involves that port (source or destination).
*/
static int dissect_dof_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
dof_api_data *api_data = (dof_api_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0);
if (api_data == NULL)
{
conversation_t *conversation;
udp_session_data *transport_session;
dof_transport_packet *transport_packet;
/* gboolean mcast = FALSE; */
/* {
guint8* addr = (guint8*) pinfo->dst.data;
if ( (pinfo->dst.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224) )
mcast = TRUE;
} */
/* Register the source address as being DPS for the sender UDP port. */
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR_B | NO_PORT_B);
if (!conversation)
{
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR2 | NO_PORT2);
conversation_set_dissector(conversation, dof_udp_handle);
}
/* Find or create the conversation for this transport session. For UDP, the transport session is determined entirely by the
* server port. This assumes that the first packet seen is from a client to the server.
*/
conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR_B | NO_PORT_B);
if (conversation)
{
/* TODO: Determine if this is valid or not. */
/*if ( conversation->key_ptr->port1 != pinfo->destport || ! addresses_equal( &conversation->key_ptr->addr1, &pinfo->dst ) )
conversation = NULL; */
}
if (!conversation)
conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR2 | NO_PORT2 | CONVERSATION_TEMPLATE);
transport_session = (udp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_udp);
if (transport_session == NULL)
{
transport_session = create_udp_session_data(pinfo, conversation);
conversation_add_proto_data(conversation, proto_2008_1_dof_udp, transport_session);
}
/* UDP has no framing or retransmission issues, so the dof_api_data is stored directly on the frame. */
api_data = wmem_new0(wmem_file_scope(), dof_api_data);
if (api_data == NULL)
return 0;
transport_packet = wmem_new0(wmem_file_scope(), dof_transport_packet);
if (transport_packet == NULL)
return 0;
transport_packet->is_sent_by_client = TRUE;
if (addresses_equal(&transport_session->server.addr, &pinfo->src) && (transport_session->server.port == pinfo->srcport))
transport_packet->is_sent_by_client = FALSE;
transport_packet->sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport);
transport_packet->receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport);
api_data->transport_session = &transport_session->common;
api_data->transport_packet = transport_packet;
p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0, api_data);
}
return dissect_dof_common(tvb, pinfo, tree, api_data);
}
/**
* Determine if the current offset has already been processed.
* This is specific to the TCP dissector.
*/
static gboolean is_retransmission(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
{
/* TODO: Determine why we get big numbers sometimes... */
/* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
{
tcp_ignore_data *id;
guint32 sequence = tcpinfo->seq;
if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
{
id = packet->from_client_ignore_list;
}
else
{
id = packet->from_server_ignore_list;
}
while (id != NULL && id->sequence != sequence)
{
id = id->next;
}
if (id == NULL)
return FALSE;
return id->ignore;
}
return FALSE;
}
/**
* We have found and processed packets starting at offset, so
* don't allow the same (or previous) packets.
* This only applies to TCP dissector conversations.
*/
static void remember_offset(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
{
gboolean ignore = FALSE;
/* TODO: Determine why we get big numbers sometimes... */
/* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
{
tcp_ignore_data **last;
tcp_ignore_data *id;
guint32 sequence;
guint32 *seqptr = NULL;
if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
{
last = &(packet->from_client_ignore_list);
id = packet->from_client_ignore_list;
sequence = tcpinfo->seq;
seqptr = &session->from_client_seq;
if (LE_SEQ(tcpinfo->seq, session->from_client_seq))
ignore = TRUE;
}
else
{
last = &(packet->from_server_ignore_list);
id = packet->from_server_ignore_list;
sequence = tcpinfo->seq;
seqptr = &session->from_server_seq;
if (LE_SEQ(tcpinfo->seq, session->from_server_seq))
ignore = TRUE;
}
while (id != NULL && id->sequence != tcpinfo->seq)
{
last = &(id->next);
id = id->next;
}
*seqptr = sequence;
if (id == NULL)
{
*last = wmem_new0(wmem_file_scope(), tcp_ignore_data);
id = *last;
id->ignore = ignore;
id->sequence = tcpinfo->seq;
}
}
}
/**
* This dissector is registered with TCP using the standard port. It uses registered
* protocols to determine framing, and those dissectors will call into the base
* DPS dissector for each packet.
*/
static int dissect_dof_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
conversation_t *conversation;
tcp_session_data *session;
tcp_packet_data *packet;
struct tcpinfo *tcpinfo = (struct tcpinfo *)data;
guint8 header;
/* Get the TCP conversation. TCP creates a new conversation for each TCP connection,12
* so we can "mirror" that by attaching our own data to that conversation. If our
* data cannot be found, then it is a new connection (to us).
*/
conversation = find_conversation_pinfo(pinfo, 0);
{
/* This should be impossible - the TCP dissector requires this conversation.
* Bail...
*/
DISSECTOR_ASSERT(conversation != NULL);
}
/* This requires explanation. TCP will call this dissector, and we know
* that the first byte (offset 0 of this tvb) is the first byte of an
* DPS packet. The TCP dissector ensures this.
*
* We do *not* know that this is the only packet, and
* so the dissector that we call below must handle framing. All of
* this state must be stored, and so we store it in a transport
* data structure. DPS packet data is created later and associated
* differently.
*
* Further, this routine MAY be called MULTIPLE times for the SAME
* frame with DIFFERENT sequence numbers. This makes handling
* retransmissions very difficult - we must track each call to this
* routine with its associated offset and ignore flag. However, due
* to the way that Wireshark handles asking for more data we cannot
* mark an offset as "duplicate" until after it has been processed.
*/
/* TCP packet data is only associated with TCP frames that hold DPS packets. */
session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_tcp);
if (session == NULL)
{
session = create_tcp_session_data(pinfo, conversation);
conversation_add_proto_data(conversation, proto_2008_1_dof_tcp, session);
}
if (session->not_dps)
return 0;
packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0);
if (packet == NULL)
{
packet = wmem_new0(wmem_file_scope(), tcp_packet_data);
p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0, packet);
}
if (is_retransmission(pinfo, session, packet, tcpinfo))
return 0;
/* Loop, checking all the packets in this frame and communicating with the TCP
* desegmenter. The framing dissector entry is used to determine the size
* of the current frame.
*/
{
/* Note that we must handle fragmentation on TCP... */
gint offset = 0;
while (offset < (gint)tvb_reported_length(tvb))
{
gint available = tvb_ensure_captured_length_remaining(tvb, offset);
int packet_length;
header = tvb_get_guint8(tvb, offset);
/* If we are negotiating, then we do not need the framing dissector
* as we know the packet length is two. Note that for the first byte
* of a TCP session there are only two cases, both handled here. An error
* of not understanding the first byte will trigger that this is not
* a DPS session.
*/
if (((header & 0x80) == 0) && session->common.negotiation_required && ((pinfo->fd->num < session->common.negotiation_complete_at) || (session->common.negotiation_complete_at == 0)))
{
packet_length = 2;
if (header > DNP_MAX_VERSION)
{
session->not_dps = TRUE;
return 0;
}
}
else
{
packet_length = dof_dissect_dnp_length(tvb, pinfo, header & 0x7F, &offset);
if (packet_length < 0)
{
session->not_dps = TRUE;
return offset;
}
}
if (packet_length == 0)
{
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return offset + available;
}
if (available < packet_length)
{
pinfo->desegment_offset = offset;
pinfo->desegment_len = packet_length - available;
return offset + available;
}
remember_offset(pinfo, session, packet, tcpinfo);
if (is_retransmission(pinfo, session, packet, tcpinfo))
return 0;
/* We have a packet. We have to store the dof_packet_data in a list, as there may be
* multiple DPS packets in a single Wireshark frame.
*/
{
tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, packet_length, packet_length);
tcp_dof_packet_ref *ref;
gint raw_offset = tvb_raw_offset(tvb) + offset;
gboolean ref_is_new = FALSE;
/* Get the packet data. This is a list in increasing sequence order. */
if (packet->dof_packets == NULL)
{
ref_is_new = TRUE;
ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
ref->transport_packet.sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport);
ref->transport_packet.receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport);
packet->dof_packets = ref;
ref->start_offset = raw_offset;
}
else
ref = packet->dof_packets;
/* Find the entry for our offset. */
while (ref->start_offset != raw_offset)
{
if (ref->next)
{
ref = ref->next;
continue;
}
{
tcp_dof_packet_ref *last = ref;
/* This is the default state, NULL and 0. */
ref_is_new = TRUE;
ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
ref->transport_packet.sender_id = last->transport_packet.sender_id;
ref->transport_packet.receiver_id = last->transport_packet.receiver_id;
ref->start_offset = raw_offset;
last->next = ref;
}
}
if (ref_is_new)
{
dof_transport_packet *tp = &(ref->transport_packet);
tp->is_sent_by_client = FALSE;
if (addresses_equal(&session->client.addr, &pinfo->src) &&
(session->client.port == pinfo->srcport))
tp->is_sent_by_client = TRUE;
ref->api_data.transport_session = (dof_transport_session *)&(session->common);
ref->api_data.transport_packet = tp;
}
dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data);
}
offset += packet_length;
}
return offset;
}
}
#if 0 /* TODO not used yet */
/**
* This dissector is registered with the UDP protocol on the standard DPS port.
* It will be used for anything that involves that port (source or destination).
*/
#if 0
static int dissect_tunnel_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
conversation_t *conversation;
dof_packet_data *packet;
/* Initialize the default transport session structure. */
if (!udp_transport_session)
udp_transport_session = se_alloc0(sizeof(*udp_transport_session));
conversation = find_or_create_conversation(pinfo);
/* Add the packet data. */
packet = p_get_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0);
if (!packet)
{
packet = wmem_alloc0(wmem_file_scope(), sizeof(dof_packet_data));
packet->frame = pinfo->fd->num;
packet->next = NULL;
packet->start_offset = 0;
packet->session_counter = &session_counter;
packet->transport_session = udp_transport_session;
p_add_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0, packet);
}
pinfo->private_data = packet;
return dissect_tunnel_common(tvb, pinfo, tree);
#else
static int dissect_tunnel_udp(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
#endif
return 0;
}
#endif
/**
* This dissector is registered with TCP using the standard port. It uses registered
* protocols to determine framing, and those dissectors will call into the base
* DPS dissector for each packet.
*/
static int dissect_tunnel_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
conversation_t *conversation;
tcp_session_data *session;
tcp_packet_data *packet;
struct tcpinfo *tcpinfo = (struct tcpinfo *)data;
/* Get the TCP conversation. TCP creates a new conversation for each TCP connection,
* so we can "mirror" that by attaching our own data to that conversation. If our
* data cannot be found, then it is a new connection (to us).
*/
conversation = find_conversation_pinfo(pinfo, 0);
{
/* This should be impossible - the TCP dissector requires this conversation.
* Bail...
*/
DISSECTOR_ASSERT(conversation != NULL);
}
/* This requires explanation. TCP will call this dissector, and we know
* that the first byte (offset 0 of this tvb) is the first byte of an
* DPS packet. The TCP dissector ensures this.
*
* We do *not* know that this is the only packet, and
* so the dissector that we call below must handle framing. All of
* this state must be stored, and so we store it in a transport
* data structure. DPS packet data is created later and associated
* differently.
*
* Further, this routine MAY be called MULTIPLE times for the SAME
* frame with DIFFERENT sequence numbers. This makes handling
* retransmissions very difficult - we must track each call to this
* routine with its associated offset and ignore flag. However, due
* to the way that Wireshark handles asking for more data we cannot
* mark an offset as "duplicate" until after it has been processed.
*/
/* TCP packet data is only associated with TCP frames that hold DPS packets. */
session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2012_1_tunnel);
if (session == NULL)
{
session = create_tcp_session_data(pinfo, conversation);
conversation_add_proto_data(conversation, proto_2012_1_tunnel, session);
}
packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0);
if (packet == NULL)
{
packet = wmem_new0(wmem_file_scope(), tcp_packet_data);
p_add_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0, packet);
}
if (is_retransmission(pinfo, session, packet, tcpinfo))
return 0;
/* Loop, checking all the packets in this TCP frame.
*/
{
/* Note that we must handle fragmentation on TCP... */
gint offset = 0;
while (offset < (gint)tvb_reported_length(tvb))
{
gint available = tvb_reported_length_remaining(tvb, offset);
int packet_length;
int header_length;
int i;
if (available < 3)
{
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return offset + available;
}
packet_length = 0;
header_length = 3;
for (i = 0; i < 2; i++)
packet_length = packet_length * 256 + tvb_get_guint8(tvb, offset + 1 + i);
packet_length += header_length;
if (available < packet_length)
{
pinfo->desegment_offset = offset;
pinfo->desegment_len = packet_length - available;
return offset + available;
}
/* We have a packet. We have to store the dof_packet_data in a list, as there may be
* multiple DPS packets in a single Wireshark frame.
*/
{
tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, packet_length, packet_length);
tcp_dof_packet_ref *ref;
gint raw_offset = tvb_raw_offset(tvb) + offset;
gboolean ref_is_new = FALSE;
/* Get the packet data. This is a list in increasing sequence order. */
if (packet->dof_packets == NULL)
{
ref_is_new = TRUE;
ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
ref->transport_packet.sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport);
ref->transport_packet.receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport);
packet->dof_packets = ref;
ref->start_offset = raw_offset;
}
else
ref = packet->dof_packets;
/* Find the entry for our offset. */
while (ref->start_offset != raw_offset)
{
if (ref->next)
{
ref = ref->next;
continue;
}
{
tcp_dof_packet_ref *last = ref;
/* This is the default state, NULL and 0. */
ref_is_new = TRUE;
ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref);
ref->transport_packet.sender_id = last->transport_packet.sender_id;
ref->transport_packet.receiver_id = last->transport_packet.receiver_id;
ref->start_offset = raw_offset;
last->next = ref;
}
}
if (ref_is_new)
{
dof_transport_packet *tp = &(ref->transport_packet);
tp->is_sent_by_client = FALSE;
if (addresses_equal(&session->client.addr, &pinfo->src) &&
(session->client.port == pinfo->srcport))
tp->is_sent_by_client = TRUE;
ref->api_data.transport_session = (dof_transport_session *)&(session->common);
ref->api_data.transport_packet = tp;
}
/* Manage the private data, restoring the existing value. Call the common dissector. */
{
dissect_tunnel_common(next_tvb, pinfo, tree, ref);
}
}
offset += packet_length;
}
return tvb_captured_length(tvb);
}
}
/* Dissectors */
static int dissect_dnp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
guint offset = 0;
guint8 dnp_flags_included = 0;
offset = 0;
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the DNP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 header = tvb_get_guint8(tvb, offset);
dnp_flags_included = (header & 0x80) != 0;
offset += 1;
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv0 ");
if (dnp_flags_included)
{
/* TODO: Protocol violation. */
}
if (tvb_reported_length(tvb) == offset)
col_set_str(pinfo->cinfo, COL_INFO, "Query");
else
{
guint8 first = tvb_get_guint8(tvb, offset);
if (first == 0)
{
/* Query with padding. */
col_set_str(pinfo->cinfo, COL_INFO, "Query");
proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA);
}
else
{
/* Response. */
col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
while (first)
{
proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_version, tvb, offset, 1, ENC_NA);
offset += 1;
if (offset == tvb_reported_length(tvb))
break;
first = tvb_get_guint8(tvb, offset);
}
if (offset < tvb_reported_length(tvb))
proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA);
}
}
}
}
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return tvb_reported_length(tvb);
}
/**
* Determine the length of the packet in tvb, starting at an offset that is passed as a
* pointer in private_data.
* Return 0 if the length cannot be determined because there is not enough data in
* the buffer, otherwise return the length of the packet.
*/
static int determine_packet_length_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data)
{
/* Note that we must handle fragmentation on TCP... */
gint offset = *((gint *)data);
{
gint available = tvb_ensure_captured_length_remaining(tvb, offset);
guint8 header, flags;
guint8 size;
guint8 i;
gint data_len, header_len;
if (available < 2)
return 0;
header = tvb_get_guint8(tvb, offset);
data_len = 0;
if ((header & 0x80) == 0)
{
/* The length is fixed in this case... */
data_len = 0;
header_len = 2;
size = 0;
}
else
{
flags = tvb_get_guint8(tvb, offset + 1);
size = flags & 0x03;
header_len = 2 + size;
}
if (available < header_len)
return 0;
for (i = 0; i < size; i++)
data_len = data_len * 256 + tvb_get_guint8(tvb, offset + 2 + i);
return header_len + data_len;
}
}
static int dissect_dnp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
gint offset = 0;
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet;
gint8 dnp_version = -1;
guint8 dnp_flags_included = 0;
guint8 dnp_length_length = 0;
guint32 dnp_flags = 0;
guint length = 0;
guint encapsulated_length = 0;
int i;
proto_tree *dnp_tree = tree;
if (!api_data)
{
/* TODO: Print error */
return 0;
}
if (!api_data->packet)
{
/* TODO: Print error */
return 0;
}
packet = api_data->packet;
offset = 0;
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the DNP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 header = tvb_get_guint8(tvb, offset);
guint32 dnp_src_port = 0;
guint32 dnp_dst_port = 0;
dnp_version = header & 0x7F;
dnp_flags_included = (header & 0x80) != 0;
offset += 1;
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv1 ");
if (dnp_flags_included)
{
/* Including flags always terminates negotiation. */
/* packet->negotiated = TRUE; */
dnp_flags = tvb_get_guint8(tvb, offset);
if ((dnp_flags & 0xF0) != 0)
expert_add_info(pinfo, NULL, &ei_dof_10_flags_zero);
proto_tree_add_bitmask(dnp_tree, tvb, offset, hf_2009_9_dnp_1_flags, ett_2009_9_dnp_1_flags, bitmask_2009_9_dnp_1_flags, ENC_BIG_ENDIAN);
offset += 1;
}
else
dnp_flags = DNP_V1_DEFAULT_FLAGS;
/* Determine the size of the length field. */
dnp_length_length = dnp_flags & 0x03;
if (dnp_length_length)
proto_tree_add_item(dnp_tree, hf_2009_9_dnp_1_length, tvb, offset, dnp_length_length, ENC_BIG_ENDIAN);
/* Read the length. */
length = 0;
for (i = 0; i < dnp_length_length; i++)
length = (length << 8) | tvb_get_guint8(tvb, offset + i);
/* Validate the length. */
#if 0
if ( (length == 0) && packet->negotiated && session && ! session->connectionless )
{
expert_add_info( pinfo, NULL, &ei_dof_13_length_specified );
}
#endif
offset += dnp_length_length;
/* If there isn't a length specified then use the packet size. */
if (dnp_length_length == 0)
length = tvb_reported_length(tvb) - offset;
encapsulated_length = length;
/* Read the srcport */
if (dnp_flags & 0x04)
{
gint s_offset = offset;
proto_item *item;
gint dnp_src_port_len;
offset = read_c3(tvb, offset, &dnp_src_port, &dnp_src_port_len);
item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, s_offset, offset - s_offset, dnp_src_port, "Source Address: %u", dnp_src_port);
validate_c3(pinfo, item, dnp_src_port, dnp_src_port_len);
encapsulated_length -= (offset - s_offset);
}
else
{
proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, 0, 0, 0, "Source Address: %u", 0);
proto_item_set_generated(item);
}
/* Read the dstport */
if (dnp_flags & 0x08)
{
gint s_offset = offset;
gint dnp_dst_port_len;
proto_item *item;
offset = read_c3(tvb, offset, &dnp_dst_port, &dnp_dst_port_len);
item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, s_offset, offset - s_offset, dnp_dst_port, "Destination Address: %u", dnp_dst_port);
validate_c3(pinfo, item, dnp_dst_port, dnp_dst_port_len);
encapsulated_length -= (offset - s_offset);
}
else
{
proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, 0, 0, 0, "Destination Address: %u", 0);
proto_item_set_generated(item);
}
}
proto_item_set_end(tree, tvb, offset);
/* Given the transport session and the DPS port information, determine the DPS session. */
if (api_data->session == NULL)
{
guint32 client;
guint32 server;
if (api_data->transport_packet->is_sent_by_client)
{
client = dnp_src_port;
server = dnp_dst_port;
}
else
{
client = dnp_dst_port;
server = dnp_src_port;
}
api_data->session = dof_ns_session_retrieve(api_data->transport_session->transport_session_id, client, server);
if (api_data->session == NULL)
{
dof_session_data *sdata = wmem_new0(wmem_file_scope(), dof_session_data);
dof_ns_session_define(api_data->transport_session->transport_session_id, client, server, sdata);
sdata->session_id = globals.next_session++;
sdata->dof_id = dnp_version;
api_data->session = sdata;
}
}
packet->sender_id = dnp_src_port;
packet->receiver_id = dnp_dst_port;
/* Assuming there is more, it must be DPP. */
/* We have a packet. */
{
tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, encapsulated_length, tvb_reported_length(tvb) - offset);
offset += dof_dissect_dpp_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
}
}
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return offset;
}
static int dissect_dpp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
guint offset = 0;
guint8 dpp_flags_included = 0;
offset = 0;
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the DPP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 header = tvb_get_guint8(tvb, offset);
dpp_flags_included = (header & 0x80) != 0;
offset += 1;
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv0 ");
if (dpp_flags_included)
{
/* TODO: Protocol violation. */
}
if (tvb_reported_length(tvb) == offset)
col_set_str(pinfo->cinfo, COL_INFO, "Query");
else
{
guint8 first = tvb_get_guint8(tvb, offset);
/* Response. */
col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
while (first)
{
proto_tree_add_item(tree, hf_2008_1_dpp_0_1_1_version, tvb, offset, 1, ENC_NA);
offset += 1;
if (offset == tvb_reported_length(tvb))
break;
first = tvb_get_guint8(tvb, offset);
}
}
}
}
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return tvb_reported_length(tvb);
}
static int dissect_dpp_v2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
gint offset = 0;
guint8 opcode;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *dpps_tree;
proto_tree *opid_tree;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
/* TODO: Output error. */
return 0;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPs ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_2009_12_dpp_common, tvb, offset, -1, ENC_NA);
dpps_tree = proto_item_add_subtree(ti, ett_2009_12_dpp_common);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(dpps_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
/* Retrieve the opcode. */
opcode = tvb_get_guint8(tvb, offset);
if (!packet_data->is_command)
opcode |= OP_2009_12_RESPONSE_FLAG;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"));
/* Opcode */
proto_tree_add_uint_format(dpps_tree, hf_2009_12_dpp_2_14_opcode, tvb, offset, 1, opcode & 0x3F, "Opcode: %s (%u)", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"), opcode & 0x3F);
offset += 1;
switch (opcode)
{
case OP_2009_12_SOURCE_LOST_CMD:
case OP_2009_12_SOURCE_FOUND_CMD:
case OP_2009_12_RENAME_CMD:
packet_data->has_referenced_opid = TRUE;
/* FALL THROUGH */
case OP_2009_12_CANCEL_ALL_CMD:
case OP_2009_12_NODE_DOWN_CMD:
case OP_2009_12_QUERY_RSP:
/* SID */
{
proto_tree *oid_tree;
gint opid_len;
tvbuff_t *next_tvb;
if (packet_data->has_referenced_opid)
{
opid_tree = proto_tree_add_subtree(dpps_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
}
else
{
opid_tree = dpps_tree;
}
oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
next_tvb = tvb_new_subset_length_caplen(tvb, offset, -1, tvb_reported_length(tvb) - offset);
opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);
learn_sender_sid(api_data, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));
if (packet_data->has_referenced_opid)
learn_operation_sid(&packet_data->ref_op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));
offset += opid_len;
}
if (packet_data->has_referenced_opid)
{
guint32 opcnt;
gint opcnt_len;
proto_item *pi;
read_c4(tvb, offset, &opcnt, &opcnt_len);
pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
validate_c4(pinfo, pi, opcnt, opcnt_len);
offset += opcnt_len;
packet_data->ref_op.op_cnt = opcnt;
}
break;
}
return offset;
}
static int dissect_dpp_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
proto_item *ti = NULL;
proto_item *tf = NULL;
proto_item *opid = NULL;
gint opid_start = -1;
guint8 dpp_flags_included = 0;
guint32 dpp_flags = 0;
guint8 dpp_opid_keytype = 0;
proto_tree *dpp_flags_tree;
proto_tree *opid_tree = NULL;
gint offset = 0;
proto_tree *dpp_tree = tree;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
/* TODO: Output error. */
return 0;
}
/* We should have everything required for determining the SID ID. */
assign_sid_id(api_data);
offset = 0;
col_clear(pinfo->cinfo, COL_INFO);
/* Compute the DPP control information. This is the version and the flags byte.
* The flags byte is either present, or is based on the version (and can be defaulted).
*/
{
guint8 header = tvb_get_guint8(tvb, offset);
dpp_flags_included = (header & 0x80) != 0;
offset += 1;
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv2 ");
ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_sid_num, tvb,
0, 0, packet_data->sender_sid_id, "SID ID: %d", packet_data->sender_sid_id);
proto_item_set_generated(ti);
if (packet_data->sender_sid)
{
const gchar *SID = dof_oid_create_standard_string(packet_data->sender_sid[0], packet_data->sender_sid + 1);
ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_sid_str, tvb, 0, 0, packet_data->sender_sid, "%s", SID);
proto_item_set_generated(ti);
}
ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_rid_num, tvb,
0, 0, packet_data->receiver_sid_id, "RID ID: %d", packet_data->receiver_sid_id);
proto_item_set_generated(ti);
if (packet_data->receiver_sid)
{
const gchar *SID = dof_oid_create_standard_string(packet_data->receiver_sid[0], packet_data->receiver_sid + 1);
ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_rid_str, tvb, 0, 0, packet_data->receiver_sid, "%s", SID);
proto_item_set_generated(ti);
}
if (dpp_flags_included)
{
dpp_flags = tvb_get_guint8(tvb, offset);
if (((dpp_flags & 0x10) != 0) && ((dpp_flags & 0x0F) != 0))
expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero);
if (((dpp_flags & 0x10) == 0) && ((dpp_flags & 0x09) != 0))
expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero);
tf = proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_flags, tvb,
offset, 1, dpp_flags, "Flags: 0x%02x", dpp_flags);
dpp_flags_tree = proto_item_add_subtree(tf, ett_2009_12_dpp_2_1_flags);
if (dpp_flags == DPP_V2_DEFAULT_FLAGS)
expert_add_info(pinfo, dpp_flags_tree, &ei_dpp_default_flags);
proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_security, tvb, offset, 1, ENC_NA);
proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_opid, tvb, offset, 1, ENC_NA);
proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_cmdrsp, tvb, offset, 1, ENC_NA);
if ((dpp_flags & 0x10) == 0)
{
proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_seq, tvb, offset, 1, ENC_NA);
proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_retry, tvb, offset, 1, ENC_NA);
}
offset += 1;
}
else
dpp_flags = DPP_V2_DEFAULT_FLAGS;
packet_data->is_command = (dpp_flags & 0x10) == 0;
/* We are allowed to be complete here if still negotiating. */
/*if ( ! packet->negotiated && (offset == tvb_reported_length(tvb)) )
{
col_set_str( pinfo->cinfo, COL_INFO, "DPS Negotiation" );
return 1;
}*/
dpp_opid_keytype = (dpp_flags & 0x60) >> 5;
switch (dpp_opid_keytype)
{
case 0: /* No OPID */
packet_data->has_opid = FALSE;
break;
case 1: /* Implied sender. */
packet_data->has_opid = TRUE;
packet_data->op.op_sid_id = packet_data->sender_sid_id;
packet_data->op.op_sid = packet_data->sender_sid;
break;
case 2: /* Implied receiver. */
packet_data->has_opid = TRUE;
packet_data->op.op_sid_id = packet_data->receiver_sid_id;
packet_data->op.op_sid = packet_data->receiver_sid;
break;
case 3: /* Explicit. */
packet_data->has_opid = TRUE;
break;
}
if (dpp_opid_keytype != 0)
{
opid_start = offset;
opid_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
}
switch (dpp_opid_keytype)
{
case 0: /* We have no opid. */
break;
case 3: /* Explicit. */
{
proto_tree *oid_tree;
tvbuff_t *next_tvb;
gint opid_len;
oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
next_tvb = tvb_new_subset_length_caplen(tvb, offset, -1, tvb_reported_length(tvb) - offset);
opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);
proto_item_set_len(oid_tree, opid_len);
learn_operation_sid(&packet_data->op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len));
/* Warn if Explicit SID could be optimized. */
if (packet_data->op.op_sid_id == packet_data->sender_sid_id)
expert_add_info(pinfo, ti, &ei_dpp_explicit_sender_sid_included);
if (packet_data->op.op_sid_id == packet_data->receiver_sid_id)
expert_add_info(pinfo, ti, &ei_dpp_explicit_receiver_sid_included);
offset += opid_len;
}
/* FALL THROUGH */
case 1: /* Implied sender. */
case 2: /* Implied receiver. */
{
guint32 opcnt;
gint opcnt_len;
proto_item *pi;
/* Display the SID if known. */
if ((dpp_opid_keytype != 3) && packet_data->op.op_sid)
{
proto_tree *oid_tree;
tvbuff_t *next_tvb = tvb_new_child_real_data(tvb, packet_data->op.op_sid + 1, packet_data->op.op_sid[0], packet_data->op.op_sid[0]);
oid_tree = proto_tree_add_subtree(opid_tree, tvb, 0, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL);
proto_item_set_generated(ti);
}
read_c4(tvb, offset, &opcnt, &opcnt_len);
pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
validate_c4(pinfo, pi, opcnt, opcnt_len);
offset += opcnt_len;
proto_item_set_len(opid, offset - opid_start);
packet_data->op.op_cnt = opcnt;
/* At this point we have a packet with an operation identifier. We need to
* update the master list of operation identifiers, and do any checking that
* we can in order to validate things.
*/
if (packet_data->has_opid && !packet_data->opid_first)
{
dof_packet_data *first = (dof_packet_data *)g_hash_table_lookup(dpp_opid_to_packet_data, (gconstpointer) & packet_data->op);
if (first == NULL)
{
/* First reference to this operation. */
g_hash_table_insert(dpp_opid_to_packet_data, (gpointer) & packet_data->op, (gpointer)packet_data);
packet_data->opid_first = packet_data;
packet_data->opid_last = packet_data;
/* The first opid must be a command. */
}
else
{
/* Operation exists, time to patch things in. */
packet_data->opid_first = first;
first->opid_last->opid_next = packet_data;
first->opid_last = packet_data;
if (!packet_data->is_command)
{
if (!first->opid_first_response)
{
first->opid_first_response = packet_data;
first->opid_last_response = packet_data;
}
else
{
first->opid_last_response->opid_next_response = packet_data;
first->opid_last_response = packet_data;
}
}
}
}
/* Add all the reference information to the tree. */
if (globals.track_operations && tree)
{
proto_tree *ophistory_tree = proto_tree_add_subtree(tree, tvb, 0, 0, ett_2009_12_dpp_2_opid_history, NULL, "Operation History");
dof_packet_data *ptr = packet_data->opid_first;
if (ptr)
proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_command,
tvb, 0, 0, ptr->frame,
"First Operation: %u",
ptr->frame);
if (ptr->opid_last && ptr->opid_last != ptr)
proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_command,
tvb, 0, 0, ptr->opid_last->frame,
"Last Operation: %u",
ptr->opid_last->frame);
if (ptr->opid_first_response)
proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_response,
tvb, 0, 0, ptr->opid_first_response->frame,
"First Response: %u",
ptr->opid_first_response->frame);
if (ptr->opid_last_response && ptr->opid_last_response != ptr->opid_first_response)
proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_response,
tvb, 0, 0, ptr->opid_last_response->frame,
"Last Response: %u",
ptr->opid_last_response->frame);
/* Determine the window start, then output the number of packets. Output the number of skipped packets before
* and after.
*/
{
dof_packet_data *start = packet_data->opid_first;
guint diff = 0;
while (ptr)
{
if (ptr == packet_data)
break;
ptr = ptr->opid_next;
diff += 1;
if (diff > globals.track_operations_window)
{
start = start->opid_next;
diff -= 1;
}
}
ptr = start;
diff = 0;
while (ptr)
{
const char *THIS = "";
if (ptr == packet_data)
{
THIS = "this ";
diff = globals.track_operations_window + 1;
}
/* (DPS Frame) [ws WS Frame]: (SID)->(RID): (THIS) (SUMMARY) */
proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_related_frame,
tvb, 0, 0, ptr->frame,
"%u[ws %u]: %u->%u: %s%s",
ptr->dof_frame, ptr->frame,
ptr->sender_sid_id, ptr->receiver_sid_id,
THIS,
ptr->summary ? ptr->summary : "");
ptr = ptr->opid_next;
if (diff && !--diff)
break;
}
}
}
}
break;
}
proto_item_set_len(opid_tree, offset - opid_start);
{
if ((dpp_flags & 0x10) == 0)
{
guint8 dpp_seq = 0;
guint8 dpp_retry = 0;
guint16 dpp_delay = 0;
/* Extract SEQ */
if (dpp_flags & 0x04)
{
dpp_seq = tvb_get_guint8(tvb, offset);
proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_seq, tvb, offset, 1, dpp_seq, "Sequence: %u", dpp_seq);
offset += 1;
}
/* Extract Retry */
if (dpp_flags & 0x02)
{
dpp_retry = tvb_get_guint8(tvb, offset);
proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_retry, tvb, offset, 1, dpp_retry, "Retry: %u", dpp_retry);
offset += 1;
}
/* Extract Delay */
{
dpp_delay = tvb_get_guint8(tvb, offset);
if (dpp_delay > 128)
dpp_delay = 128 + ((dpp_delay - 128) * 32);
proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_delay, tvb, offset, 1, dpp_delay, "Delay: %u seconds", dpp_delay);
offset += 1;
}
packet_data->summary = wmem_strdup_printf(wmem_file_scope(), "command seq %u, retry %u, delay %u", dpp_seq, dpp_retry, dpp_delay);
}
else
packet_data->summary = "response";
}
/* Extract session information. */
if (dpp_flags & 0x80)
{
guint32 sec_offset = offset;
guint8 sh_flags;
guint32 ssid;
proto_tree *security_tree;
proto_tree *sec_flags_tree;
proto_item *item;
security_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, -1, ett_2009_12_dpp_2_3_security, NULL, "Security Header");
sh_flags = tvb_get_guint8(tvb, offset);
item = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_flags, tvb,
offset, 1, sh_flags, "Flags: 0x%02x", sh_flags);
sec_flags_tree = proto_item_add_subtree(item, ett_2009_12_dpp_2_3_sec_flags);
proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_secure, tvb, offset, 1, ENC_NA);
proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_rdid, tvb, offset, 1, ENC_NA);
proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_partition, tvb, offset, 1, ENC_NA);
proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_as, tvb, offset, 1, ENC_NA);
proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_ssid, tvb, offset, 1, ENC_NA);
offset += 1;
ssid = 0;
if (sh_flags & DPP_V2_SEC_FLAG_S)
{
gint s_offset = offset;
gint ssid_len;
proto_item *pi;
offset = read_c4(tvb, offset, &ssid, &ssid_len);
pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_ssid, tvb, s_offset, offset - s_offset, ssid, "Security State Identifier: %u (0x%x)", ssid, ssid);
validate_c4(pinfo, pi, ssid, ssid_len);
}
/* At this point we know the transport information, DNP port information, and the
* SSID. This means that we can isolate the session that this communication belongs
* to. Note that all uses of an SSID are scoped by the transport.
*/
if (sh_flags & DPP_V2_SEC_FLAG_A)
ssid |= AS_ASSIGNED_SSID;
if (api_data->session && !api_data->secure_session)
{
dof_secure_session_data *search = api_data->session->secure_sessions;
while (search)
{
if (ssid == search->ssid)
break;
search = search->next;
}
if (search)
{
api_data->session = search->parent;
api_data->secure_session = search;
}
}
if (sh_flags & DPP_V2_SEC_FLAG_D)
{
gint s_offset = offset;
guint32 rdid;
gint rdid_len;
proto_item *pi;
offset = read_c4(tvb, offset, &rdid, &rdid_len);
pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_rdid, tvb, s_offset, offset - s_offset, rdid, "Remote Domain Identifier: %u (0x%x)", rdid, rdid);
validate_c4(pinfo, pi, rdid, rdid_len);
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree,
offset, hf_2009_12_dpp_2_3_sec_remote_partition, ett_2009_12_dpp_2_3_sec_remote_partition, NULL);
}
if (sh_flags & DPP_V2_SEC_FLAG_P)
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree,
offset, hf_2009_12_dpp_2_3_sec_partition, ett_2009_12_dpp_2_3_sec_partition, NULL);
}
if (sh_flags & DPP_V2_SEC_FLAG_E)
{
/* If we get here without success, then we can only bail. */
if (packet_data->security_session_error)
{
col_set_str(pinfo->cinfo, COL_INFO, packet_data->security_session_error);
proto_item_set_end(tree, tvb, offset);
expert_add_info(pinfo, security_tree, &ei_dpp_no_security_context);
{
tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset);
call_data_dissector(data_tvb, pinfo, tree);
}
proto_item_set_len(security_tree, offset - sec_offset);
return offset;
}
if (!api_data->secure_session)
{
packet_data->security_session_error = "[Encrypted - No Session Available]";
proto_item_set_len(security_tree, offset - sec_offset);
return offset;
}
/* Security has not failed, and we have a security session. */
{
dissector_table_t sec_header = find_dissector_table("dof.secmode");
/* TODO: CCM is hardcoded. We should try all of the sessions, which could mean multiple security modes. */
dissector_handle_t dp = dissector_get_uint_handle(sec_header, 0x6001); /* packet_data->security_session->security_mode); */
if (dp)
{
dof_secmode_api_data sdata;
sdata.context = HEADER;
sdata.security_mode_offset = offset;
sdata.dof_api = api_data;
sdata.secure_session = api_data->secure_session;
sdata.session_key_data = NULL;
offset += call_dissector_only(dp, tvb, pinfo, security_tree, &sdata);
if (!packet_data->decrypted_buffer)
{
proto_item_set_end(tree, tvb, offset);
proto_item_set_len(security_tree, offset - sec_offset);
return offset;
}
}
}
}
proto_item_set_len(security_tree, offset - sec_offset);
}
/* The end of the packet must be called in the original tvb or chaos ensues... */
proto_item_set_end(tree, tvb, offset);
}
if (packet_data->decrypted_tvb)
{
tvb = packet_data->decrypted_tvb;
offset = packet_data->decrypted_offset;
}
/* Assuming there is more, it must be DPP. */
/* We have a packet. We must handle the special case of this being *our* application
* protocol (0x7FFF). If it is, then *we* are the dissector...
*/
{
guint16 app;
tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, -1, tvb_reported_length(tvb) - offset);
read_c2(tvb, offset, &app, NULL);
if (app == 0x7FFF)
{
offset += dissect_dpp_v2_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
}
else
{
offset += dissect_app_common(next_tvb, pinfo, proto_item_get_parent(tree), data);
}
}
}
col_set_fence(pinfo->cinfo, COL_PROTOCOL);
col_set_fence(pinfo->cinfo, COL_INFO);
return offset;
}
static int dissect_options(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
while (offset < (gint)tvb_captured_length(tvb))
{
proto_tree *subtree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_2008_1_dsp_12_option, NULL, "Option");
tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset);
gint len = dissect_2008_1_dsp_1(next_tvb, pinfo, subtree);
proto_item_set_len(proto_tree_get_parent(subtree), len);
offset += len;
}
return offset;
}
static int dissect_dsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
guint offset = 0;
guint8 opcode;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *dsp_tree;
proto_tree *options_tree;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
/* TODO: Output error. */
return 0;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_2008_1_dsp, tvb, offset, -1, ENC_NA);
dsp_tree = proto_item_add_subtree(ti, ett_2008_1_dsp_12);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
#if 0
if (!packet->is_streaming)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 ");
if (tvb_captured_length(tvb) == offset)
col_set_str(pinfo->cinfo, COL_INFO, "Query");
else
{
col_set_str(pinfo->cinfo, COL_INFO, "Query Response");
while (offset < tvb_captured_length(tvb))
{
guint16 app;
gint start = offset;
offset = read_c2(tvb, offset, &app, NULL);
proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, app);
}
}
return offset;
}
#endif
if (offset == tvb_captured_length(tvb))
{
col_append_str(pinfo->cinfo, COL_INFO, "DSP [nop]");
expert_add_info(pinfo, dsp_tree, &ei_implicit_no_op);
return offset;
}
/* Determine the ESP opcode. */
opcode = tvb_get_guint8(tvb, offset);
if (!packet_data->is_command)
opcode |= OP_2008_1_RSP;
proto_tree_add_uint_format(dsp_tree, hf_2008_1_dsp_12_opcode, tvb, offset, 1, opcode, "Opcode: %s (%u)", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"), opcode & 0x7F);
offset += 1;
col_append_sep_str(pinfo->cinfo, COL_INFO, "/", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"));
switch (opcode)
{
case OP_2008_1_OPEN_CMD: /* 2008.1 DSP.14.1 */
break;
case OP_2008_1_OPEN_RSP: /* 2008.1 DSP.14.2 */
case OP_2008_1_OPEN_SECURE_RSP: /* 2008.1 DSP.14.3 */
{
while (offset < tvb_captured_length(tvb))
{
guint16 ap;
gint length;
proto_item *pi;
gint start = offset;
offset = read_c2(tvb, offset, &ap, &length);
pi = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, ap);
validate_c2(pinfo, pi, ap, length);
}
}
break;
case OP_2008_1_QUERY_CMD:
break;
case OP_2008_1_QUERY_RSP:
break;
case OP_2008_1_CONFIG_ACK:
break;
case OP_2008_1_CONFIG_REQ:
/* This will start a session if not existing... */
/* FALL THROUGH */
case OP_2008_1_CONFIG_NAK:
{
gint length = tvb_captured_length(tvb) - offset;
options_tree = proto_tree_add_subtree_format(dsp_tree, tvb, offset, length, ett_2008_1_dsp_12_options, NULL,
"DSP Options: (%d byte%s)", length, plurality(length, "", "s"));
offset = dissect_options(tvb, offset, pinfo, options_tree, NULL);
}
break;
case OP_2008_1_CONFIG_REJ:
/* TODO: Handle reject. */
break;
case OP_2008_1_TERMINATE_CMD:
case OP_2008_1_TERMINATE_RSP:
/* Nothing */
break;
}
return offset;
}
static int dissect_ccm_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
/* We are handed a buffer that starts with an option and our protocol id. Any options follow that. */
gint offset = 0;
proto_item *parent = proto_tree_get_parent(tree);
guint8 len, strength_count, i;
proto_item *ti;
proto_tree *ccm_tree;
/* Append description to the parent. */
proto_item_append_text(parent, " (CCM)");
/* Compute the version and flags, masking off other bits. */
offset += 3; /* Skip the type and protocol. */
len = tvb_get_guint8(tvb, offset++);
ti = proto_tree_add_item(tree, hf_ccm_dsp_option, tvb, offset, len, ENC_NA);
ccm_tree = proto_item_add_subtree(ti, ett_ccm_dsp_option);
strength_count = tvb_get_guint8(tvb, offset);
proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength_count, tvb, offset++, 1, ENC_NA);
for (i = 0; i < strength_count; i++)
proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength, tvb, offset++, 1, ENC_NA);
proto_tree_add_item(ccm_tree, hf_ccm_dsp_e_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_tree, hf_ccm_dsp_m_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmax, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmin, tvb, offset, 1, ENC_NA);
offset += 1;
return offset;
}
/**
* This is the main entry point for the CCM dissector. It is always called from an DPS
* dissector, and is always passed the dof_secmode_data structure.
*/
static int dissect_ccm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_secmode_api_data *secmode_api_data;
dof_session_key_exchange_data *key_data;
secmode_api_data = (dof_secmode_api_data *)data;
if (secmode_api_data == NULL)
{
return 0;
}
key_data = secmode_api_data->session_key_data;
/* Based on the context of the request, handle the work. */
switch (secmode_api_data->context)
{
case INITIALIZE:
/* Parse off the initialization fields, and if necessary create the security mode state
* that is being initialized. This is passed the DPS data, DPS session data, and Key Exchange Data.
*/
{
ccm_session_data *ccm_data = (ccm_session_data *)key_data->security_mode_key_data;
gint offset = 0;
guint8 header;
guint16 length;
if (!ccm_data)
{
/* We need to parse the initialization data. */
ccm_data = wmem_new0(wmem_file_scope(), ccm_session_data);
if (!ccm_data)
return 0;
wmem_register_callback(wmem_file_scope(), dof_sessions_destroy_cb, ccm_data);
key_data->security_mode_key_data = ccm_data;
if (!key_data->security_mode_data || key_data->security_mode_data_length < 3)
return 0;
/* TODO: Not sure that these are all right. */
ccm_data->protocol_id = DOF_PROTOCOL_CCM;
ccm_data->cipher = key_data->security_mode_data[1];
ccm_data->encrypted = key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x80;
ccm_data->mac_len = (key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x07) * 2 + 2;
ccm_data->client_datagram_number = 0;
ccm_data->server_datagram_number = 0;
switch (ccm_data->protocol_id)
{
case DOF_PROTOCOL_CCM:
if (gcry_cipher_open(&ccm_data->cipher_data, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
return 0;
}
break;
default:
return 0;
}
}
if (secmode_api_data->dof_api->transport_session->is_2_node)
{
switch (ccm_data->protocol_id)
{
case DOF_PROTOCOL_CCM:
if (gcry_cipher_setkey(ccm_data->cipher_data, key_data->session_key, 32)) {
gcry_cipher_close(ccm_data->cipher_data);
ccm_data->cipher_data = NULL;
return 0;
}
break;
default:
return 0;
}
/* This mode has a fixed size, so we can return here without parsing further. */
return 2;
}
offset = read_c2(tvb, offset, &length, NULL);
/* TODO validate C2 */
header = tvb_get_guint8(tvb, offset);
offset += 1;
/* Determine the period, and store the key. */
{
guint8 period = (header & 0x70) >> 4;
if (ccm_data->cipher_data_table == NULL)
{
gcry_cipher_hd_t ekey;
if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
return 0;
}
ccm_data->cipher_data_table = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, dof_cipher_data_destroy);
ccm_data->period = 1;
ccm_data->periods[period] = ccm_data->period;
switch (ccm_data->protocol_id)
{
case DOF_PROTOCOL_CCM:
if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
gcry_cipher_close(ekey);
return 0;
}
break;
default:
gcry_cipher_close(ekey);
return 0;
}
g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
}
else
{
guint32 lookup = ccm_data->periods[period];
if (!lookup)
{
gcry_cipher_hd_t ekey;
if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
return 0;
}
switch (ccm_data->protocol_id)
{
case DOF_PROTOCOL_CCM:
if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
gcry_cipher_close(ekey);
return 0;
}
break;
default:
gcry_cipher_close(ekey);
return 0;
}
ccm_data->period += 1;
ccm_data->periods[period] = ccm_data->period;
g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
}
else
{
guint8 *in_table = (guint8 *)g_hash_table_lookup(ccm_data->cipher_data_table, GUINT_TO_POINTER(lookup));
if (memcmp(key_data->session_key, in_table, 32) != 0)
{
gcry_cipher_hd_t ekey;
if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
return 0;
}
switch (ccm_data->protocol_id)
{
case DOF_PROTOCOL_CCM:
if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) {
gcry_cipher_close(ekey);
return 0;
}
break;
default:
gcry_cipher_close(ekey);
return 0;
}
ccm_data->period += 1;
ccm_data->periods[period] = ccm_data->period;
g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey);
}
}
}
}
return offset + length - 1;
}
case HEADER:
{
ccm_session_data *session;
dof_transport_session *transport_session = (dof_transport_session *)secmode_api_data->dof_api->transport_session;
dof_secure_session_data *secure_session = secmode_api_data->secure_session;
dof_session_key_exchange_data *security_data = NULL;
dof_packet_data *dof_packet = secmode_api_data->dof_api->packet;
guint8 ccm_flags;
guint32 nid;
guint16 slot = 0;
guint32 pn = 0;
gboolean pn_present = FALSE;
guint32 tnid;
guint32 nnid;
proto_tree *ccm_flags_tree;
proto_tree *header_tree;
proto_item * item,*header;
ccm_packet_data *pdata;
gint offset = 0;
if (!dof_packet->security_session)
{
if (transport_session->is_streaming)
{
/* Find the first security data that is applicable - they are in order of packet sequence. */
security_data = secure_session->session_security_data;
while (security_data)
{
if (dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->i_valid))
break;
if (!dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->r_valid))
break;
security_data = security_data->next;
}
if (security_data)
dof_packet->security_session = security_data;
else
{
dof_packet->security_session_error = "[Encrypted - No Session Available]";
return offset;
}
}
else
{
dof_packet->security_session = secure_session->session_security_data;
security_data = dof_packet->security_session;
}
}
else
{
security_data = dof_packet->security_session;
}
if (!security_data || !security_data->session_key || !security_data->security_mode_key_data)
{
dof_packet->security_session_error = "[Encrypted - No Session Available]";
return offset;
}
session = (ccm_session_data *)security_data->security_mode_key_data;
offset = secmode_api_data->security_mode_offset;
/* Add a master header for this protocol. */
header = proto_tree_add_protocol_format(tree, proto_ccm, tvb, offset, 0,
"CCM Security Mode, Version: 1");
header_tree = proto_item_add_subtree(header, ett_header);
tree = header_tree;
ccm_flags = tvb_get_guint8(tvb, offset);
item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_flags, tvb,
offset, 1, ccm_flags, "Flags: 0x%02x", ccm_flags);
ccm_flags_tree = proto_item_add_subtree(item, ett_epp_v1_ccm_flags);
proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_manager, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_period, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_target, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_next_nid, tvb, offset, 1, ENC_NA);
proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_packet, tvb, offset, 1, ENC_NA);
offset += 1;
if (ccm_flags & 0x01)
pn_present = TRUE;
pdata = (ccm_packet_data *)dof_packet->security_packet;
if (!pdata)
{
pdata = wmem_new0(wmem_file_scope(), ccm_packet_data);
if (pdata)
{
dof_packet->security_packet = pdata;
if (transport_session->is_2_node)
{
if (dof_packet->is_sent_by_initiator)
{
pdata->nid = 0;
if (pn_present == FALSE)
pdata->dn = ++session->client_datagram_number;
else
pdata->dn = pn;
}
else
{
pdata->nid = 1;
if (pn_present == 0)
pdata->dn = ++session->server_datagram_number;
else
pdata->dn = pn;
}
}
else
{
guint8 packet_period = (ccm_flags & 0x70) >> 4;
pdata->period = session->periods[packet_period];
}
}
}
if (!pdata)
return offset - secmode_api_data->security_mode_offset;
if (!secure_session->is_2_node)
{
gint nid_len;
proto_item *pi;
read_c4(tvb, offset, &nid, &nid_len);
/* TODO: Do this right, as offset from BNID. */
nid /= 2;
pdata->nid = nid;
pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, offset, nid_len, nid, "Node ID: %u", nid);
validate_c4(pinfo, pi, nid, nid_len);
offset += nid_len;
}
else
{
item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, 0, 0, pdata->nid, "Node ID: %u", pdata->nid);
proto_item_set_generated(item);
}
if (!secure_session->is_2_node)
{
gint slot_len;
proto_item *pi;
read_c2(tvb, offset, &slot, &slot_len);
pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, offset, slot_len, slot, "Slot: %hu", slot);
validate_c2(pinfo, pi, slot, slot_len);
offset += slot_len;
}
else
{
item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, 0, 0, 0, "Slot: %u", 0);
proto_item_set_generated(item);
}
if (ccm_flags & 0x01)
{
gint pn_len;
proto_item *pi;
read_c4(tvb, offset, &pn, &pn_len);
pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, offset, pn_len, pn, "Packet Number: %u", pn);
validate_c4(pinfo, pi, pn, pn_len);
pdata->dn = pn;
offset += pn_len;
}
else
{
item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, 0, 0, pdata->dn, "Packet Number: %u", pdata->dn);
proto_item_set_generated(item);
}
if (ccm_flags & 0x08)
{
gint tnid_len;
proto_item *pi;
read_c4(tvb, offset, &tnid, &tnid_len);
pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_tnid, tvb, offset, tnid_len, tnid, "Target Node ID: %u", tnid);
validate_c4(pinfo, pi, tnid, tnid_len);
offset += tnid_len;
}
if (ccm_flags & 0x02)
{
gint nnid_len;
proto_item *pi;
read_c4(tvb, offset, &nnid, &nnid_len);
pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nnid, tvb, offset, nnid_len, nnid, "Next Node ID: %u", nnid);
validate_c4(pinfo, pi, nnid, nnid_len);
offset += nnid_len;
}
proto_item_set_len(header, offset - secmode_api_data->security_mode_offset);
if (dof_packet->decrypted_buffer_error)
{
col_set_str(pinfo->cinfo, COL_INFO, dof_packet->decrypted_buffer_error);
expert_add_info(pinfo, tree, &ei_decode_failure);
return offset - secmode_api_data->security_mode_offset;
}
/* We have reached the encryption boundary. At this point the rest of the packet
* is encrypted, and we may or may not be able to decrypt it.
*
* If we can decrypt it (which for now means that it uses a Session Key of [0]
* the we switch to decoding the decrypted PDU. Otherwise we create an entry
* for the encrypted bytes and move on...
*/
{
gint e_len = tvb_captured_length(tvb) - offset;
const guint8 *epp_buf = tvb_get_ptr(tvb, 0, -1);
guint a_len = offset;
guint8 *buf = (guint8 *)tvb_memdup(pinfo->pool, tvb, offset, e_len);
tvbuff_t *app;
/* The default nonce is a function of whether or not this is the server
* or the client and the packet count. The packet count either comes from
* the PDU or is a function of the previous value (of the sending node).
*/
guint8 nonce[11];
nonce[0] = (pdata->nid) >> 24;
nonce[1] = (pdata->nid) >> 16;
nonce[2] = (pdata->nid) >> 8;
nonce[3] = (guint8)(pdata->nid);
nonce[4] = slot >> 8;
nonce[5] = (guint8)slot;
nonce[7] = (pdata->dn) >> 24;
nonce[8] = (pdata->dn) >> 16;
nonce[9] = (pdata->dn) >> 8;
nonce[10] = (guint8)(pdata->dn);
/* Now the hard part. We need to determine the current packet number.
* This is a function of the sending node, the previous state and the
* current PDU.
*/
app = NULL;
proto_item_set_end(tree, tvb, offset);
if (!session->encrypted)
{
/* There is still a MAC involved, and even though we don't need a new
* buffer we need to adjust the length of the existing buffer.
*/
app = tvb_new_subset_length_caplen(tvb, offset, e_len - session->mac_len, e_len - session->mac_len);
dof_packet->decrypted_tvb = app;
dof_packet->decrypted_offset = 0;
}
else
{
if (dof_packet->decrypted_buffer)
{
/* No need to decrypt, but still need to create buffer. */
app = tvb_new_real_data((const guint8 *)dof_packet->decrypted_buffer, e_len - session->mac_len, e_len - session->mac_len);
tvb_set_child_real_data_tvbuff(tvb, app);
add_new_data_source(pinfo, app, "Decrypted DOF");
dof_packet->decrypted_tvb = app;
dof_packet->decrypted_offset = 0;
}
else
{
if (decrypt(session, pdata, nonce, epp_buf, a_len, buf, e_len))
{
/* store decrypted buffer in file scope for reuse in next pass */
guint8 *cache = (guint8 *)wmem_alloc0(wmem_file_scope(), e_len - session->mac_len);
memcpy(cache, buf, e_len - session->mac_len);
app = tvb_new_real_data(cache, e_len - session->mac_len, e_len - session->mac_len);
tvb_set_child_real_data_tvbuff(tvb, app);
add_new_data_source(pinfo, app, "Decrypted DOF");
dof_packet->decrypted_buffer = cache;
dof_packet->decrypted_offset = 0;
dof_packet->decrypted_tvb = app;
}
else
{
/* Failure to decrypt or validate the MAC.
* The packet is secure, so there is nothing we can do!
*/
dof_packet->decrypted_buffer_error = "[Encrypted packet - decryption failure]";
}
}
}
}
return offset - secmode_api_data->security_mode_offset;
}
break;
case TRAILER:
/* TODO check this case */
break;
}
return 0;
}
static int dissect_ccm_app(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
gint offset = 0;
guint8 opcode = 0;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *ccm_tree;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CCM ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_ccm_app, tvb, offset, -1, ENC_NA);
ccm_tree = proto_item_add_subtree(ti, ett_ccm);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(ccm_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
/* Retrieve the opcode. */
opcode = tvb_get_guint8(tvb, offset);
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, ccm_opcode_strings, "Unknown Opcode (%d)"));
if (tree)
{
/* Opcode */
proto_tree_add_item(ccm_tree, hf_ccm_opcode, tvb, offset, 1, ENC_NA);
#if 0 /* this needs completion */
offset += 1;
switch (opcode)
{
case CCM_PDU_PROBE:
{
}
break;
}
#endif
}
return 1;
}
#if 0 /* TODO not used yet */
static int dissect_ccm_validate(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet;
ccm_session_data *session;
gint offset;
guint8 ccm_flags;
guint32 nid;
guint16 slot;
guint32 pn;
guint32 tnid;
if (api_data == NULL)
{
fprintf(stderr, "api_data is NULL.");
return 0;
}
packet = api_data->packet;
if (packet == NULL)
{
fprintf(stderr, "api_data->packet is NULL.");
return 0;
}
if (!packet->security_session)
{
fprintf(stderr, "packet->security_session is NULL");
return 0;
}
if (packet->security_session->security_mode != DOF_PROTOCOL_CCM)
{
fprintf(stderr, "packet->security_session->security_mode != DOF_PROTOCOL_CCM");
return 0;
}
session = (ccm_session_data *)packet->security_session->security_mode_key_data;
/* The buffer we have been passed includes the entire EPP frame. The packet
* structure gives us the offset to our header.
*/
offset = 0;
ccm_flags = tvb_get_guint8(tvb, offset);
offset += 1;
/* TODO validate the C2 and C4 fields below? */
if (ccm_flags & 0x04)
offset = read_c4(tvb, offset, &nid, NULL);
if (ccm_flags & 0x02)
offset = read_c2(tvb, offset, &slot, NULL);
if (ccm_flags & 0x01)
offset = read_c4(tvb, offset, &pn, NULL);
if (ccm_flags & 0x08)
offset = read_c4(tvb, offset, &tnid, NULL);
/* We have reached the encryption boundary. At this point the rest of the packet
* is encrypted, and we may or may not be able to decrypt it.
*
* If we can decrypt it (which for now means that it uses a Session Key of [0]
* the we switch to decoding the decrypted PDU. Otherwise we create an entry
* for the encrypted bytes and move on...
*/
{
gint e_len = tvb_captured_length(tvb) - offset;
const guint8 *epp_buf = tvb_get_ptr(tvb, 0, -1);
guint a_len = offset - 0;
guint16 e_off;
guint8 *buf = (guint8 *)g_malloc(e_len);
/* The default nonce is a function of whether or not this is the server
* or the client and the packet count. The packet count either comes from
* the PDU or is a function of the previous value (of the sending node).
*/
guint8 nonce[] = { 0x00, 0x00, 0x00, 0x01,
0x00, 0x00,
0x00,
0x00, 0x00, 0x00, 0x00 };
nonce[0] = nid >> 24;
nonce[1] = nid >> 16;
nonce[2] = nid >> 8;
nonce[3] = (guint8)nid;
nonce[4] = slot >> 8;
nonce[5] = (guint8)slot;
nonce[7] = pn >> 24;
nonce[8] = pn >> 16;
nonce[9] = pn >> 8;
nonce[10] = (guint8)pn;
/* Now the hard part. We need to determine the current packet number.
* This is a function of the sending node, the previous state and the
* current PDU.
*/
for (e_off = 0; e_off < e_len; e_off++)
buf[e_off] = tvb_get_guint8(tvb, offset + e_off);
/* TODO: This is hardcoded for a 4-byte MAC */
proto_item_set_end(tree, tvb, offset);
if (decrypt(session, (ccm_packet_data *)packet->security_packet, nonce, epp_buf, a_len, buf, e_len))
{
g_free(buf);
return 1;
}
else
{
/* Failure to decrypt or validate the MAC.
* The packet is secure, so there is nothing we can do!
*/
g_free(buf);
return 1;
}
}
}
#endif
static int dissect_oap_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
/* We are handed a buffer that starts with our protocol id. Any options follow that. */
gint offset = 0;
/* We don't care except for the treeview. */
if (!tree)
return 0;
/* Compute the version and flags, masking off other bits. */
offset += 4; /* Skip the type and protocol. */
proto_tree_add_item(tree, hf_oap_1_dsp_option, tvb, 0, -1, ENC_NA);
return offset;
}
static int dissect_oap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
gint offset = 0;
guint8 opcode = 0;
guint8 flags = 0;
guint16 item_id = 0;
guint16 app;
guint app_len;
oap_1_packet_data *oap_packet = NULL;
proto_item *ti;
proto_tree *oap_tree;
if (api_data == NULL)
{
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
return 0;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "OAPv1 ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_oap_1, tvb, offset, -1, ENC_NA);
oap_tree = proto_item_add_subtree(ti, ett_oap_1);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(oap_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
if (app_len == tvb_captured_length(tvb))
{
col_append_str(pinfo->cinfo, COL_INFO, "OAP [nop]");
expert_add_info(pinfo, oap_tree, &ei_implicit_no_op);
return app_len;
}
oap_packet = (oap_1_packet_data *)dof_packet_get_proto_data(packet_data, proto_oap_1);
if (!oap_packet)
{
oap_packet = wmem_new0(wmem_file_scope(), oap_1_packet_data);
dof_packet_add_proto_data(packet_data, proto_oap_1, oap_packet);
}
/* Compute the version and flags, masking off other bits. */
opcode = tvb_get_guint8(tvb, offset) & 0x1F;
if (!packet_data->is_command)
opcode |= OAP_1_RESPONSE;
flags = tvb_get_guint8(tvb, offset) & 0xE0;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)"));
/* Opcode */
{
guint8 mask = 0x10;
char str[20];
guint8 no_of_bits = 5;
guint8 i;
guint8 bit = 3;
(void) g_strlcpy(str, "...", 20);
/* read the bits for the int */
for (i = 0; i < no_of_bits; i++)
{
if (bit && (!(bit % 4)))
(void) g_strlcat(str, " ", 20);
bit++;
if (opcode & mask)
(void) g_strlcat(str, "1", 20);
else
(void) g_strlcat(str, "0", 20);
mask = mask >> 1;
}
proto_tree_add_uint_format(oap_tree, hf_oap_1_opcode, tvb, offset, 1, opcode & 0x1F, "%s = Opcode: %s (%u)", str, val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x1F);
}
/* Flags, based on opcode.
* Each opcode needs to define the flags, however, the fall into major categories...
*/
switch (opcode)
{
/* Both alias and a flag that equals command control. */
case OAP_1_CMD_ACTIVATE:
case OAP_1_CMD_CONNECT:
case OAP_1_CMD_FULL_CONNECT:
case OAP_1_CMD_GET:
case OAP_1_CMD_INVOKE:
case OAP_1_CMD_REGISTER:
case OAP_1_CMD_SET:
case OAP_1_CMD_SUBSCRIBE:
case OAP_1_CMD_WATCH:
proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA);
proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
if (flags & 0x20)
{
offset += 1;
offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, offset);
}
else
offset += 1;
break;
/* No alias, but flags for command control. */
case OAP_1_CMD_ADVERTISE:
/* TODO: Expert info on top two bits.*/
proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
if (flags & 0x20)
{
offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, ENC_BIG_ENDIAN);
}
else
offset += 1;
break;
/* No alias, but flag for provider. */
case OAP_1_RSP_GET:
case OAP_1_RSP_INVOKE:
case OAP_1_RSP_REGISTER:
case OAP_1_RSP_SET:
case OAP_1_RSP_SUBSCRIBE:
/* TODO: Expert info on top two bits.*/
proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA);
if (flags & 0x20)
{
offset += 1;
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
offset, hf_oap_1_providerid, ett_oap_1_1_providerid, NULL);
}
else
offset += 1;
if ((opcode == OAP_1_RSP_GET) || (opcode == OAP_1_RSP_INVOKE))
{
proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
offset += tvb_reported_length_remaining(tvb, offset);
}
break;
/* Alias, but no flags. */
case OAP_1_CMD_CHANGE:
case OAP_1_CMD_OPEN:
case OAP_1_CMD_PROVIDE:
case OAP_1_CMD_SIGNAL:
proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA);
offset += 1;
break;
/* Special flags. */
case OAP_1_RSP_EXCEPTION:
proto_tree_add_item(oap_tree, hf_oap_1_exception_internal_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(oap_tree, hf_oap_1_exception_final_flag, tvb, offset, 1, ENC_NA);
proto_tree_add_item(oap_tree, hf_oap_1_exception_provider_flag, tvb, offset, 1, ENC_NA);
offset += 1;
break;
/* No flags. */
case OAP_1_CMD_DEFINE:
case OAP_1_RSP_DEFINE:
case OAP_1_RSP_OPEN:
/* TODO: Non-zero not allowed.*/
offset += 1;
break;
default:
/* TODO: Illegal opcode.*/
return offset;
}
/* Parse off arguments based on opcodes. */
switch (opcode)
{
case OAP_1_CMD_SUBSCRIBE:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
/* The item identifier comes first, but it is compressed. */
{
gint item_id_len;
proto_item *pi;
read_c2(tvb, offset, &item_id, &item_id_len);
pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
validate_c2(pinfo, pi, item_id, item_id_len);
offset += item_id_len;
}
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
/* Read the miniumum delta. */
{
gint delta_len;
guint16 delta;
proto_item *pi;
read_c2(tvb, offset, &delta, &delta_len);
pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_subscription_delta, tvb, offset, delta_len, delta, "Minimum Delta: %u", delta);
validate_c2(pinfo, pi, delta, delta_len);
offset += delta_len;
}
}
break;
case OAP_1_CMD_REGISTER:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
/* The item identifier comes first, but it is compressed. */
{
gint item_id_len;
proto_item *pi;
read_c2(tvb, offset, &item_id, &item_id_len);
pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
validate_c2(pinfo, pi, item_id, item_id_len);
offset += item_id_len;
}
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
}
break;
case OAP_1_RSP_REGISTER:
{
if (flags & 0x20)
{
/* offset = add_oid( tvb, offset, NULL, oap_tree ); */
}
/* Sequence is next. */
proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
break;
case OAP_1_CMD_WATCH:
case OAP_1_CMD_ACTIVATE:
case OAP_1_CMD_CONNECT:
case OAP_1_CMD_FULL_CONNECT:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
}
break;
case OAP_1_CMD_ADVERTISE:
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
break;
case OAP_1_CMD_GET:
case OAP_1_CMD_INVOKE:
case OAP_1_CMD_SET:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
/* The item identifier comes first, but it is compressed. */
{
gint item_id_len;
proto_item *pi;
read_c2(tvb, offset, &item_id, &item_id_len);
pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
validate_c2(pinfo, pi, item_id, item_id_len);
offset += item_id_len;
}
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
if ((opcode == OAP_1_CMD_SET) || (opcode == OAP_1_CMD_INVOKE))
{
proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
offset += tvb_reported_length_remaining(tvb, offset);
}
}
break;
case OAP_1_CMD_OPEN:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
offset = oap_1_tree_add_interface(oap_tree, tvb, offset);
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);
}
break;
case OAP_1_CMD_PROVIDE:
{
guint8 alias_length = flags >> 6;
gint alias_offset;
gint iid_offset;
gint oid_offset;
if (alias_length == 3)
alias_length = 4;
alias_offset = offset;
if (alias_length == 0)
{
expert_add_info_format(pinfo, ti, &ei_malformed, "alias_length == 0");
return offset;
}
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_length, FALSE);
iid_offset = offset;
offset = oap_1_tree_add_interface(oap_tree, tvb, offset);
oid_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree,
offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL);
if (alias_length && !packet_data->processed)
{
guint32 alias;
oap_1_binding *binding = wmem_new0(wmem_file_scope(), oap_1_binding);
int i;
alias = 0;
for (i = 0; i < alias_length; i++)
alias = (alias << 8) | tvb_get_guint8(tvb, alias_offset + i);
binding->iid_length = oid_offset - iid_offset;
binding->iid = (guint8 *)wmem_alloc0(wmem_file_scope(), binding->iid_length);
tvb_memcpy(tvb, binding->iid, iid_offset, binding->iid_length);
binding->oid_length = offset - oid_offset;
binding->oid = (guint8 *)wmem_alloc0(wmem_file_scope(), binding->oid_length);
tvb_memcpy(tvb, binding->oid, oid_offset, binding->oid_length);
binding->frame = pinfo->fd->num;
oap_1_define_alias(api_data, alias, binding);
}
}
break;
case OAP_1_CMD_CHANGE:
case OAP_1_CMD_SIGNAL:
{
guint8 alias_len = (flags & 0xC0) >> 6;
if (alias_len == 3)
alias_len = 4;
/* The item identifier comes first, but it is compressed. */
{
gint item_id_len;
proto_item *pi;
read_c2(tvb, offset, &item_id, &item_id_len);
pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
validate_c2(pinfo, pi, item_id, item_id_len);
offset += item_id_len;
}
if (alias_len > 0)
{
if (api_data->session == NULL)
{
expert_add_info(pinfo, ti, &ei_oap_no_session);
return offset;
}
offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE);
}
else
offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset);
/* Sequence is next. */
proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
offset += tvb_reported_length_remaining(tvb, offset);
}
break;
case OAP_1_RSP_EXCEPTION:
{
if (flags & 0x20)
{
/* offset = add_oid( tvb, offset, NULL, oap_tree );*/
}
/* The response code, compressed. */
{
gint rsp_len;
guint16 rsp;
/* TODO: Validate*/
read_c2(tvb, offset, &rsp, &rsp_len);
/* TODO: Add to tree with error codes. */
offset += rsp_len;
}
proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA);
offset += tvb_reported_length_remaining(tvb, offset);
}
break;
default:
/* TODO: Bad opcode!*/
break;
}
return offset;
}
static int dissect_sgmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
guint offset = 0;
guint8 opcode;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *sgmp_tree;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
/* TODO: Output error. */
return 0;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SGMPv1 ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_sgmp, tvb, offset, -1, ENC_NA);
sgmp_tree = proto_item_add_subtree(ti, ett_sgmp);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(sgmp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
if (offset == tvb_captured_length(tvb))
{
col_append_str(pinfo->cinfo, COL_INFO, "SGMP [nop]");
expert_add_info(pinfo, sgmp_tree, &ei_implicit_no_op);
return offset;
}
/* Retrieve the opcode. */
opcode = tvb_get_guint8(tvb, offset);
if (!packet_data->is_command)
opcode |= SGMP_RESPONSE;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, sgmp_opcode_strings, "Unknown Opcode (%d)"));
/* Opcode */
proto_tree_add_item(sgmp_tree, hf_opcode, tvb, offset, 1, ENC_NA);
offset += 1;
switch (opcode)
{
case SGMP_CMD_EPOCH_CHANGED:
{
/* TMIN - 2 bytes */
{
proto_tree_add_item(sgmp_tree, hf_sgmp_tmin, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
/* EPOCH - 2 bytes */
{
proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
}
break;
case SGMP_CMD_HEARTBEAT:
{
gint start_offset;
/* Latest SGMP Version - Type.1 */
{
guint16 version;
gint length;
proto_item *pi;
start_offset = offset;
offset = read_c2(tvb, offset, &version, &length);
pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
validate_c2(pinfo, pi, version, length);
}
/* Desire - 1 byte */
{
proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA);
offset += 1;
}
/* Tie Breaker - 4 bytes */
{
proto_tree_add_item(sgmp_tree, hf_tie_breaker, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
}
break;
case SGMP_CMD_REKEY:
case SGMP_CMD_REKEY_EPOCH:
case SGMP_CMD_REKEY_MERGE:
{
#if 0 /*TODO check this */
gint start_offset;
tvbuff_t *initial_state;
#endif
guint8 key[32];
/* Delay - one byte */
if (opcode != SGMP_CMD_REKEY_MERGE)
{
proto_tree_add_item(sgmp_tree, hf_delay, tvb, offset, 1, ENC_NA);
offset += 1;
}
/* Initial State - Security.9 (not REKEY_MERGE) */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree,
offset, hf_initial_state, ett_initial_state, NULL);
#if 0 /*TODO check this */
initial_state = tvb_new_subset_length_caplen(tvb, start_offset, offset - start_offset, offset - start_offset);
#endif
}
/* Epoch - 2 bytes (only REKEY_EPOCH) */
if (opcode == SGMP_CMD_REKEY_EPOCH)
{
proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
/* Kgm - 32 bytes */
{
proto_tree_add_item(sgmp_tree, hf_key, tvb, offset, 32, ENC_NA);
tvb_memcpy(tvb, key, offset, 32);
offset += 32;
}
/* Handle the initialization block. */
if (!packet_data->processed && api_data->session)
{
/*dof_session_data* session = (dof_session_data*)api_data->session;*/
/* Look up the field-dissector table, and determine if it is registered. */
dissector_table_t field_dissector = find_dissector_table("dof.secmode");
if (field_dissector != NULL)
{
#if 0
dissector_handle_t field_handle = dissector_get_port_handle(field_dissector, packet_data->security_mode);
if (field_handle != NULL)
{
void *saved_private = pinfo->private_data;
dof_secmode_api_data setup_data;
gint block_length;
setup_data.version = DOF_API_VERSION;
setup_data.context = INITIALIZE;
setup_data.dof_api = api_data;
setup_data.secure_session = rekey_data->security_session;
/* TODO FIX THIS setup_data.session_key = session_key; */
pinfo->private_data = &setup_data;
block_length = call_dissector_only(field_handle, NULL, pinfo, NULL);
pinfo->private_data = saved_private;
}
#endif
}
}
}
break;
case SGMP_CMD_REQUEST_GROUP:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
guint I_offset = offset;
sgmp_packet_data *sgmp_data = NULL;
guint16 epoch;
/* START OF I BLOCK */
/* Domain - Security.7 */
{
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, sgmp_tree,
offset, hf_sgmp_domain, ett_sgmp_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
}
/* Epoch - 2 bytes */
{
epoch = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
/* Initiator Block - SGMP.6.3 */
{
/* SGMP Key Request - Security.4 */
{
dof_2008_16_security_4 response;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, sgmp_tree,
offset, hf_initiator_block, ett_initiator_block, &response);
if (!packet_data->processed)
{
tvbuff_t *identity = response.identity;
guint8 identity_length = tvb_reported_length(identity);
guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length);
/* Get the buffer. */
tvb_memcpy(identity, identity_buf, 0, identity_length);
{
sgmp_data = wmem_new0(wmem_file_scope(), sgmp_packet_data);
dof_packet_add_proto_data(packet_data, proto_sgmp, sgmp_data);
sgmp_data->domain_length = domain_length;
sgmp_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length);
memcpy(sgmp_data->domain, domain_buf, domain_length);
sgmp_data->group_length = identity_length;
sgmp_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length);
memcpy(sgmp_data->group, identity_buf, identity_length);
sgmp_data->epoch = epoch;
sgmp_data->request_session = api_data->session;
}
}
}
}
/* Security Scope - Security.10 */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, sgmp_tree,
offset, hf_sgmp_security_scope, ett_sgmp_security_scope, NULL);
}
/* END OF I BLOCK */
if (sgmp_data && !sgmp_data->I)
{
sgmp_data->I_length = offset - I_offset;
sgmp_data->I = (guint8 *)wmem_alloc0(wmem_file_scope(), sgmp_data->I_length);
tvb_memcpy(tvb, sgmp_data->I, I_offset, sgmp_data->I_length);
}
}
break;
case SGMP_RSP_REQUEST_GROUP:
{
gint start_offset;
#if 0 /*TODO check this */
guint A_offset;
tvbuff_t *initial_state;
guint A_end;
#endif
/* START OF A BLOCK */
/* Initial State - SGMP.6.2.1 */
{
/* A_offset = offset;*/
/* Initial State - Security.9 */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree,
offset, hf_initial_state, ett_initial_state, NULL);
#if 0 /*TODO check this */
initial_state = tvb_new_subset_length_caplen(tvb, start_offset, offset - start_offset, offset - start_offset);
#endif
}
/* Latest SGMP Version - Type.1 */
{
guint16 version;
gint length;
proto_item *pi;
start_offset = offset;
offset = read_c2(tvb, offset, &version, &length);
pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
validate_c2(pinfo, pi, version, length);
}
/* Desire - 1 byte */
{
proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA);
offset += 1;
}
}
/* END OF A BLOCK */
/* A block data handled in first part of the next block. */
#if 0 /*TODO check this */
A_end = offset;
#endif
/* Ticket - Security.5 */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, sgmp_tree,
offset, hf_ticket, ett_ticket, NULL);
}
/* Try to match up the information learned here with any groups that exist.
* Note that we do not know the SSID, and so we can only match based on the
* domain and group identifier. We will learn the SSID based on a successful
* match to a secure session.
*/
if (packet_data->opid_first && !api_data->secure_session)
{
#if 0
sgmp_packet_data* cmd_data = (sgmp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_sgmp);
extern struct BlockCipher BlockCipher_AES_256;
struct BlockCipher* cipher = &BlockCipher_AES_256;
guint8* ekey = (guint8*)ep_alloc(cipher->keyStateSize);
if (cmd_data && !cmd_data->A)
{
cmd_data->A_length = A_end - A_offset;
cmd_data->A = (guint8*)wmem_alloc0(wmem_file_scope(), cmd_data->A_length);
tvb_memcpy(tvb, cmd_data->A, A_offset, cmd_data->A_length);
}
/* Search through the appropriate keks to find a match. */
{
dof_learned_group_data* group = globals.learned_group_data;
struct list;
struct list
{ dof_learned_group_data *group;
struct list *next; };
struct list *to_try = NULL;
guint8 confirmation[32];
guint8* discovered_kek = NULL;
dof_learned_group_auth_data *auth = NULL;
tvb_memcpy(tvb, confirmation, start_offset, 32);
while (group)
{
if ((cmd_data->domain_length == group->domain_length) &&
(memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) &&
(cmd_data->group_length == group->group_length) &&
(memcmp(cmd_data->group, group->group, group->group_length) == 0))
{
struct list *n = (struct list *) ep_alloc0(sizeof(struct list));
n->group = group;
n->next = to_try;
to_try = n;
}
group = group->next;
}
/* At this point we may be able to learn the session key. */
while (to_try && !discovered_kek)
{
group = to_try->group;
auth = group->keys;
while (auth && !discovered_kek)
{
guint8 mac[32];
guint8 key[32];
int j;
/* It only makes sense to check matching epochs. */
if (auth->epoch == cmd_data->epoch)
{
tvb_memcpy(tvb, mac, start_offset, 32);
tvb_memcpy(tvb, key, start_offset + 32, 32);
if (cipher != NULL)
{
cipher->GenerateKeyState(ekey, auth->kek);
cipher->Encrypt(ekey, mac);
cipher->Encrypt(ekey, mac + 16);
}
for (j = 0; j < 32; j++)
key[j] ^= mac[j];
if (sgmp_validate_session_key(cmd_data, confirmation, auth->kek, key))
{
discovered_kek = (guint8*)se_alloc0(32);
memcpy(discovered_kek, key, 32);
break;
}
}
auth = auth->next;
}
to_try = to_try->next;
}
/* Determine if there is already a secure session for this information. If there is, then
* EPP will find it to decode any packets. If there is not, then we must create a secure
* session and initialize it so that future packets can be decoded.
* NOTE: None of the actual decoding is done here, because this packet is not encrypted
* in the session that it defines.
* NOTE: SGMP secure sessions are always attached to the DPS session, which is always
* associated with the transport session (server address).
*/
if (discovered_kek)
{
dissector_table_t field_dissector;
dissector_handle_t field_handle;
dof_session_key_exchange_data *key_exchange = NULL;
dof_secure_session_data *dof_secure_session = cmd_data->request_session->secure_sessions;
while (dof_secure_session)
{
if ((dof_secure_session->ssid == group->ssid) &&
(dof_secure_session->domain_length == group->domain_length) &&
(memcmp(dof_secure_session->domain, group->domain, group->domain_length) == 0))
break;
dof_secure_session = dof_secure_session->next;
}
if (!dof_secure_session)
{
dof_session_data *dof_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_data));
dof_session->session_id = globals.next_session++;
dof_session->dof_id = api_data->session->dof_id;
dof_secure_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_secure_session_data));
dof_secure_session->ssid = group->ssid;
dof_secure_session->domain_length = group->domain_length;
dof_secure_session->domain = group->domain;
dof_secure_session->original_session_id = cmd_data->request_session->session_id;
dof_secure_session->parent = dof_session;
dof_secure_session->is_2_node = FALSE;
dof_secure_session->next = cmd_data->request_session->secure_sessions;
cmd_data->request_session->secure_sessions = dof_secure_session;
}
/* This packet represents a new key exchange, and so a new key exchange data
* structure needs to be created.
*/
{
key_exchange = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_key_exchange_data));
if (!key_exchange)
return offset;
key_exchange->i_valid = packet_data->opid_first->dof_frame;
key_exchange->r_valid = packet_data->dof_frame;
key_exchange->security_mode = auth->security_mode;
key_exchange->security_mode_data = auth->mode;
key_exchange->security_mode_data_length = auth->mode_length;
key_exchange->session_key = discovered_kek;
/* Insert the new key information at the front of the list. */
if (!dof_secure_session->session_security_data_last)
dof_secure_session->session_security_data = key_exchange;
else
dof_secure_session->session_security_data_last->next = key_exchange;
dof_secure_session->session_security_data_last = key_exchange;
}
/* Look up the field-dissector table, and determine if it is registered. */
field_dissector = find_dissector_table("dps.secmode");
if (field_dissector != NULL)
{
field_handle = dissector_get_uint_handle(field_dissector, auth->security_mode);
if (field_handle != NULL)
{
dof_secmode_api_data setup_data;
gint block_length;
tvbuff_t *ntvb = tvb_new_subset_remaining(tvb, A_offset);
setup_data.context = INITIALIZE;
setup_data.security_mode_offset = 0;
setup_data.dof_api = api_data;
setup_data.secure_session = dof_secure_session;
setup_data.session_key_data = key_exchange;
block_length = call_dissector_only(field_handle, ntvb, pinfo, tree, &setup_data);
}
}
}
}
#endif
}
}
break;
default:
break;
}
return offset;
}
static gboolean validate_session_key(tep_rekey_data *rekey, guint S_length, guint8 *S, guint8 *confirmation, guint8 *key)
{
guint8 pad[16];
gcry_mac_hd_t hmac;
gcry_error_t result;
memset(pad, 0, sizeof(pad));
result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL);
if (result != 0)
return FALSE;
gcry_mac_setkey(hmac, key, 32);
gcry_mac_write(hmac, pad, 16 - rekey->i_nonce_length);
gcry_mac_write(hmac, rekey->i_nonce, rekey->i_nonce_length);
gcry_mac_write(hmac, pad, 16 - rekey->r_nonce_length);
gcry_mac_write(hmac, rekey->r_nonce, rekey->r_nonce_length);
gcry_mac_write(hmac, S, S_length);
gcry_mac_write(hmac, rekey->r_identity, rekey->r_identity_length);
result = gcry_mac_verify(hmac, confirmation, 32);
return result == 0;
}
static int dissect_tep_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
/* We are handed a buffer that starts with our protocol id. Any options follow that. */
gint offset = 0;
/* We don't care except for the treeview. */
if (!tree)
return 0;
/* Compute the version and flags, masking off other bits. */
offset += 4; /* Skip the type and protocol. */
proto_tree_add_item(tree, hf_dsp_option, tvb, 0, -1, ENC_NA);
return offset;
}
static int dissect_2008_4_tep_2_2_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 *ssid, void *data)
{
gint offset = 0;
proto_item *ti;
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
/* TODO: Output error. */
return 0;
}
/* State Identifier - Only if Unsecured */
if (packet_data->decrypted_buffer == NULL)
{
proto_item *pi;
gint ssid_len;
gint start = offset;
offset = read_c4(tvb, offset, ssid, &ssid_len);
pi = proto_tree_add_uint(tree, hf_tep_2_2_1_state_identifier, tvb, start, offset - start, *ssid);
validate_c4(pinfo, pi, *ssid, ssid_len);
}
/* Initial State */
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
ti = proto_tree_add_item(tree, hf_tep_2_2_1_initial_state, tvb, offset, 0, ENC_NA);
ti = proto_item_add_subtree(ti, ett_tep_2_2_1_initial_state);
block_length = dof_dissect_pdu(dissect_2008_16_security_9, start, pinfo, ti, NULL);
proto_item_set_len(ti, block_length);
offset += block_length;
}
return offset;
}
/**
* This is the main entry point for the CCM dissector.
* TEP operations create security periods.
* They can also create sessions when used with "None" sessions.
* In any case, these PDUs need to pass information between
* them.
* They also must maintain state for each rekey request, some of
* which modify the session key, some of which create new
* sessions, and others that determine new session information
* like permission sets.
*
* In order to store information appropriately, the following structures are
* used:
* 1. api_data (dof_api_data*) source for all other state.
* 2. packet (dof_packet_data*) dps packet information.
* 3. rekey_data (tep_rekey_data*) tep information for rekey/accept/confirm.
*/
static int dissect_tep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet;
tep_rekey_data *rekey_data;
guint offset = 0;
guint8 operation;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *tep_tree, *operation_tree;
if (api_data == NULL)
{
/* TODO: Output error. */
return 0;
}
packet = api_data->packet;
if (packet == NULL)
{
/* TODO: Output error. */
return 0;
}
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TEPv1 ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_tep, tvb, offset, -1, ENC_NA);
tep_tree = proto_item_add_subtree(ti, ett_tep);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(tep_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo,ti, app, app_len);
/* Check for empty packet. */
if (offset == tvb_captured_length(tvb))
{
col_append_str(pinfo->cinfo, COL_INFO, "TEP [nop]");
expert_add_info(pinfo, tep_tree, &ei_implicit_no_op);
return offset;
}
/* Retrieve the opcode. */
operation = tvb_get_guint8(tvb, offset);
if (!packet->is_command)
operation |= TEP_OPCODE_RSP;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)"));
ti = proto_tree_add_uint_format(tep_tree, hf_tep_operation, tvb, offset, 1, operation, "Operation: %s (%u)", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)"), operation);
operation_tree = proto_item_add_subtree(ti, ett_tep_operation);
ti = proto_tree_add_boolean(operation_tree, hf_tep_operation_type, tvb, offset, 0, operation);
proto_item_set_generated(ti);
/* The flags are reserved except for OPCODE=1 & COMMAND */
if ((operation & 0x8F) == 0x01)
{
proto_tree_add_item(operation_tree, hf_tep_c, tvb, offset, 1, ENC_NA);
proto_tree_add_item(operation_tree, hf_tep_k, tvb, offset, 1, ENC_NA);
}
proto_tree_add_item(operation_tree, hf_tep_opcode, tvb, offset, 1, ENC_NA);
offset += 1;
switch (operation)
{
case TEP_PDU_REQUEST_KEY:
/* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */
/* Remember the current request. */
rekey_data = (tep_rekey_data *)packet->opid_data;
if (!rekey_data)
{
packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data);
}
rekey_data->key_data = wmem_new0(wmem_file_scope(), dof_session_key_exchange_data);
rekey_data->is_rekey = TRUE;
/* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */
if (packet->decrypted_buffer == NULL)
{
gint start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, tep_tree,
offset, hf_tep_2_1_domain, ett_tep_2_1_domain, NULL);
if (!rekey_data->domain)
{
rekey_data->domain_length = offset - start_offset;
rekey_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->domain_length);
/* Get the buffer. */
tvb_memcpy(tvb, rekey_data->domain, start_offset, rekey_data->domain_length);
}
}
else
{
/* The domain is not present, but this is a secure packet and so the domain can be obtained
* through the session.
*/
if (!rekey_data->domain)
{
rekey_data->domain_length = api_data->secure_session->domain_length;
rekey_data->domain = api_data->secure_session->domain;
}
}
/* FALL THROUGH */
case TEP_PDU_REQUEST:
/* Remember the current request. */
rekey_data = (tep_rekey_data *)packet->opid_data;
if (!rekey_data)
{
if (api_data->secure_session == NULL)
{
/* TODO: Output error. */
return 0;
}
packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data);
rekey_data->domain_length = api_data->secure_session->domain_length;
rekey_data->domain = api_data->secure_session->domain;
}
/* The C bit must be clear, so there is an Initiator Block. */
{
dof_2008_16_security_6_1 response;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, tep_tree,
offset, hf_tep_2_1_initiator_block, ett_tep_2_1_initiator_block, &response);
if (!packet->processed)
{
tvbuff_t *inonce = response.i_nonce;
tvbuff_t *iidentity = response.i_identity;
rekey_data->i_nonce_length = tvb_reported_length(inonce);
rekey_data->i_nonce = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->i_nonce_length);
tvb_memcpy(inonce, rekey_data->i_nonce, 0, rekey_data->i_nonce_length);
rekey_data->i_identity_length = tvb_reported_length(iidentity);
rekey_data->i_identity = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->i_identity_length);
tvb_memcpy(iidentity, rekey_data->i_identity, 0, rekey_data->i_identity_length);
rekey_data->security_mode = response.security_mode;
rekey_data->security_mode_data_length = response.security_mode_data_length;
rekey_data->security_mode_data = response.security_mode_data;
}
}
break;
case TEP_PDU_ACCEPT:
{
guint32 ssid = 0;
guint8 *S = NULL;
guint8 S_length = 0;
guint8 confirmation[32];
typedef struct identity_key
{
guint8 *session_key;
struct identity_key *next;
} identity_key;
identity_key *identity_key_list = NULL;
dof_secure_session_data *dof_secure_session = NULL;
if (!packet->opid_first)
{
/* TODO: Print error */
return 0;
}
rekey_data = (tep_rekey_data *)packet->opid_first->opid_data;
if (!rekey_data)
return tvb_captured_length(tvb);
/* Initiator Ticket */
{
gint start_offset;
guint8 ticket[64];
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, tep_tree,
offset, hf_tep_2_2_initiator_ticket, ett_tep_2_2_initiator_ticket, NULL);
if (!packet->processed && rekey_data)
{
int i;
/* Produce a (possibly empty) list of potential keys based on our
* initiator secrets based on identity. These will be validated
* later on.
*/
for (i = 0; i < globals.global_security->identity_data_count; i++)
{
dof_identity_data *identity = globals.global_security->identity_data + i;
gcry_cipher_hd_t rijndael_handle;
int j;
if (identity->domain_length != rekey_data->domain_length)
continue;
if (memcmp(identity->domain, rekey_data->domain, identity->domain_length) != 0)
continue;
if (identity->identity_length != rekey_data->i_identity_length)
continue;
if (memcmp(identity->identity, rekey_data->i_identity, identity->identity_length) != 0)
continue;
tvb_memcpy(tvb, ticket, start_offset, 64);
if (!gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
if (!gcry_cipher_setkey(rijndael_handle, identity->secret, 32)) {
gcry_cipher_encrypt(rijndael_handle, ticket, 16, NULL, 0);
gcry_cipher_encrypt(rijndael_handle, ticket + 16, 16, NULL, 0);
}
gcry_cipher_close(rijndael_handle);
}
for (j = 0; j < 32; j++)
ticket[j + 32] = ticket[j + 32] ^ ticket[j];
/* Add the key to the list - ep memory. */
{
identity_key *key = (identity_key *)wmem_alloc0(wmem_file_scope(), sizeof(*key));
key->session_key = (guint8 *)wmem_alloc0(wmem_file_scope(), 32);
memcpy(key->session_key, ticket + 32, 32);
key->next = identity_key_list;
identity_key_list = key;
}
}
}
}
/* Ticket Confirmation */
{
if (!packet->processed)
tvb_memcpy(tvb, confirmation, offset, sizeof(confirmation));
proto_tree_add_item(tep_tree, hf_tep_2_2_ticket_confirmation, tvb, offset, 32, ENC_NA);
offset += 32;
}
/* Add a field to show the session key that has been learned. */
if (rekey_data->key_data && rekey_data->key_data->session_key && tep_tree)
{
ti = proto_tree_add_bytes_with_length(tree, hf_tep_session_key, tvb, 0, 0, rekey_data->key_data->session_key, 32);
proto_item_set_generated(ti);
}
/* Responder Initialization - present based on whether the command was a rekey */
{
if (rekey_data && rekey_data->is_rekey)
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
ti = proto_tree_add_item(tep_tree, hf_tep_2_2_responder_initialization, tvb, offset, 0, ENC_NA);
ti = proto_item_add_subtree(ti, ett_tep_2_2_responder_initialization);
block_length = dissect_2008_4_tep_2_2_1(start, pinfo, ti, &ssid, data);
proto_item_set_len(ti, block_length);
offset += block_length;
if (!packet->processed)
{
S_length = block_length;
S = (guint8 *)wmem_alloc0(wmem_file_scope(), S_length);
tvb_memcpy(start, S, 0, S_length);
}
/* TEP can create new sessions when not used inside an existing secure
* session. Each session can use an SSID, present in TEP.2.2.1.
* Note that in this case there may be no existing session, and so
* we need to "backpedal" and create one.
*/
if (packet->decrypted_buffer == NULL && !packet->processed)
{
#if 0
if (api_data->session)
tep_session = (tep_session_data*)dof_session_get_proto_data((dof_session_data*)api_data->session, proto_tep);
if (!tep_session && api_data->session)
{
tep_session = (tep_session_data*)se_alloc0(sizeof(*tep_session));
dof_session_add_proto_data((dof_session_data*)api_data->session, proto_tep, tep_session);
}
tep_session->pending_rekey = cmd;
tep_session->pending_confirm = packet;
#endif
}
}
}
/* Responder Block */
{
dof_2008_16_security_6_2 response;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, tep_tree,
offset, hf_tep_2_2_responder_block, ett_tep_2_2_responder_block, &response);
if (!packet->processed)
{
tvbuff_t *rnonce = response.r_nonce;
tvbuff_t *ridentity = response.r_identity;
rekey_data->r_nonce_length = tvb_reported_length(rnonce);
rekey_data->r_nonce = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->r_nonce_length);
tvb_memcpy(rnonce, rekey_data->r_nonce, 0, rekey_data->r_nonce_length);
rekey_data->r_identity_length = tvb_reported_length(ridentity);
rekey_data->r_identity = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->r_identity_length);
tvb_memcpy(ridentity, rekey_data->r_identity, 0, rekey_data->r_identity_length);
}
}
/* Authentication Initialization */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, tep_tree,
offset, hf_tep_2_2_authenticator_initialization, ett_tep_2_2_authenticator_initialization, NULL);
}
/* The request was accepted, and so a new secure session exists. We define the session,
* add it to the list of secure sessions for the unsecure session, and EPP will do the
* rest.
*/
if (packet->decrypted_buffer == NULL)
{
/* This triggers the creation of the corresponding secure DPS session if it is not already
* created. This allows information to be stored in that session even though no packets
* have used it yet. There is a problem, however, because at this point we do not know
* the SSID that (may) be associated with this session.
*/
{
dof_session_data *dof_session = api_data->session;
dof_secure_session = dof_session->secure_sessions;
while (dof_secure_session != NULL)
{
/* Determine matching session. The session list already is scoped by transport and DPS
* session, so the only thing remaining is the domain and secure session ID.
*/
if ((dof_secure_session->ssid == ssid) &&
(dof_secure_session->domain_length == rekey_data->domain_length) &&
(memcmp(dof_secure_session->domain, rekey_data->domain, rekey_data->domain_length) == 0))
break;
dof_secure_session = dof_secure_session->next;
}
if (!dof_secure_session)
{
dof_session = wmem_new0(wmem_file_scope(), dof_session_data);
dof_session->session_id = globals.next_session++;
dof_session->dof_id = api_data->session->dof_id;
dof_secure_session = wmem_new0(wmem_file_scope(), dof_secure_session_data);
dof_secure_session->ssid = ssid;
dof_secure_session->domain_length = rekey_data->domain_length;
dof_secure_session->domain = rekey_data->domain;
dof_secure_session->original_session_id = api_data->session->session_id;
dof_secure_session->parent = dof_session;
dof_secure_session->is_2_node = TRUE;
dof_secure_session->next = api_data->session->secure_sessions;
api_data->session->secure_sessions = dof_secure_session;
if (!dof_secure_session->session_security_data_last)
dof_secure_session->session_security_data = rekey_data->key_data;
else
dof_secure_session->session_security_data_last->next = rekey_data->key_data;
dof_secure_session->session_security_data_last = rekey_data->key_data;
}
}
}
/* This PDU indicates the beginning of security for the responder. The next PDU
* sent will be encrypted with these settings. This means that we must determine
* the security settings and set them in the session.
*/
if (!packet->processed && rekey_data->is_rekey)
{
int i;
guint8 *session_key = NULL;
/* We have everything that we need. Determine the session secret if we can. */
/* Check any keys determined above by initiator identity. */
while (session_key == NULL && identity_key_list)
{
if (validate_session_key(rekey_data, S_length, S, confirmation, identity_key_list->session_key))
{
session_key = (guint8 *)wmem_alloc0(wmem_file_scope(), 32);
memcpy(session_key, identity_key_list->session_key, 32);
}
identity_key_list = identity_key_list->next;
}
/* For each key in the global configuration, see if we can validate the confirmation. */
for (i = 0; session_key == NULL && i < globals.global_security->session_key_count; i++)
{
if (validate_session_key(rekey_data, S_length, S, confirmation, globals.global_security->session_key[i].session_key))
session_key = globals.global_security->session_key[i].session_key;
}
/* Whether or not this can be decrypted, the security mode infomation
* should be kept with the session.
*/
{
rekey_data->key_data->r_valid = packet->dof_frame;
rekey_data->key_data->i_valid = G_MAXUINT32;
rekey_data->key_data->session_key = session_key;
rekey_data->key_data->security_mode = rekey_data->security_mode;
rekey_data->key_data->security_mode_data_length = rekey_data->security_mode_data_length;
rekey_data->key_data->security_mode_data = rekey_data->security_mode_data;
if (session_key && dof_secure_session)
{
/* Look up the field-dissector table, and determine if it is registered. */
dissector_table_t field_dissector = find_dissector_table("dof.secmode");
if (field_dissector != NULL)
{
dissector_handle_t field_handle = dissector_get_uint_handle(field_dissector, rekey_data->key_data->security_mode);
if (field_handle != NULL)
{
dof_secmode_api_data setup_data;
setup_data.context = INITIALIZE;
setup_data.security_mode_offset = 0;
setup_data.dof_api = api_data;
setup_data.secure_session = dof_secure_session;
setup_data.session_key_data = rekey_data->key_data;
call_dissector_only(field_handle, NULL, pinfo, NULL, &setup_data);
}
}
}
}
}
}
break;
case TEP_PDU_CONFIRM:
{
/* C is set, K is clear. */
/* Ticket Confirmation */
proto_tree_add_item(tep_tree, hf_tep_2_1_ticket_confirmation, tvb, offset, 32, ENC_NA);
offset += 32;
if (!packet->processed && api_data->session && packet->opid_first && packet->opid_first->opid_data)
{
dof_session_key_exchange_data *sk_data;
rekey_data = (tep_rekey_data *)packet->opid_first->opid_data;
sk_data = rekey_data->key_data;
/* TODO: Error if not found or if already set. */
if (sk_data)
sk_data->i_valid = packet->dof_frame;
}
}
break;
case TEP_PDU_END_SESSION:
case TEP_PDU_SESSION_ENDING:
break;
case TEP_PDU_REJECT:
{
/* Error Code */
proto_tree_add_item(tep_tree, hf_tep_reject_code, tvb, offset, 1, ENC_NA);
offset += 1;
/* Error Description */
if (tvb_captured_length(tvb) > offset)
proto_tree_add_item(tep_tree, hf_tep_reject_data, tvb, offset, -1, ENC_NA);
}
break;
default:
break;
}
return offset;
}
static int dissect_trp_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
/* We are handed a buffer that starts with our protocol id. Any options follow that. */
gint offset = 0;
/* We don't care except for the treeview. */
if (!tree)
return 0;
/* Compute the version and flags, masking off other bits. */
offset += 4; /* Skip the type and protocol. */
proto_tree_add_item(tree, hf_trp_dsp_option, tvb, 0, -1, ENC_NA);
return offset;
}
static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
dof_api_data *api_data = (dof_api_data *)data;
dof_packet_data *packet_data;
guint offset = 0;
guint8 opcode;
guint16 app;
gint app_len;
proto_item *ti;
proto_tree *trp_tree;
trp_packet_data *trp_data;
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TRP ");
/* Create the protocol tree. */
offset = 0;
ti = proto_tree_add_item(tree, proto_trp, tvb, offset, -1, ENC_NA);
trp_tree = proto_item_add_subtree(ti, ett_trp);
/* Add the APPID. */
offset = read_c2(tvb, offset, &app, &app_len);
ti = proto_tree_add_uint(trp_tree, hf_2008_1_app_version, tvb, 0, app_len, app);
validate_c2(pinfo, ti, app, app_len);
if (api_data == NULL)
{
expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL");
return offset;
}
packet_data = api_data->packet;
if (packet_data == NULL)
{
expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL");
return offset;
}
trp_data = (trp_packet_data *)dof_packet_get_proto_data(packet_data, proto_trp);
if (offset == tvb_captured_length(tvb))
{
col_append_str(pinfo->cinfo, COL_INFO, "TRP [nop]");
expert_add_info(pinfo, trp_tree, &ei_implicit_no_op);
return offset;
}
/* Retrieve the opcode. */
opcode = tvb_get_guint8(tvb, offset);
if (!packet_data->is_command)
opcode |= TRP_RESPONSE;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)"));
/* Opcode */
ti = proto_tree_add_uint_format(trp_tree, hf_trp_opcode, tvb, offset, 1, opcode & 0x7F, "Opcode: %s (%u)", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x7F);
offset += 1;
switch (opcode)
{
case TRP_RSP_REJECT:
{
/* Error Code */
proto_tree_add_item(trp_tree, hf_trp_errorcode, tvb, offset, 1, ENC_NA);
offset += 1;
}
break;
case TRP_CMD_REQUEST_KEK:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
if (trp_data && trp_data->identity_length)
{
expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
}
/* Domain - Security.7 */
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
/* Initiator Block - TRP.4.1.1 */
{
dof_2008_16_security_4 response;
trp_packet_data *trp_pkt_data = NULL;
start_offset = offset;
/* Initiator Key Request - Security.4 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
offset, hf_initiator_request, ett_initiator_request, &response);
if (!packet_data->processed)
{
tvbuff_t *identity = response.identity;
guint8 identity_length = tvb_reported_length(identity);
guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length);
int i;
/* Get the buffer. */
tvb_memcpy(identity, identity_buf, 0, identity_length);
/* Check to see if there is a matching identity. */
for (i = 0; i < globals.global_security->identity_data_count; i++)
{
dof_identity_data *gidentity = globals.global_security->identity_data + i;
if (domain_length != gidentity->domain_length ||
memcmp(domain_buf, gidentity->domain, domain_length) != 0)
continue;
if (identity_length == gidentity->identity_length &&
memcmp(identity_buf, gidentity->identity, identity_length) == 0)
{
trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data);
dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data);
trp_pkt_data->domain_length = domain_length;
trp_pkt_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length);
memcpy(trp_pkt_data->domain, domain_buf, domain_length);
trp_pkt_data->identity_length = identity_length;
trp_pkt_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length);
memcpy(trp_pkt_data->identity, identity_buf, identity_length);
trp_pkt_data->secret = gidentity->secret;
}
}
}
/* Group Identifier - Security.8 */
{
gint gid_start = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree,
offset, hf_group_identifier, ett_group_identifier, NULL);
if (trp_pkt_data)
{
trp_pkt_data->group_length = offset - gid_start;
trp_pkt_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->group_length);
tvb_memcpy(tvb, trp_pkt_data->group, gid_start, trp_pkt_data->group_length);
}
}
if (trp_pkt_data)
{
/* We need to store the entire block_I for later use. */
trp_pkt_data->block_I_length = offset - start_offset;
trp_pkt_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length);
}
}
}
break;
case TRP_RSP_REQUEST_KEK:
{
gint start_offset;
guint32 ssid;
guint8 *mode;
guint8 mode_length;
guint8 *block_A;
guint8 block_A_length;
if (trp_data && trp_data->kek_known)
{
expert_add_info(pinfo, ti, &ei_trp_kek_discovered);
}
/* Initiator Ticket - Security.5 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
offset, hf_initiator_ticket, ett_initiator_ticket, NULL);
/* Initialization Block - TRP.4.2.1 */
/* A BLOCK */
{
start_offset = offset;
/* THB */
{
proto_tree_add_item(trp_tree, hf_thb, tvb, offset, 1, ENC_NA);
offset += 1;
}
/* TMIN */
{
proto_tree_add_item(trp_tree, hf_tmin, tvb, offset, 1, ENC_NA);
offset += 1;
}
/* TMAX */
{
proto_tree_add_item(trp_tree, hf_tmax, tvb, offset, 1, ENC_NA);
offset += 1;
}
/* Epoch */
{
proto_tree_add_item(trp_tree, hf_trp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
/* SIDg - Type.4 */
{
offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, trp_tree,
offset, hf_sidg, ett_sidg, NULL);
}
/* Initiator Node Security Scope - Security.10 */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree,
offset, hf_security_scope, ett_security_scope, NULL);
}
/* Security Mode - Security.13 */
{
gint mode_start = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_13, tvb, pinfo, trp_tree,
offset, hf_security_mode, ett_security_mode, NULL);
if (!packet_data->processed)
{
mode_length = offset - mode_start;
mode = (guint8 *)wmem_alloc0(wmem_packet_scope(), mode_length);
tvb_memcpy(tvb, mode, mode_start, mode_length);
}
}
/* State Identifier - Type.3 */
{
gint s_offset = offset;
gint ssid_len;
proto_item *pi;
offset = read_c4(tvb, offset, &ssid, &ssid_len);
ssid |= AS_ASSIGNED_SSID; /* TRP SSID are *always* assigned by the AS. */
pi = proto_tree_add_uint_format(trp_tree, hf_ssid, tvb, s_offset, offset - s_offset, ssid, "SSID: %u", ssid);
validate_c4(pinfo, pi, ssid, ssid_len);
}
/* PG - Security.2 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_2, tvb, pinfo, trp_tree,
offset, hf_responder_pg, ett_responder_pg, NULL);
/* Group Validation - Security.11 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
offset, hf_responder_validation, ett_responder_validation, NULL);
/* Initiator Validation - Security.11 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
offset, hf_initiator_validation, ett_initiator_validation, NULL);
block_A_length = offset - start_offset;
block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length);
tvb_memcpy(tvb, block_A, start_offset, block_A_length);
}
/* Determine the KEK, if possible. This requires that either the initiator node's secret
* is known or that the group has been configured. In either case this requires knowledge
* from the matching command, including the domain, identity, and group information.
*/
if (packet_data->opid_first && !packet_data->processed)
{
#if 0
trp_packet_data* cmd_data = (trp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_trp);
guint8 mac[32];
extern struct BlockCipher BlockCipher_AES_256;
struct BlockCipher* cipher = &BlockCipher_AES_256;
guint8* ekey = (guint8*)ep_alloc(cipher->keyStateSize);
int i;
if (cmd_data)
{
guint8 kek[32];
tvb_memcpy(tvb, mac, mac_offset, 32);
tvb_memcpy(tvb, kek, mac_offset + 32, 32);
if (cipher != NULL)
{
cipher->GenerateKeyState(ekey, cmd_data->secret);
cipher->Encrypt(ekey, mac);
cipher->Encrypt(ekey, mac + 16);
}
for (i = 0; i < 32; i++)
kek[i] ^= mac[i];
{
OALSecureHMACContext ctx;
OALSecureHMACDigest digest;
OALSecureHMAC_Start(&ctx, cmd_data->secret);
OALSecureHMAC_Digest(&ctx, cmd_data->domain_length, cmd_data->domain);
OALSecureHMAC_Digest(&ctx, cmd_data->block_I_length, cmd_data->block_I);
OALSecureHMAC_Digest(&ctx, block_A_length, block_A);
OALSecureHMAC_Digest(&ctx, 32, kek);
OALSecureHMAC_Finish(&ctx, digest);
tvb_memcpy(tvb, mac, mac_offset, 32);
if (memcmp(mac, digest, 32) == 0)
{
dof_learned_group_data* group = globals.learned_group_data;
dof_learned_group_auth_data *auth = NULL;
/* The KEK has been discovered, flag this for output on the PDU. */
if (!trp_data)
{
trp_data = wmem_alloc0(wmem_file_scope(), sizeof(trp_packet_data));
dof_packet_add_proto_data(packet_data, proto_trp, trp_data);
}
trp_data->kek_known = TRUE;
while (group)
{
if ((cmd_data->domain_length == group->domain_length) &&
(memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) &&
(cmd_data->group_length == group->group_length) &&
(memcmp(cmd_data->group, group->group, group->group_length) == 0) &&
(ssid == group->ssid))
break;
group = group->next;
}
if (group == NULL)
{
group = wmem_alloc0(wmem_file_scope, sizeof(dof_learned_group_data));
group->domain_length = cmd_data->domain_length;
group->domain = cmd_data->domain;
group->group_length = cmd_data->group_length;
group->group = cmd_data->group;
group->ssid = ssid;
group->next = globals.learned_group_data;
globals.learned_group_data = group;
}
auth = group->keys;
while (auth)
{
if (epoch == auth->epoch)
break;
auth = auth->next;
}
if (auth == NULL)
{
auth = wmem_alloc0(wmem_file_scope(), sizeof(dof_learned_group_auth_data));
auth->epoch = epoch;
auth->next = group->keys;
group->keys = auth;
auth->kek = (guint8*)wmem_alloc0(wmem_file_scope(), 32);
memcpy(auth->kek, kek, 32);
auth->mode_length = mode_length;
auth->mode = (guint8*)wmem_alloc0(wmem_file_scope(), mode_length);
memcpy(auth->mode, mode, mode_length);
auth->security_mode = (mode[1] * 256) | mode[2];
auth->parent = group;
}
}
}
}
#endif
}
}
break;
case TRP_CMD_REQUEST_RANDOM:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
if (trp_data && trp_data->identity_length)
{
expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
}
/* Domain - Security.7 */
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
offset, hf_domain, ett_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
/* Initiator Block - TRP.6.1.1 */
{
dof_2008_16_security_4 response;
trp_packet_data *trp_pkt_data = NULL;
start_offset = offset;
/* Initiator Key Request - Security.4 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
offset, hf_initiator_request, ett_initiator_request, &response);
if (!packet_data->processed)
{
tvbuff_t *identity = response.identity;
guint8 identity_length = tvb_reported_length(identity);
guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length);
int i;
/* Get the buffer. */
tvb_memcpy(identity, identity_buf, 0, identity_length);
/* Check to see if there is a matching identity. */
for (i = 0; i < globals.global_security->identity_data_count; i++)
{
dof_identity_data *gidentity = globals.global_security->identity_data + i;
if (domain_length != gidentity->domain_length ||
memcmp(domain_buf, gidentity->domain, domain_length) != 0)
continue;
if (identity_length == gidentity->identity_length &&
memcmp(identity_buf, gidentity->identity, identity_length) == 0)
{
trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data);
dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data);
trp_pkt_data->domain_length = domain_length;
trp_pkt_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length);
memcpy(trp_pkt_data->domain, domain_buf, domain_length);
trp_pkt_data->identity_length = identity_length;
trp_pkt_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length);
memcpy(trp_pkt_data->identity, identity_buf, identity_length);
trp_pkt_data->secret = gidentity->secret;
}
}
}
if (trp_pkt_data)
{
/* We need to store the entire block_I for later use. */
trp_pkt_data->block_I_length = offset - start_offset;
trp_pkt_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length);
}
}
}
break;
case TRP_RSP_REQUEST_RANDOM:
{
/* Initiator Ticket - Security.5 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
offset, hf_initiator_ticket, ett_initiator_ticket, NULL);
}
break;
case TRP_CMD_REQUEST_SECURITY_SCOPES:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
if (trp_data && trp_data->identity_length)
{
expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
}
/* Domain - Security.7 */
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
offset, hf_domain, ett_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
/* Initiator Block - TRP.5.1.1 */
{
dof_2008_16_security_4 response;
trp_packet_data *trp_pk_data = NULL;
start_offset = offset;
/* Initiator Duration Request */
proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA);
offset += 1;
/* Initiator Key Request - Security.4 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree,
offset, hf_initiator_request, ett_initiator_request, &response);
if (!packet_data->processed)
{
tvbuff_t *identity = response.identity;
guint8 identity_length = tvb_reported_length(identity);
guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length);
int i;
/* Get the buffer. */
tvb_memcpy(identity, identity_buf, 0, identity_length);
/* Check to see if there is a matching identity. */
for (i = 0; i < globals.global_security->identity_data_count; i++)
{
dof_identity_data *gidentity = globals.global_security->identity_data + i;
if (domain_length != gidentity->domain_length ||
memcmp(domain_buf, gidentity->domain, domain_length) != 0)
continue;
if (identity_length == gidentity->identity_length &&
memcmp(identity_buf, gidentity->identity, identity_length) == 0)
{
trp_pk_data = wmem_new0(wmem_file_scope(), trp_packet_data);
dof_packet_add_proto_data(packet_data, proto_trp, trp_pk_data);
trp_pk_data->domain_length = domain_length;
trp_pk_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length);
memcpy(trp_pk_data->domain, domain_buf, domain_length);
trp_pk_data->identity_length = identity_length;
trp_pk_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length);
memcpy(trp_pk_data->identity, identity_buf, identity_length);
trp_pk_data->secret = gidentity->secret;
}
}
}
/* Node - Security.8 */
{
gint gid_start = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree,
offset, hf_node_identifier, ett_node_identifier, NULL);
if (trp_pk_data)
{
trp_pk_data->group_length = offset - gid_start;
trp_pk_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pk_data->group_length);
tvb_memcpy(tvb, trp_pk_data->group, gid_start, trp_pk_data->group_length);
}
}
if (trp_pk_data)
{
/* We need to store the entire block_I for later use. */
trp_pk_data->block_I_length = offset - start_offset;
trp_pk_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pk_data->block_I_length);
tvb_memcpy(tvb, trp_pk_data->block_I, start_offset, trp_pk_data->block_I_length);
}
}
}
break;
case TRP_RSP_REQUEST_SECURITY_SCOPES:
{
gint start_offset;
guint8 *block_A;
guint8 block_A_length;
/* Initiator Ticket - Security.5 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
offset, hf_initiator_ticket, ett_initiator_ticket, NULL);
/* Initialization Block - TRP.5.2.1 */
/* A BLOCK */
{
start_offset = offset;
/* Initiator Duration Request */
proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA);
offset += 1;
/* Initiator Node Security Scope - Security.10 */
{
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree,
offset, hf_security_scope, ett_security_scope, NULL);
}
/* Validation - Security.11 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree,
offset, hf_initiator_validation, ett_initiator_validation, NULL);
block_A_length = offset - start_offset;
block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length);
tvb_memcpy(tvb, block_A, start_offset, block_A_length);
}
}
break;
case TRP_CMD_RESOLVE_CREDENTIAL:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
/* Domain - Security.7 */
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
offset, hf_domain, ett_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
/* Identity Resolution - Security.3.2 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree,
offset, hf_identity_resolution, ett_identity_resolution, NULL);
}
break;
case TRP_RSP_RESOLVE_CREDENTIAL:
{
/* Identity Resolution - Security.3.2 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree,
offset, hf_identity_resolution, ett_identity_resolution, NULL);
}
break;
case TRP_CMD_REQUEST_SESSION:
{
guint8 *domain_buf = NULL;
guint8 domain_length = 0;
gint start_offset;
if (trp_data && trp_data->identity_length)
{
expert_add_info(pinfo, ti, &ei_trp_initiator_id_known);
}
/* Domain - Security.7 */
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
offset, hf_domain, ett_domain, NULL);
if (!packet_data->processed)
{
domain_length = offset - start_offset;
domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length);
tvb_memcpy(tvb, domain_buf, start_offset, domain_length);
}
/* Responder Block - Security.6.2 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, trp_tree,
offset, hf_responder_request, ett_responder_request, NULL);
/* Initiator Block - Security.6.1 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, trp_tree,
offset, hf_initiator_request, ett_initiator_request, NULL);
}
break;
case TRP_RSP_REQUEST_SESSION:
{
gint start_offset;
guint8 *block_A;
guint8 block_A_length;
/* Responder Ticket - Security.5 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
offset, hf_responder_ticket, ett_responder_ticket, NULL);
/* Initiator Ticket - Security.5 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree,
offset, hf_initiator_ticket, ett_initiator_ticket, NULL);
/* Initialization Block - Security.6.3 */
/* A BLOCK */
{
start_offset = offset;
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, trp_tree,
offset, hf_authentication_block, ett_authentication_block, NULL);
block_A_length = offset - start_offset;
block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length);
tvb_memcpy(tvb, block_A, start_offset, block_A_length);
}
}
break;
case TRP_CMD_VALIDATE_CREDENTIAL:
{
tvbuff_t *data_tvb;
/* Domain - Security.7 */
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree,
offset, hf_domain, ett_domain, NULL);
offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_1, tvb, pinfo, trp_tree,
offset, hf_identity_resolution, ett_identity_resolution, NULL);
data_tvb = tvb_new_subset_remaining(tvb, offset);
call_data_dissector(data_tvb, pinfo, trp_tree);
}
break;
case TRP_RSP_VALIDATE_CREDENTIAL:
{
tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset);
call_data_dissector(data_tvb, pinfo, trp_tree);
}
break;
}
return offset;
}
/* Initialize Core Tunnel Functionality */
static void dof_tun_register(void)
{
static hf_register_info hf[] =
{
{ &hf_2012_1_tunnel_1_version,
{ "Version", "dof.2012_1.tunnel_1.version", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }
},
{ &hf_2012_1_tunnel_1_length,
{ "Length", "dof.2012_1.tunnel_1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }
},
};
static gint *ett[] = {
&ett_2012_1_tunnel,
};
proto_2012_1_tunnel = proto_register_protocol(TUNNEL_PROTOCOL_STACK, "DTPS", "dtps");
proto_register_field_array(proto_2012_1_tunnel, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_dissector(TUNNEL_PROTOCOL_STACK, dissect_tunnel_common, proto_2012_1_tunnel);
dof_tun_app_dissectors = register_dissector_table("dof.tunnel.app", "DOF Tunnel Version", proto_2012_1_tunnel, FT_UINT8, BASE_DEC);
}
static void dof_tun_reset(void)
{
}
static void dof_tun_cleanup(void)
{
}
/* The registration hand-off routine */
static void dof_tun_handoff(void)
{
static dissector_handle_t tcp_handle;
register_dissector(TUNNEL_APPLICATION_PROTOCOL, dissect_tun_app_common, proto_2008_1_app);
tcp_handle = create_dissector_handle(dissect_tunnel_tcp, proto_2012_1_tunnel);
dissector_add_uint_with_preference("tcp.port", DOF_TUN_NON_SEC_TCP_PORT, tcp_handle);
}
/* Main DOF Registration Support */
static void dof_reset(void)
{
globals.next_session = 1;
globals.next_transport_session = 1;
globals.dof_packet_head = globals.dof_packet_tail = NULL;
globals.global_security = &global_security;
globals.learned_group_data = NULL;
globals.decrypt_all_packets = decrypt_all_packets;
globals.track_operations = track_operations;
globals.track_operations_window = track_operations_window;
init_addr_port_tables();
/* Reset the packet counter. */
next_dof_frame = 1;
/* Load the template values for different groups. */
{
secmode_field_t *list = secmode_list;
guint i;
global_security.group_data = g_new0(dof_group_data, num_secmode_list);
global_security.group_data_count = num_secmode_list;
for (i = 0; i < num_secmode_list; i++)
{
guint8 kek_len;
dof_group_data *group_data = global_security.group_data + i;
parse_hex_string(list[i].domain, &(group_data->domain), &(group_data->domain_length));
parse_hex_string(list[i].identity, &(group_data->identity), &(group_data->identity_length));
parse_hex_string(list[i].kek, &(group_data->kek), &kek_len);
}
}
/* Load the template values for different secrets. */
{
seckey_field_t *list = seckey_list;
guint i;
/* Clear existing. */
for (i = 0; i < global_security.session_key_count; i++)
{
dof_session_key_data *session_data = &global_security.session_key[i];
g_free(session_data->session_key);
}
g_free(global_security.session_key);
global_security.session_key = NULL;
global_security.session_key_count = 0;
global_security.session_key = g_new0(dof_session_key_data, num_seckey_list);
global_security.session_key_count = num_seckey_list;
for (i = 0; i < num_seckey_list; i++)
{
guint8 key_len;
dof_session_key_data *session_data = global_security.session_key + i;
parse_hex_string(list[i].key, &(session_data->session_key), &key_len);
}
}
/* Load the template values for different identities. */
{
identsecret_field_t *list = identsecret_list;
guint i;
/* Clear existing. */
for (i = 0; i < global_security.identity_data_count; i++)
{
dof_identity_data *identity_data = &global_security.identity_data[i];
g_free(identity_data->domain);
g_free(identity_data->identity);
g_free(identity_data->secret);
}
g_free(global_security.identity_data);
global_security.identity_data = NULL;
global_security.identity_data_count = 0;
global_security.identity_data = g_new0(dof_identity_data, num_identsecret_list);
global_security.identity_data_count = num_identsecret_list;
for (i = 0; i < num_identsecret_list; i++)
{
guint8 key_len;
guint32 size;
dof_identity_data *identity_data = global_security.identity_data + i;
if (VALIDHEX(list[i].domain[0]))
{
parse_hex_string(list[i].domain, &(identity_data->domain), &(identity_data->domain_length));
}
else
{
size = (guint32)strlen(list[i].domain);
dof_oid_new_standard_string(list[i].domain, &size, &(identity_data->domain));
identity_data->domain_length = size;
}
if (VALIDHEX(list[i].identity[0]))
{
parse_hex_string(list[i].identity, &(identity_data->identity), &(identity_data->identity_length));
}
else
{
size = (guint32)strlen(list[i].identity);
dof_oid_new_standard_string(list[i].identity, &size, &(identity_data->identity));
identity_data->identity_length = size;
}
parse_hex_string(list[i].secret, &(identity_data->secret), &key_len);
}
}
}
static void dof_cleanup(void)
{
guint i;
/* Clear existing. */
for (i = 0; i < global_security.group_data_count; i++)
{
dof_group_data *group_data = &global_security.group_data[i];
g_free(group_data->domain);
g_free(group_data->identity);
g_free(group_data->kek);
}
g_free(global_security.group_data);
global_security.group_data = NULL;
global_security.group_data_count = 0;
}
/**
* Initialize Core DPS Functionality
*/
static void dof_register(void)
{
static hf_register_info hf[] =
{
{ &hf_security_1_permission_type,
{ "Permission Type", "dof.2008.16.security.1.desired-duration", FT_UINT16, BASE_DEC, VALS(dof_2008_16_permission_type), 0, NULL, HFILL } },
{ &hf_security_1_length,
{ "Length", "dof.2008.16.security.1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_1_data,
{ "Data", "dof.2008.16.security.1.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.2 */
{ &hf_security_2_count,
{ "Count", "dof.2008.16.security.2.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_2_permission,
{ "Permission", "dof.2008.16.security.2.permission", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.3.1 */
{ &hf_security_3_1_credential_type,
{ "Credential Type", "dof.2008.16.security.3.1.credential_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_3_1_stage,
{ "Stage", "dof.2008.16.security.3.1.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_3_1_security_node_identifier,
{ "Security Node Identifier", "dof.2008.16.security.3.1.security_node_identifier", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security 3.2 */
{ &hf_security_3_2_credential_type,
{ "Credential Type", "dof.2008.16.security.3.2.credential_type", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_3_2_stage,
{ "Stage", "dof.2008.16.security.3.2.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_3_2_length,
{ "Length", "dof.2008.16.security.3.2.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_3_2_public_data,
{ "Public Data", "dof.2008.16.security.3.2.public_data", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.4 */
{ &hf_security_4_l,
{ "L", "dof.2008.16.security.4.l", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
{ &hf_security_4_f,
{ "F", "dof.2008.16.security.4.f", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } },
{ &hf_security_4_ln,
{ "Ln", "dof.2008.16.security.4.ln", FT_UINT8, BASE_DEC, NULL, 0x0F, NULL, HFILL } },
{ &hf_security_4_identity,
{ "Identity", "dof.2008.16.security.4.identity", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_4_nonce,
{ "Nonce", "dof.2008.16.security.4.nonce", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_4_permission_set,
{ "Permission Set", "dof.2008.16.security.4.permission_set", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.5 */
{ &hf_security_5_mac,
{ "MAC", "dof.2008.16.security.5.mac", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_5_key,
{ "KEY", "dof.2008.16.security.5.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.6.1 */
{ &hf_security_6_1_desired_duration,
{ "Desired Duration", "dof.2008.16.security.6.1.desired_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_6_1_desired_security_mode,
{ "Desired Security Mode", "dof.2008.16.security.6.1.desired_security_mode", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_6_1_initiator_request,
{ "Initiator Request", "dof.2008.16.security.6.1.initiator_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.6.2 */
{ &hf_security_6_2_responder_request,
{ "Responder Request", "dof.2008.16.security.6.2.responder_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.6.3 */
{ &hf_security_6_3_granted_duration,
{ "Granted Duration", "dof.2008.16.security.6.3.granted_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_6_3_session_security_scope,
{ "Session Security Scope", "dof.2008.16.security.6.3.session_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_6_3_initiator_validation,
{ "Initiator Validation", "dof.2008.16.security.6.3.initiator_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_security_6_3_responder_validation,
{ "Responder Validation", "dof.2008.16.security.6.3.responder_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.9 */
{ &hf_security_9_length,
{ "Length", "dof.2008.16.security.9.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_9_initial_state,
{ "Initial State", "dof.2008.16.security.9.initial_state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.10 */
{ &hf_security_10_count,
{ "Count", "dof.2008.16.security.10.count", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_security_10_permission_group_identifier,
{ "Permission Group Identifier", "dof.2008.16.security.10.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
/* Security.11 */
{ &hf_security_11_count,
{ "Count", "dof.2008.16.security.11.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_security_11_permission_security_scope,
{ "Permission Security Scope", "dof.2008.16.security.11.permission_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Security.12 */
{ &hf_security_12_m,
{ "M", "dof.2008.16.security.12.m", FT_UINT8, BASE_DEC, VALS(dof_2008_16_security_12_m), 0xC0, NULL, HFILL } },
{ &hf_security_12_count,
{ "Count", "dof.2008.16.security.12.count", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL } },
{ &hf_security_12_permission_group_identifier,
{ "Permission Group Identifier", "dof.2008.16.security.12.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_2008_1_dof_session_transport,
{ "Transport Session", "dof.transport_session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_2008_1_dof_session,
{ "DPS Session", "dof.session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_2008_1_dof_frame,
{ "DPS Frame", "dof.frame", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_2008_1_dof_is_2_node,
{ "DPS Is 2 Node", "dof.is_2_node", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_2008_1_dof_is_streaming,
{ "DPS Is Streaming", "dof.is_streaming", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_2008_1_dof_is_from_client,
{ "DPS Is From Client", "dof.is_from_client", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL }
}
};
static gint *ett[] = {
/* Security.2 */
&ett_security_2_permission,
&ett_security_3_1_security_node_identifier,
/* Security.11 */
&ett_security_11_permission_security_scope,
&ett_security_6_1_desired_security_mode,
&ett_security_6_1_initiator_request,
&ett_security_6_2_responder_request,
&ett_security_6_3_session_security_scope,
&ett_security_6_3_initiator_validation,
&ett_security_6_3_responder_validation,
&ett_security_4_identity,
&ett_security_4_permission_set,
&ett_2008_1_dof,
};
static ei_register_info ei[] =
{
#if 0
{ &ei_undecoded, { "dof.undecoded", PI_UNDECODED, PI_WARN, "DOF: Some protocol octets were not decoded", EXPFILL } },
#endif
{ &ei_malformed, { "dof.malformed", PI_MALFORMED, PI_ERROR, "Malformed:", EXPFILL } },
{ &ei_implicit_no_op, { "dof.implicit_no_op", PI_PROTOCOL, PI_COMMENT, "Implicit No-op", EXPFILL } },
{ &ei_c2_c3_c4_format, { "dof.c2_c3_c4_format", PI_MALFORMED, PI_WARN, "DOF: Cx IE format", EXPFILL } },
{ &ei_security_3_1_invalid_stage, { "dof.security.3.1.invalid_stage", PI_MALFORMED, PI_ERROR, "DPS: Security.3.1: Stage invalid.", EXPFILL } },
{ &ei_security_4_invalid_bit, { "dof.security.4.invalid_bit", PI_MALFORMED, PI_WARN, "DPS: Security.4: Reserved bit set.", EXPFILL } },
{ &ei_security_13_out_of_range, { "dof.security.13.out_of_range", PI_MALFORMED, PI_ERROR, "DPS: Security.13: Attribute Data out of range.", EXPFILL } },
};
/* Security mode of operation templates. */
static uat_field_t secmode_uat_fields[] = {
UAT_FLD_CSTRING(secmode_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
UAT_FLD_CSTRING(secmode_list, identity, "Group ID", "The group identifier, coded as hex digits of PDU Security.8."),
UAT_FLD_CSTRING(secmode_list, kek, "KEK", "The KEK, coded as hex digits representing the KEK (256-bit)."),
UAT_END_FIELDS
};
/* Security keys. */
static uat_field_t seckey_uat_fields[] = {
UAT_FLD_CSTRING(seckey_list, key, "Session Key", "The session key to try to use, coded as hex digits representing the key (256-bit)."),
UAT_END_FIELDS
};
/* Identity secrets. */
static uat_field_t identsecret_uat_fields[] = {
UAT_FLD_CSTRING(identsecret_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
UAT_FLD_CSTRING(identsecret_list, identity, "Identity", "The group identifier, coded as hex digits of PDU Security.8."),
UAT_FLD_CSTRING_OTHER(identsecret_list, secret, "Secret", identsecret_chk_cb, "The resolved secret for a given identity, coded as hex digits representing the secret (256-bit)."),
UAT_END_FIELDS
};
module_t *dof_module;
uat_t *secmode_uat;
uat_t *seckey_uat;
uat_t *identsecret_uat;
expert_module_t *expert_security;
dsp_option_dissectors = register_dissector_table("dof.dsp.options", "DSP Protocol Options", proto_2008_1_dsp, FT_UINT32, BASE_DEC);
dof_sec_dissectors = register_dissector_table("dof.secmode", "DOF Security Mode of Operation", proto_2008_1_dof, FT_UINT16, BASE_DEC);
register_dissector_table("dof.2008.1", "DOF Common PDU", proto_2008_1_dof, FT_STRING, BASE_DEC);
proto_2008_1_dof = proto_register_protocol(DOF_PROTOCOL_STACK, "DOF", "dof");
proto_2008_1_dof_tcp = proto_register_protocol(DOF_PROTOCOL_STACK" TCP", "DOF-TCP", "dof-tcp");
proto_2008_1_dof_udp = proto_register_protocol(DOF_PROTOCOL_STACK" UDP", "DOF-UDP", "dof-udp");
proto_register_field_array(proto_2008_1_dof, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_security = expert_register_protocol(proto_2008_1_dof);
expert_register_field_array(expert_security, ei, array_length(ei));
dof_module = prefs_register_protocol(proto_2008_1_dof, dof_reset);
secmode_uat = uat_new("DPS Security Mode Templates",
sizeof(secmode_field_t),
"custom_dof_secmode_list",
TRUE,
&secmode_list,
&num_secmode_list,
(UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
NULL,
secmode_list_copy_cb,
secmode_list_update_cb,
secmode_list_free_cb,
secmode_list_post_update_cb,
NULL,
secmode_uat_fields
);
seckey_uat = uat_new("DPS Session Keys",
sizeof(seckey_field_t),
"custom_dof_seckey_list",
TRUE,
&seckey_list,
&num_seckey_list,
(UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
NULL,
seckey_list_copy_cb,
seckey_list_update_cb,
seckey_list_free_cb,
seckey_list_post_update_cb,
NULL,
seckey_uat_fields
);
identsecret_uat = uat_new("DPS Identity Secrets",
sizeof(identsecret_field_t),
"custom_dof_identsecret_list",
TRUE,
&identsecret_list,
&num_identsecret_list,
(UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
NULL,
identsecret_list_copy_cb,
identsecret_list_update_cb,
identsecret_list_free_cb,
identsecret_list_post_update_cb,
NULL,
identsecret_uat_fields
);
prefs_register_bool_preference(dof_module, "custom_dof_decrypt_all",
"Attempt to decrypt all packets",
"Specifies that decryption should be attempted on all packets, even if the session initialization wasn't captured.",
&decrypt_all_packets);
prefs_register_bool_preference(dof_module, "custom_dof_track_operations",
"Track DPS operations",
"Specifies that operations should be tracked across multiple packets, providing summary lists. This takes time and memory.",
&track_operations);
prefs_register_uint_preference(dof_module, "custom_dof_track_operations_window",
"Track DPS window",
"Limits the number of operations shown before and after the current operations",
10, &track_operations_window);
prefs_register_static_text_preference(dof_module, "name4567", "The following are tables not preferences.", "These tables are not controlled by OK, Apply, and Cancel of this dialog.");
prefs_register_uat_preference(dof_module, "custom_dof_secmode_list", "DPS Security Mode Templates",
"A table of security modes and initialization data that will be tried if no security mode is found.",
secmode_uat);
prefs_register_uat_preference(dof_module, "custom_dof_seckey_list", "DPS Session Keys",
"A table of session keys to attempt if none is known.",
seckey_uat);
prefs_register_uat_preference(dof_module, "custom_dof_identsecret_list", "DPS Identity Secrets",
"A table of secrets for different identities.",
identsecret_uat);
}
static void dof_handoff(void)
{
static dissector_handle_t tcp_handle;
dof_oid_handle = register_dissector(DOF_OBJECT_IDENTIFIER, dissect_2009_11_type_4, oid_proto);
tcp_handle = create_dissector_handle(dissect_dof_tcp, proto_2008_1_dof);
dof_udp_handle = create_dissector_handle(dissect_dof_udp, proto_2008_1_dof);
dissector_add_uint_with_preference("tcp.port", DOF_P2P_NEG_SEC_TCP_PORT, tcp_handle);
dissector_add_uint_range_with_preference("udp.port", DOF_NEG_SEC_UDP_PORT_RANGE, dof_udp_handle);
}
/* OID Registration Support */
static void oid_reset(void)
{
}
static void oid_cleanup(void)
{
}
/* Initialize OID */
static void oid_register(void)
{
static hf_register_info hf[] = {
{ &hf_oid_class,
{ "Class", "dof.oid.class", FT_UINT32, BASE_DEC, NULL, 0, "DPS Object Identifier Class", HFILL }
},
{ &hf_oid_header,
{ "Header", "dof.oid.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_oid_attribute,
{ "Attribute", "dof.oid.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL }
},
{ &hf_oid_length,
{ "Length", "dof.oid.length", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL }
},
{ &hf_oid_data,
{ "Data", "dof.oid.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
},
{ &hf_oid_all_attribute_data,
{ "Attribute Data", "dof.oid.attribute-data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
},
{ &hf_oid_attribute_header,
{ "Header", "dof.attribute.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_oid_attribute_attribute,
{ "Attribute", "dof.attribute.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL }
},
{ &hf_oid_attribute_id,
{ "ID", "dof.attribute.id", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
},
{ &hf_oid_attribute_length,
{ "Length", "dof.attribute.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }
},
{ &hf_oid_attribute_data,
{ "Data", "dof.attribute.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
},
{ &hf_oid_attribute_oid,
{ "OID", "dof.attribute.oid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
},
};
static gint *ett[] = {
&ett_oid,
&ett_oid_header,
&ett_oid_attribute,
&ett_oid_attribute_header,
&ett_oid_attribute_oid,
};
static ei_register_info ei[] =
{
{ &ei_type_4_header_zero, { "dof.oid.header_zero", PI_MALFORMED, PI_ERROR, "DOF Violation: Type.4: Header bit mandated 0.", EXPFILL } },
};
if (oid_proto == -1)
{
expert_module_t *expert_oid;
oid_proto = proto_register_protocol(DOF_OBJECT_IDENTIFIER, "DPS.OID", "dof.oid");
proto_register_field_array(oid_proto, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_oid = expert_register_protocol(oid_proto);
expert_register_field_array(expert_oid, ei, array_length(ei));
}
}
static void oid_handoff(void)
{
}
/* DNP Registration Support */
static guint dof_ns_session_key_hash_fn(gconstpointer key)
{
const dof_ns_session_key *session_key = (const dof_ns_session_key *)key;
guint result = 0;
result += g_int_hash(&session_key->transport_session_id);
result += g_int_hash(&session_key->client);
result += g_int_hash(&session_key->server);
return result;
}
static gboolean dof_ns_session_key_equal_fn(gconstpointer key1, gconstpointer key2)
{
const dof_ns_session_key *session_key_ptr1 = (const dof_ns_session_key *)key1;
const dof_ns_session_key *session_key_ptr2 = (const dof_ns_session_key *)key2;
if (session_key_ptr1->transport_session_id != session_key_ptr2->transport_session_id)
return FALSE;
if (session_key_ptr1->client != session_key_ptr2->client)
return FALSE;
if (session_key_ptr1->server != session_key_ptr2->server)
return FALSE;
return TRUE;
}
static void dof_dnp_reset(void)
{
dof_ns_session_lookup = g_hash_table_new_full(dof_ns_session_key_hash_fn, dof_ns_session_key_equal_fn, g_free, NULL);
}
static void dof_dnp_cleanup(void)
{
g_hash_table_destroy(dof_ns_session_lookup);
dof_ns_session_lookup = NULL;
}
static void dof_register_dnp_0(void)
{
static hf_register_info hf[] =
{
{ &hf_2008_1_dnp_0_1_1_padding,
{ "Padding", "dof.dnp.v0.padding", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
},
{ &hf_2008_1_dnp_0_1_1_version,
{ "Version", "dof.dnp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
};
if (proto_2008_1_dnp_0 == -1)
{
proto_2008_1_dnp_0 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V0", "DPS.DNP.V0", "dof.dnp.v0");
proto_register_field_array(proto_2008_1_dnp_0, hf, array_length(hf));
}
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_dnp_0(void)
{
dissector_handle_t dnp_handle;
dnp_handle = create_dissector_handle(dissect_dnp_0, proto_2008_1_dnp_0);
dissector_add_uint("dof.dnp", 0, dnp_handle);
}
static void dof_register_dnp_1(void)
{
expert_module_t *expert_dnp;
static hf_register_info hf[] =
{
{ &hf_2009_9_dnp_1_flags,
{ "Flags", "dof.2009_9.dnp_1.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_flag_length,
{ "Length Size", "dof.2009_9.dnp_1.flags.lengthsize", FT_UINT8, BASE_DEC, NULL, 0x03, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_flag_srcport,
{ "Source Port", "dof.2009_9.dnp_1.flags.srcport", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_flag_dstport,
{ "Destination Port", "dof.2009_9.dnp_1.flags.dstport", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_length,
{ "Length", "dof.2009_9.dnp_1.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_srcport,
{ "Source Port", "dof.2009_9.dnp_1.srcport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
},
{ &hf_2009_9_dnp_1_dstport,
{ "Destination Port", "dof.2009_9.dnp_1.dstport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
},
};
static gint *ett[] =
{
&ett_2009_9_dnp_1_flags,
};
static ei_register_info ei[] =
{
{ &ei_dof_10_flags_zero, { "dof.dnp.v1.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
#if 0
{ &ei_dof_13_length_specified, { "dof.dnp.v1.length_specified", PI_UNDECODED, PI_ERROR, "DPS-13: Length must be specified on a connection.", EXPFILL } },
#endif
};
if (proto_2009_9_dnp_1 == -1)
{
proto_2009_9_dnp_1 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V1", "DOF.DNP.V1", "dof.dnp.v1");
proto_register_field_array(proto_2009_9_dnp_1, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_dnp = expert_register_protocol(proto_2009_9_dnp_1);
expert_register_field_array(expert_dnp, ei, array_length(ei));
}
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_dnp_1(void)
{
dissector_handle_t dnp_handle, dnp_frame_handle;
dnp_handle = create_dissector_handle(dissect_dnp_1, proto_2009_9_dnp_1);
dnp_frame_handle = create_dissector_handle(determine_packet_length_1, proto_2009_9_dnp_1);
dissector_add_uint("dof.dnp", 1, dnp_handle);
dissector_add_uint("dof.dnp.frame", 1, dnp_frame_handle);
}
static void dof_dnp_handoff(void)
{
dof_reg_handoff_dnp_0();
dof_reg_handoff_dnp_1();
}
/**
* Initialize Core DNP Functionality
*/
static void dof_dnp_register(void)
{
static hf_register_info hf[] =
{
{ &hf_2008_1_dnp_1_flag,
{ "Flag", "dof.2008_1.dnp_1.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL }
},
{ &hf_2008_1_dnp_1_version,
{ "Version", "dof.2008_1.dnp_1.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
},
};
static gint *ett[] =
{
&ett_2008_1_dnp,
&ett_2008_1_dnp_header,
};
proto_2008_1_dnp = proto_register_protocol(DOF_NETWORK_PROTOCOL, "DPS.DNP", "dof.dnp");
proto_register_field_array(proto_2008_1_dnp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
dnp_dissectors = register_dissector_table("dof.dnp", "DOF DNP Version", proto_2008_1_dnp, FT_UINT8, BASE_DEC);
dnp_framing_dissectors = register_dissector_table("dof.dnp.frame", "DOF DNP Framing", proto_2008_1_dnp, FT_UINT8, BASE_DEC);
dof_register_dnp_0();
dof_register_dnp_1();
}
/* DPP Registration Support */
/**
* This routine is called each time the system is reset (file load, capture)
* and so it should take care of freeing any of our persistent stuff.
*/
static void dof_dpp_reset(void)
{
dpp_reset_opid_support();
dpp_reset_sid_support();
}
static void dof_dpp_cleanup(void)
{
}
static void dof_register_dpp_0(void)
{
static hf_register_info hf[] =
{
{ &hf_2008_1_dpp_0_1_1_version,
{ "Version", "dof.dpp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
};
if (proto_2008_1_dpp_0 == -1)
{
proto_2008_1_dpp_0 = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V0", "DPS.DPP.V0", "dof.dpp.v0");
proto_register_field_array(proto_2008_1_dpp_0, hf, array_length(hf));
}
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_dpp_0(void)
{
dissector_handle_t dpp_handle;
dpp_handle = create_dissector_handle(dissect_dpp_0, proto_2008_1_dpp_0);
dissector_add_uint("dof.dpp", 0, dpp_handle);
}
static void dof_register_dpp_2(void)
{
expert_module_t *expert_dpp;
static hf_register_info hf[] =
{
{ &hf_2009_12_dpp_2_1_flags,
{ "Flags", "dof.dpp.v2.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_2009_12_dpp_2_1_flag_security,
{ "Secure", "dof.dpp.v2.flags.security", FT_BOOLEAN, 8, NULL, 0x80, NULL, HFILL }
},
{ &hf_2009_12_dpp_2_1_flag_opid,
{ "Operation ID Type", "dof.dpp.v2.flags.opidtype", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_opid_types), 0x60, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_flag_cmdrsp,
{ "Command/Response", "dof.dpp.v2.flags.cmdrsp", FT_BOOLEAN, 8, TFS(&tfs_response_command), 0x10, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_flag_seq,
{ "Sequence", "dof.dpp.v2.flags.sequence", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x04, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_flag_retry,
{ "Retry", "dof.dpp.v2.flags.retry", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x02, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flags,
{ "Flags", "dof.dpp.v2.security.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flag_secure,
{ "Security Mode Header", "dof.dpp.v2.security.flags.securitymodeheader", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flag_rdid,
{ "Remote Domain ID", "dof.dpp.v2.security.flags.rdid", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flag_partition,
{ "Partition Present", "dof.dpp.v2.security.flags.partition", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flag_ssid,
{ "SSID Present", "dof.dpp.v2.security.flags.ssid", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_flag_as,
{ "AS Present", "dof.dpp.v2.security.flags.as", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_ssid,
{ "Security State Identifier", "dof.dpp.v2.security.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_rdid,
{ "Remote Domain Identifier", "dof.dpp.v2.security.rdid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_remote_partition,
{ "Remote Security Scope", "dof.dpp.v2.security.remote-scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_3_sec_partition,
{ "Security Scope", "dof.dpp.v2.security.scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_opcnt,
{ "Operation Count", "dof.dpp.v2.opcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_seq,
{ "Sequence", "dof.dpp.v2.sequence", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_retry,
{ "Retry", "dof.dpp.v2.retry", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_2009_12_dpp_2_1_delay,
{ "Delay", "dof.dpp.v2.delay", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
};
static hf_register_info shf[] =
{
{ &hf_2009_12_dpp_2_14_opcode,
{ "Opcode", "dof.dpp.v2s.opcode", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_common_opcodes), 0x0, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_2009_12_dpp_2_1_flags,
&ett_2009_12_dpp_2_opid,
&ett_2009_12_dpp_2_opid_history,
&ett_2009_12_dpp_2_3_security,
&ett_2009_12_dpp_2_3_sec_flags,
&ett_2009_12_dpp_2_3_sec_remote_partition,
&ett_2009_12_dpp_2_3_sec_partition,
};
static ei_register_info ei[] =
{
{ &ei_dpp2_dof_10_flags_zero, { "dof.dpp.v2.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
{ &ei_dpp_default_flags, { "dof.dpp.v2.flags_included", PI_COMMENTS_GROUP, PI_NOTE, "Default flag value is included explicitly.", EXPFILL } },
{ &ei_dpp_explicit_sender_sid_included, { "dof.dpp.v2.sender_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as sender.", EXPFILL } },
{ &ei_dpp_explicit_receiver_sid_included, { "dof.dpp.v2.receiver_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as receiver.", EXPFILL } },
{ &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "No security context to enable packet decryption.", EXPFILL } },
};
static gint *sett[] =
{
&ett_2009_12_dpp_common,
};
if (proto_2009_12_dpp == -1)
{
proto_2009_12_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2", "DPS.DPP.V2", "dof.dpp.v2");
proto_register_field_array(proto_2009_12_dpp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
if (proto_2009_12_dpp_common == -1)
{
proto_2009_12_dpp_common = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2 Support", "DPS.DPP.V2S", "dof.dpp.v2s");
proto_register_field_array(proto_2009_12_dpp, shf, array_length(shf));
proto_register_subtree_array(sett, array_length(sett));
expert_dpp = expert_register_protocol(proto_2009_12_dpp);
expert_register_field_array(expert_dpp, ei, array_length(ei));
}
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_dpp_2(void)
{
dissector_handle_t dpp_handle;
dpp_handle = create_dissector_handle(dissect_dpp_2, proto_2009_12_dpp);
dissector_add_uint("dof.dpp", 2, dpp_handle);
}
/**
* Initialize Core DPP Functionality
*/
static void dof_dpp_register(void)
{
static hf_register_info hf[] =
{
{ &hf_2008_1_dpp_sid_num,
{ "SID ID", "dof.dpp.v2.sid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
},
{ &hf_2008_1_dpp_sid_str,
{ "SID", "dof.dpp.v2.sid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
},
{ &hf_2008_1_dpp_rid_num,
{ "RID ID", "dof.dpp.v2.rid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
},
{ &hf_2008_1_dpp_rid_str,
{ "RID", "dof.dpp.v2.rid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
},
{ &hf_2008_1_dpp_first_command,
{ "First Operation", "dof.dpp.v2.first-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2008_1_dpp_last_command,
{ "Last Operation", "dof.dpp.v2.last-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2008_1_dpp_first_response,
{ "First Response", "dof.dpp.v2.first-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2008_1_dpp_last_response,
{ "Last Response", "dof.dpp.v2.last-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2008_1_dpp_related_frame,
{ "Related Frame", "dof.dpp.v2.related-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_2008_1_dpp_1_flag,
{ "Flags", "dof.dpp.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL }
},
{ &hf_2008_1_dpp_1_version,
{ "Version", "dof.dpp.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL }
},
};
static gint *ett[] =
{
&ett_2008_1_dpp,
&ett_2008_1_dpp_1_header,
};
static ei_register_info ei[] =
{
{ &ei_dof_6_timeout, { "dof.dpp.timeout", PI_PROTOCOL, PI_ERROR, "DOF Violation: DPS.6: Negotiation not complete within 10 seconds.", EXPFILL } },
};
if (proto_2008_1_dpp == -1)
{
expert_module_t *expert_dpp;
proto_2008_1_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL, "DPS.DPP", "dof.dpp");
proto_register_field_array(proto_2008_1_dpp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
dof_dpp_dissectors = register_dissector_table("dof.dpp", "DOF DPP Version", proto_2008_1_dpp, FT_UINT8, BASE_DEC);
expert_dpp = expert_register_protocol(proto_2008_1_dpp);
expert_register_field_array(expert_dpp, ei, array_length(ei));
}
dof_register_dpp_0();
dof_register_dpp_2();
}
static void dof_dpp_handoff(void)
{
dof_reg_handoff_dpp_0();
dof_reg_handoff_dpp_2();
}
/* General Application Registration Support */
static void app_reset(void)
{
}
static void app_cleanup(void)
{
}
/**
* Initialize Core DPP Functionality
*/
static void app_register(void)
{
if (proto_2008_1_app == -1)
{
proto_2008_1_app = proto_register_protocol(DOF_APPLICATION_PROTOCOL, "DPS.APP", "dof.app");
app_dissectors = register_dissector_table("dof.app", "DOF APP Version", proto_2008_1_app, FT_UINT16, BASE_DEC);
}
}
static void app_handoff(void)
{
}
/* DSP Registration Support */
static void dof_dsp_reset(void)
{
}
static void dof_dsp_cleanup(void)
{
}
static void dof_register_dsp_0(void)
{
static hf_register_info hf[] =
{
{ &hf_2008_1_app_version,
{ "APPID", "dof.app.v0.appid", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_2008_1_dsp_12_opcode,
{ "Opcode", "dof.dsp.opcode", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_opcodes), 0x0, NULL, HFILL } },
{ &hf_2008_1_dsp_attribute_code,
{ "Attribute Code", "dof.dsp.avp.attribute-code", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_attribute_codes), 0x00, NULL, HFILL } },
{ &hf_2008_1_dsp_attribute_data,
{ "Attribute Data", "dof.dsp.avp.attribute-data", FT_UINT16, BASE_HEX, NULL, 0x00, NULL, HFILL } },
{ &hf_2008_1_dsp_value_length,
{ "Value Length", "dof.dsp.avp.value-length", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_2008_1_dsp_value_data,
{ "Value Data", "dof.dsp.avp.value-data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_2008_1_dsp_12,
&ett_2008_1_dsp_12_options,
&ett_2008_1_dsp_12_option,
};
proto_2008_1_dsp = proto_register_protocol("DOF Session Protocol", "DOF.ESP", "dof.esp");
proto_register_field_array(proto_2008_1_dsp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_dsp_0(void)
{
dissector_handle_t dsp_handle = create_dissector_handle(dissect_dsp, proto_2008_1_dsp);
dissector_add_uint("dof.app", 0, dsp_handle);
}
static void dof_dsp_register(void)
{
dof_register_dsp_0();
}
static void dof_dsp_handoff(void)
{
dof_reg_handoff_dsp_0();
}
/* CCM Registration Support */
static void dof_ccm_reset(void)
{
}
static void dof_ccm_cleanup(void)
{
}
static void dof_register_ccm_24577(void)
{
expert_module_t *expert_ccm;
static hf_register_info hfdsp[] =
{
{ &hf_ccm_dsp_option,
{ "CCM Security Mode", "dof.ccm.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_ccm_dsp_strength_count,
{ "CCM Strength Count", "dof.ccm.strength-count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_ccm_dsp_strength,
{ "CCM Strength", "dof.ccm.strength", FT_UINT8, BASE_DEC, VALS(ccm_strengths), 0x0, NULL, HFILL } },
{ &hf_ccm_dsp_e_flag,
{ "CCM Minimum Encrypt", "dof.ccm.encrypt.min", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x80, NULL, HFILL } },
{ &hf_ccm_dsp_m_flag,
{ "CCM Maximum Encrypt", "dof.ccm.encrypt.max", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x40, NULL, HFILL } },
{ &hf_ccm_dsp_tmax,
{ "CCM Maximum MAC", "dof.ccm.mac.max", FT_UINT8, BASE_DEC, NULL, 0x38, NULL, HFILL } },
{ &hf_ccm_dsp_tmin,
{ "CCM Minimum MAC", "dof.ccm.mac.min", FT_UINT8, BASE_DEC, NULL, 0x07, NULL, HFILL } },
};
static hf_register_info hf[] =
{
{ &hf_ccm_opcode,
{ "Opcode", "dof.ccm.opcode", FT_UINT8, BASE_DEC, VALS(ccm_opcode_strings), 0x0, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_ccm_dsp_option,
&ett_ccm_dsp,
&ett_ccm,
};
static hf_register_info hfheader[] =
{
{ &hf_epp_v1_ccm_flags,
{ "Flags", "dof.epp.v1.ccm.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_epp_v1_ccm_flags_manager,
{ "Manager", "dof.epp.v1.ccm.flags.manager", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
{ &hf_epp_v1_ccm_flags_period,
{ "Period", "dof.epp.v1.ccm.flags.period", FT_UINT8, BASE_DEC, NULL, 0x70, NULL, HFILL } },
{ &hf_epp_v1_ccm_flags_target,
{ "Target", "dof.epp.v1.ccm.flags.target", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } },
{ &hf_epp_v1_ccm_flags_next_nid,
{ "Next Node Identifier", "dof.epp.v1.ccm.flags.next-nid", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
{ &hf_epp_v1_ccm_flags_packet,
{ "Packet", "dof.epp.v1.ccm.flags.packet", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } },
{ &hf_epp_v1_ccm_nid,
{ "Node ID", "dof.epp.v1.ccm.nodeid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_epp_v1_ccm_slot,
{ "Slot", "dof.epp.v1.ccm.slot", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_epp_v1_ccm_pn,
{ "Packet", "dof.epp.v1.ccm.packet", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_epp_v1_ccm_tnid,
{ "Target Node ID", "dof.epp.v1.ccm.target", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_epp_v1_ccm_nnid,
{ "Next Node ID", "dof.epp.v1.ccm.nnid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
};
static gint *ettheader[] =
{
&ett_epp_v1_ccm_flags,
&ett_header,
};
static ei_register_info ei[] =
{
{ &ei_decode_failure, { "dof.ccm.decode_failure", PI_UNDECODED, PI_WARN, "Failure to decrypt packet.", EXPFILL } },
};
/* No Configuration options to register? */
proto_ccm_app = proto_register_protocol("DOF CCM Security Mode App", "DOF.CCM.APP", "dof.ccm.app");
proto_ccm = proto_register_protocol("DOF CCM Security Mode of Operation", "DOF.CCM", "dof.ccm");
proto_ccm_dsp = proto_register_protocol("DOF CCM Security Mode DSP Options", "DOF.CCM.DSP", "dof.ccm.dsp");
proto_register_field_array(proto_ccm_app, hf, array_length(hf));
proto_register_field_array(proto_ccm_dsp, hfdsp, array_length(hfdsp));
proto_register_subtree_array(ett, array_length(ett));
proto_register_field_array(proto_ccm, hfheader, array_length(hfheader));
proto_register_subtree_array(ettheader, array_length(ettheader));
expert_ccm = expert_register_protocol(proto_ccm);
expert_register_field_array(expert_ccm, ei, array_length(ei));
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_ccm_24577(void)
{
static dissector_handle_t ccm_app_handle;
static dissector_handle_t dsp_handle;
static dissector_handle_t ccm_handle;
ccm_app_handle = create_dissector_handle(dissect_ccm_app, proto_ccm_app);
dsp_handle = create_dissector_handle(dissect_ccm_dsp, proto_ccm_dsp);
ccm_handle = create_dissector_handle(dissect_ccm, proto_ccm);
dissector_add_uint("dof.app", DOF_PROTOCOL_CCM, ccm_app_handle);
dissector_add_uint("dof.dsp.options", DSP_CCM_FAMILY | DOF_PROTOCOL_CCM, dsp_handle);
dissector_add_uint("dof.secmode", DOF_PROTOCOL_CCM, ccm_handle);
}
static void dof_ccm_register(void)
{
dof_register_ccm_24577();
}
static void dof_ccm_handoff(void)
{
dof_reg_handoff_ccm_24577();
}
/* OAP Registration Support */
static void dof_oap_reset(void)
{
/* The value is not allocated, so does not need to be freed. */
oap_1_alias_to_binding = g_hash_table_new_full(oap_1_alias_hash_func, oap_1_alias_equal_func, NULL, NULL);
}
static void dof_oap_cleanup(void)
{
g_hash_table_destroy(oap_1_alias_to_binding);
oap_1_alias_to_binding = NULL;
}
static void dof_register_oap_1(void)
{
expert_module_t *expert_oap;
static hf_register_info hfdsp[] =
{
{ &hf_oap_1_dsp_option,
{ "Object Access Protocol", "dof.oap.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
};
static hf_register_info hf[] =
{
{ &hf_oap_1_opcode,
{ "Opcode", "dof.oap.opcode", FT_UINT8, BASE_DEC, VALS(oap_opcode_strings), 0x1F, NULL, HFILL } },
{ &hf_oap_1_alias_size,
{ "Alias Length", "dof.oap.aliaslen", FT_UINT8, BASE_DEC, NULL, 0xC0, NULL, HFILL } },
{ &hf_oap_1_flags,
{ "Flags", "dof.oap.flags", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },
{ &hf_oap_1_exception_internal_flag,
{ "Internal Exception", "dof.oap.exception.internal", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
{ &hf_oap_1_exception_final_flag,
{ "Final Exception", "dof.oap.exception.final", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } },
{ &hf_oap_1_exception_provider_flag,
{ "Exception Provider", "dof.oap.exception.provider", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol,
{ "Command Control", "dof.oap.cmdcontrol", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_cache_flag,
{ "Cache Delay Flag", "dof.oap.cmdcontrol.flag.cache", FT_UINT8, BASE_HEX, NULL, 0x40, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_cache,
{ "Cache Delay", "dof.oap.cmdcontrol.cache", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_verbosity_flag,
{ "Verbosity Flag", "dof.oap.cmdcontrol.flag.verbosity", FT_UINT8, BASE_HEX, NULL, 0x30, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_noexecute_flag,
{ "No Execute Flag", "dof.oap.cmdcontrol.flag.noexecute", FT_UINT8, BASE_HEX, NULL, 0x08, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_ack_flag,
{ "Ack List Flag", "dof.oap.cmdcontrol.flag.ack", FT_UINT8, BASE_HEX, NULL, 0x04, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_ackcnt,
{ "Ack List Count", "dof.oap.cmdcontrol.ackcnt", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_ack,
{ "Ack", "dof.oap.cmdcontrol.ack", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_delay_flag,
{ "Execution Delay Flag", "dof.oap.cmdcontrol.flag.delay", FT_UINT8, BASE_HEX, NULL, 0x02, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_heuristic_flag,
{ "Heuristic Flag", "dof.oap.cmdcontrol.flag.heuristic", FT_UINT8, BASE_HEX, NULL, 0x01, NULL, HFILL } },
{ &hf_oap_1_cmdcontrol_heuristic,
{ "Heuristic", "dof.oap.cmdcontrol.heuristic", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },
{ &hf_oap_1_providerid,
{ "Provider ID", "dof.oap.provider-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_objectid,
{ "Object ID", "dof.oap.object-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_interfaceid,
{ "Interface ID", "dof.oap.interface-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_itemid,
{ "Item ID", "dof.oap.item-id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
#if 0 /* not used yet */
{ &hf_oap_1_distance,
{ "Distance", "dof.oap.distance", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
#endif
{ &hf_oap_1_alias,
{ "Alias", "dof.oap.alias", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_alias_frame,
{ "Alias Frame", "dof.oap.alias-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#if 0 /* not used yet */
{ &hf_oap_1_opinfo_start_frame,
{ "Command Frame", "dof.oap.command-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_opinfo_end_frame,
{ "Response Frame", "dof.oap.response-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_opinfo_timeout,
{ "Operation Timeout", "dof.oap.opid.timeout", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif
{ &hf_oap_1_subscription_delta,
{ "Minimum Delta", "dof.oap.subscription.min-delta", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_update_sequence,
{ "Sequence", "dof.oap.sequence", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_oap_1_value_list,
{ "OAP Value List", "dof.oap.value_list", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_oap_1_dsp,
&ett_oap_1_dsp_options,
&ett_oap_1,
&ett_oap_1_opinfo,
&ett_oap_1_cmdcontrol,
&ett_oap_1_cmdcontrol_flags,
&ett_oap_1_cmdcontrol_ack,
&ett_oap_1_alias,
&ett_oap_1_objectid,
&ett_oap_1_1_providerid,
};
static ei_register_info ei[] =
{
{ &ei_oap_no_session, { "dof.oap.no_session", PI_PROTOCOL, PI_ERROR, "Session not found", EXPFILL } },
};
proto_oap_1 = proto_register_protocol("DOF Object Access Protocol", "DOF.OAP", "dof.oap");
proto_oap_1_dsp = proto_register_protocol("DOF Object Access Protocol DSP Options", "DOF.OAP.DSP", "dof.oap.dsp");
proto_register_field_array(proto_oap_1, hf, array_length(hf));
proto_register_field_array(proto_oap_1_dsp, hfdsp, array_length(hfdsp));
proto_register_subtree_array(ett, array_length(ett));
expert_oap = expert_register_protocol(proto_oap_1);
expert_register_field_array(expert_oap, ei, array_length(ei));
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_oap_1(void)
{
dissector_handle_t oap_handle = create_dissector_handle(dissect_oap, proto_oap_1);
dissector_handle_t dsp_handle = create_dissector_handle(dissect_oap_dsp, proto_oap_1_dsp);
dissector_add_uint("dof.app", DOF_PROTOCOL_OAP_1, oap_handle);
dissector_add_uint("dof.dsp.options", DSP_OAP_FAMILY | DOF_PROTOCOL_OAP_1, dsp_handle);
}
static void dof_oap_register(void)
{
dof_register_oap_1();
}
static void dof_oap_handoff(void)
{
dof_reg_handoff_oap_1();
}
/* SGMP Registration Support */
static void dof_register_sgmp_130(void);
static void dof_reg_handoff_sgmp_130(void);
static void dof_sgmp_reset(void)
{
}
static void dof_sgmp_cleanup(void)
{
}
static void dof_register_sgmp_130(void)
{
static hf_register_info hf[] =
{
{ &hf_opcode,
{ "Opcode", "dof.sgmp.v1.opcode", FT_UINT8, BASE_DEC, VALS(sgmp_opcode_strings), 0x0, NULL, HFILL } },
{ &hf_sgmp_domain,
{ "Domain", "dof.sgmp.v1.domain", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_sgmp_epoch,
{ "Epoch", "dof.sgmp.v1.epoch", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_initiator_block,
{ "Initiator Block", "dof.sgmp.v1.initiator-block", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_sgmp_security_scope,
{ "Security Scope", "dof.sgmp.v1.security-scope", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_initial_state,
{ "Initial State", "dof.sgmp.v1.initial-state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_latest_version,
{ "Latest SGMP Version", "dof.sgmp.v1.latest-sgmp-version", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_desire,
{ "Desire", "dof.sgmp.v1.desire", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_ticket,
{ "Ticket", "dof.sgmp.v1.ticket", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_sgmp_tmin,
{ "TMIN", "dof.sgmp.v1.tmin", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_tie_breaker,
{ "Tie Breaker", "dof.sgmp.v1.tie-breaker", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_delay,
{ "Delay", "dof.sgmp.v1.delay", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_key,
{ "Key", "dof.sgmp.v1.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_sgmp,
&ett_sgmp_domain,
&ett_initiator_block,
&ett_sgmp_security_scope,
&ett_initial_state,
&ett_ticket,
};
proto_sgmp = proto_register_protocol("DOF Secure Group Management Protocol", "DOF.SGMP", "dof.sgmp");
proto_register_field_array(proto_sgmp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_sgmp_130(void)
{
dissector_handle_t sgmp_handle = create_dissector_handle(dissect_sgmp, proto_sgmp);
dissector_add_uint("dof.app", DOF_PROTOCOL_SGMP, sgmp_handle);
}
static void dof_sgmp_register(void)
{
dof_register_sgmp_130();
}
static void dof_sgmp_handoff(void)
{
dof_reg_handoff_sgmp_130();
}
/* TEP Registration Support */
static void dof_tep_reset(void)
{
}
static void dof_tep_cleanup(void)
{
}
static void dof_register_tep_128(void)
{
static hf_register_info hfdsp[] =
{
{ &hf_dsp_option,
{ "Ticket Exchange Protocol Version 1", "dof.tep1.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
};
static hf_register_info hf[] =
{
{ &hf_tep_operation,
{ "Operation", "dof.tep1.operation", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x00, NULL, HFILL } },
{ &hf_tep_operation_type,
{ "Operation Type", "dof.tep1.operation_type", FT_BOOLEAN, 8, TFS(&tep_optype_vals), TEP_OPCODE_RSP, NULL, HFILL } },
{ &hf_tep_opcode,
{ "Opcode", "dof.tep1.opcode", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x0F, NULL, HFILL } },
{ &hf_tep_k,
{ "K", "dof.tep1.k", FT_UINT8, BASE_DEC, NULL, 0x10, NULL, HFILL } },
{ &hf_tep_c,
{ "C", "dof.tep1.c", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },
{ &hf_tep_reject_code,
{ "Code", "dof.tep1.reject.code", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_reject_data,
{ "Data", "dof.tep1.reject.data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
/* TEP.2.1 */
{ &hf_tep_2_1_domain,
{ "Domain", "dof.2008.4.tep1.2.1.domain", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_tep_2_1_initiator_block,
{ "Initiator Block", "dof.2008.4.tep1.2.1.initiator_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_1_ticket_confirmation,
{ "Ticket Confirmation", "dof.2008.4.tep1.2.1.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
/* TEP.2.2 */
{ &hf_tep_2_2_initiator_ticket,
{ "Initiator Ticket", "dof.2008.4.tep1.2.2.initiator_ticket", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_2_ticket_confirmation,
{ "Ticket Confirmation", "dof.2008.4.tep1.2.2.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_2_responder_initialization,
{ "Responder Initialization", "dof.2008.4.tep1.2.2.responder_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_2_responder_block,
{ "Responder Block", "dof.2008.4.tep1.2.2.responder_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_2_authenticator_initialization,
{ "Authenticator Initialization", "dof.2008.4.tep1.2.2.authenticator_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
/* TEP.2.2.1 */
{ &hf_tep_2_2_1_state_identifier,
{ "State Identifier", "dof.2008.4.tep1.2.2.1.state_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_2_2_1_initial_state,
{ "Initial State", "dof.2008.4.tep1.2.2.1.initial_state", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
{ &hf_tep_session_key,
{ "Session Key", "dof.session_key", FT_BYTES, SEP_COLON, NULL, 0x00, NULL, HFILL } },
};
static gint *ett[] =
{
&ett_tep_dsp,
&ett_tep_dsp_options,
&ett_tep,
&ett_tep_operation,
&ett_tep_2_1_domain,
&ett_tep_2_1_initiator_block,
&ett_tep_2_2_initiator_ticket,
&ett_tep_2_2_responder_initialization,
&ett_tep_2_2_responder_block,
&ett_tep_2_2_authenticator_initialization,
&ett_tep_2_2_1_initial_state,
};
/* module_t *tep_module;*/
/* No Configuration options to register? */
proto_tep = proto_register_protocol("DOF Ticket Exchange Protocol Version 1", "DOF.TEP1", "dof.tep1");
proto_tep_dsp = proto_register_protocol("DOF Ticket Exchange Protocol DSP Options", "DOF.TEP1.DSP", "dof.tep1.dsp");
proto_register_field_array(proto_tep, hf, array_length(hf));
proto_register_field_array(proto_tep_dsp, hfdsp, array_length(hfdsp));
proto_register_subtree_array(ett, array_length(ett));
/* tep_module = prefs_register_protocol( proto_tep, NULL );*/
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_tep_128(void)
{
dissector_handle_t tep_handle = create_dissector_handle(dissect_tep, proto_tep);
dissector_handle_t dsp_handle = create_dissector_handle(dissect_tep_dsp, proto_tep_dsp);
dissector_add_uint("dof.app", DOF_PROTOCOL_TEP, tep_handle);
dissector_add_uint("dof.dsp.options", DSP_TEP_FAMILY | DOF_PROTOCOL_TEP, dsp_handle);
}
static void dof_tep_register(void)
{
dof_register_tep_128();
}
static void dof_tep_handoff(void)
{
dof_reg_handoff_tep_128();
}
/* TRP Registration Support */
static void dof_trp_reset(void)
{
}
static void dof_trp_cleanup(void)
{
}
static void dof_register_trp_129(void)
{
expert_module_t *expert_trp;
static hf_register_info hfdsp[] =
{
{ &hf_trp_dsp_option,
{ "Ticket Request Protocol", "dof.trp.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
};
static hf_register_info hf[] =
{
{ &hf_trp_opcode,
{ "Opcode", "dof.trp.opcode", FT_UINT8, BASE_DEC, VALS(trp_opcode_strings), 0x0, NULL, HFILL } },
{ &hf_domain,
{ "Domain", "dof.trp.domain", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_identity_resolution,
{ "Identity Resolution", "dof.trp.identity_resolution", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_initiator_request,
{ "Initiator Request", "dof.trp.initiator_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_responder_request,
{ "Responder Request", "dof.trp.responder_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_initiator_ticket,
{ "Initiator Ticket", "dof.trp.initiator_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_responder_ticket,
{ "Responder Ticket", "dof.trp.responder_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_authentication_block,
{ "Authentication Block", "dof.trp.authentication_block", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_group_identifier,
{ "Group Identifier", "dof.trp.group_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_node_identifier,
{ "Node Identifier", "dof.trp.node_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_thb,
{ "Thb", "dof.trp.thb", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_tmin,
{ "Tmin", "dof.trp.tmin", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_tmax,
{ "Tmax", "dof.trp.tmax", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_trp_epoch,
{ "Epoch", "dof.trp.epoch", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } },
{ &hf_sidg,
{ "SIDg", "dof.trp.sid_g", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_security_scope,
{ "Security Scope", "dof.trp.security_scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_security_mode,
{ "Security Mode", "dof.trp.security_mode", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_ssid,
{ "SSID", "dof.trp.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
#if 0 /* not used yet */
{ &hf_initiator_pg,
{ "Initiator Permissions", "dof.trp.initiator_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif
{ &hf_initiator_validation,
{ "Initiator Validation", "dof.trp.initiator_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_responder_pg,
{ "Responder Permissions", "dof.trp.responder_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_responder_validation,
{ "Responder Validation", "dof.trp.responder_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_errorcode,
{ "Error Code", "dof.trp.errorcode", FT_UINT8, BASE_DEC, VALS(trp_error_strings), 0x0, NULL, HFILL } },
{ &hf_trp_duration,
{ "Duration", "dof.trp.duration", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
#if 0 /* not used yet */
{ &hf_trp_rnonce,
{ "Requestor Nonce", "dof.trp.rnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_pnonce,
{ "Provider Nonce", "dof.trp.pnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_reqid,
{ "Requestor ID", "dof.trp.reqid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_provid,
{ "Provider ID", "dof.trp.provid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_count,
{ "Permission Count", "dof.trp.perm.count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_type,
{ "Permission Type", "dof.trp.perm.type", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_rflags,
{ "Requestor SRP Flags", "dof.trp.rflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_rcache,
{ "Requestor SRP Cache", "dof.trp.rcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } },
{ &hf_trp_perm_rsrp,
{ "Requestor SRP", "dof.trp.rsrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } },
{ &hf_trp_perm_rsrp_a,
{ "Requestor SRP A", "dof.trp.rsrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_rsrp_u,
{ "Requestor SRP u", "dof.trp.rsrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_pflags,
{ "Provider SRP Flags", "dof.trp.pflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_pcache,
{ "Provider SRP Cache", "dof.trp.pcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } },
{ &hf_trp_perm_psrp,
{ "Provider SRP", "dof.trp.psrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } },
{ &hf_trp_perm_psrp_a,
{ "Provider SRP A", "dof.trp.psrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_psrp_u,
{ "Provider SRP u", "dof.trp.psrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_psrp_b,
{ "Provider SRP B", "dof.trp.psrp.b", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_psrp_s,
{ "Provider SRP S", "dof.trp.psrp.s", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_confirmation,
{ "Confirmation", "dof.trp.confirmation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_pke,
{ "Provider Key Expression", "dof.trp.pke", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ &hf_trp_perm_pka,
{ "Provider Key Authenticator", "dof.trp.pka", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
#endif
};
static gint *ett[] =
{
&ett_trp_dsp,
&ett_trp,
&ett_domain,
&ett_identity_resolution,
&ett_initiator_request,
&ett_initiator_ticket,
&ett_responder_request,
&ett_responder_ticket,
&ett_authentication_block,
&ett_group_identifier,
&ett_node_identifier,
&ett_sidg,
&ett_security_scope,
&ett_security_mode,
&ett_initiator_pg,
&ett_initiator_validation,
&ett_responder_pg,
&ett_responder_validation,
&ett_trp_permset,
&ett_srp_flags,
&ett_trp_ticket,
};
static ei_register_info ei[] =
{
{ &ei_trp_initiator_id_known, { "dof.trp.initiator_id_known", PI_PROTOCOL, PI_COMMENT, "Initiator identity known", EXPFILL } },
{ &ei_trp_kek_discovered, { "dof.trp.kek_discovered", PI_PROTOCOL, PI_COMMENT, "KEK discovered", EXPFILL } },
};
/* No Configuration options to register? */
proto_trp = proto_register_protocol("DOF Ticket Request Protocol", "DOF.TRP", "dof.trp");
proto_trp_dsp = proto_register_protocol("DOF Ticket Request Protocol DSP Options", "DOF.TRP.DSP", "dof.trp.dsp");
proto_register_field_array(proto_trp, hf, array_length(hf));
proto_register_field_array(proto_trp_dsp, hfdsp, array_length(hfdsp));
proto_register_subtree_array(ett, array_length(ett));
expert_trp = expert_register_protocol(proto_trp);
expert_register_field_array(expert_trp, ei, array_length(ei));
}
/**
* The registration hand-off routine
*/
static void dof_reg_handoff_trp_129(void)
{
dissector_handle_t trp_handle = create_dissector_handle(dissect_trp, proto_trp);
dissector_handle_t dsp_handle = create_dissector_handle(dissect_trp_dsp, proto_trp_dsp);
dissector_add_uint("dof.app", DOF_PROTOCOL_TRP, trp_handle);
dissector_add_uint("dof.dsp.options", DSP_TRP_FAMILY | DOF_PROTOCOL_TRP, dsp_handle);
}
static void dof_trp_register(void)
{
dof_register_trp_129();
}
static void dof_trp_handoff(void)
{
dof_reg_handoff_trp_129();
}
/* Wireshark Dissector Registration Proper */
/**
* This is called only during reset (file load, reload, etc.).
*/
static void dof_reset_routine(void)
{
dof_tun_reset();
dof_reset();
oid_reset();
dof_dnp_reset();
dof_dpp_reset();
app_reset();
dof_dsp_reset();
dof_ccm_reset();
dof_oap_reset();
dof_sgmp_reset();
dof_tep_reset();
dof_trp_reset();
}
static void dof_cleanup_routine(void)
{
dof_tun_cleanup();
dof_cleanup();
oid_cleanup();
dof_dnp_cleanup();
dof_dpp_cleanup();
app_cleanup();
dof_dsp_cleanup();
dof_ccm_cleanup();
dof_oap_cleanup();
dof_sgmp_cleanup();
dof_tep_cleanup();
dof_trp_cleanup();
}
static void
dof_shutdown_routine(void)
{
guint i;
for (i = 0; i < global_security.identity_data_count; i++) {
g_free(global_security.identity_data[i].identity);
g_free(global_security.identity_data[i].domain);
g_free(global_security.identity_data[i].secret);
}
g_free(global_security.identity_data);
for (i = 0; i < global_security.group_data_count; i++) {
g_free(global_security.group_data[i].domain);
g_free(global_security.group_data[i].identity);
g_free(global_security.group_data[i].kek);
}
if (addr_port_to_id)
g_hash_table_destroy(addr_port_to_id);
if (dpp_opid_to_packet_data)
g_hash_table_destroy(dpp_opid_to_packet_data);
if (node_key_to_sid_id)
g_hash_table_destroy(node_key_to_sid_id);
if (sid_buffer_to_sid_id)
g_hash_table_destroy(sid_buffer_to_sid_id);
if (sid_id_to_sid_buffer)
g_hash_table_destroy(sid_id_to_sid_buffer);
}
/**
* This is the first entry point into the dissector, called on program launch.
*/
void proto_register_dof(void)
{
dof_tun_register();
dof_register();
oid_register();
dof_dnp_register();
dof_dpp_register();
app_register();
dof_dsp_register();
dof_ccm_register();
dof_oap_register();
dof_sgmp_register();
dof_tep_register();
dof_trp_register();
register_init_routine(&dof_reset_routine);
register_cleanup_routine(&dof_cleanup_routine);
register_shutdown_routine(&dof_shutdown_routine);
}
/**
* This routine is called after initialization and whenever the preferences are changed.
*/
void proto_reg_handoff_dof(void)
{
dof_tun_handoff();
dof_handoff();
oid_handoff();
dof_dnp_handoff();
dof_dpp_handoff();
app_handoff();
dof_dsp_handoff();
dof_ccm_handoff();
dof_oap_handoff();
dof_sgmp_handoff();
dof_tep_handoff();
dof_trp_handoff();
}
/**
* Protocol-specific data attached to a conversation_t structure - protocol
* index and opaque pointer.
*/
typedef struct _dof_proto_data {
int proto;
void *proto_data;
} dof_proto_data;
static gint p_compare(gconstpointer a, gconstpointer b)
{
const dof_proto_data *ap = (const dof_proto_data *)a;
const dof_proto_data *bp = (const dof_proto_data *)b;
if (ap->proto > bp->proto)
return 1;
else if (ap->proto == bp->proto)
return 0;
else
return -1;
}
#if 0 /* TODO not used yet */
static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data)
{
dof_proto_data *p1 = wmem_new0(wmem_packet_scope(), dof_proto_data);
p1->proto = proto;
p1->proto_data = proto_data;
/* Add it to the list of items for this conversation. */
session->data_list = g_slist_insert_sorted(session->data_list, (gpointer *)p1, p_compare);
}
static void *dof_session_get_proto_data(dof_session_data *session, int proto)
{
dof_proto_data temp, *p1;
GSList *item;
temp.proto = proto;
temp.proto_data = NULL;
item = g_slist_find_custom(session->data_list, (gpointer *)&temp,
p_compare);
if (item != NULL)
{
p1 = (dof_proto_data *)item->data;
return p1->proto_data;
}
return NULL;
}
static void dof_session_delete_proto_data(dof_session_data *session, int proto)
{
dof_proto_data temp;
GSList *item;
temp.proto = proto;
temp.proto_data = NULL;
item = g_slist_find_custom(session->data_list, (gpointer *)&temp,
p_compare);
while (item)
{
session->data_list = g_slist_remove(session->data_list, item->data);
item = item->next;
}
}
#endif
static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data)
{
dof_proto_data *p1 = wmem_new0(wmem_file_scope(), dof_proto_data);
p1->proto = proto;
p1->proto_data = proto_data;
/* Add it to the list of items for this conversation. */
packet->data_list = g_slist_insert_sorted(packet->data_list, (gpointer *)p1, p_compare);
}
static void *dof_packet_get_proto_data(dof_packet_data *packet, int proto)
{
dof_proto_data temp, *p1;
GSList *item;
temp.proto = proto;
temp.proto_data = NULL;
item = g_slist_find_custom(packet->data_list, (gpointer *)&temp,
p_compare);
if (item != NULL)
{
p1 = (dof_proto_data *)item->data;
return p1->proto_data;
}
return NULL;
}
#if 0 /* TODO not used yet */
static void dof_packet_delete_proto_data(dof_packet_data *packet, int proto)
{
dof_proto_data temp;
GSList *item;
temp.proto = proto;
temp.proto_data = NULL;
item = g_slist_find_custom(packet->data_list, (gpointer *)&temp,
p_compare);
while (item)
{
packet->data_list = g_slist_remove(packet->data_list, item->data);
item = item->next;
}
}
#endif
static gint dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result)
{
int block_length;
tvbuff_t *start = tvb_new_subset_remaining(tvb, offset);
proto_tree *my_tree;
proto_item *ti = proto_tree_add_item(tree, item, tvb, offset, -1, ENC_NA);
my_tree = proto_item_add_subtree(ti, ett);
block_length = dof_dissect_pdu(dissector, start, pinfo, my_tree, result);
return offset + block_length;
}
static gint dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result)
{
gint len = dissector(tvb, pinfo, tree, result);
proto_item_set_len(proto_tree_get_parent(tree), len);
return len;
}
static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, guint8 version, gint *offset)
{
dissector_handle_t dp;
dp = dissector_get_uint_handle(dnp_framing_dissectors, version);
if (!dp)
return -1;
return call_dissector_only(dp, tvb, pinfo, NULL, offset);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
Reference in New Issue View Git Blame Copy Permalink