epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-reload-framing.c
bloba8f3d3f1fd94fccc8a4dffa2cb82ce46debdabeb
1 /* packet-reload-framing.c
2 * Routines for REsource LOcation And Discovery (RELOAD) Framing
3 * Author: Stephane Bryant <sbryant@glycon.org>
4 * Copyright 2010 Stonyfish Inc.
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
12 * Please refer to the following specs for protocol detail:
13 * - draft-ietf-p2psip-base-15
14 * - RFC 6940 (does this incorporate all changes between
15 * draft-ietf-p2psip-base-15 and RFC 6940, if any?)
18 #include "config.h"
20 #include <epan/packet.h>
21 #include <epan/expert.h>
22 #include <epan/tap.h>
23 #include <epan/exported_pdu.h>
24 #include "packet-tcp.h"
26 void proto_register_reload_framing(void);
27 void proto_reg_handoff_reload_framing(void);
29 /* Initialize the protocol and registered fields */
30 static int proto_reload_framing;
32 static int hf_reload_framing_type;
33 static int hf_reload_framing_sequence;
34 static int hf_reload_framing_ack_sequence;
35 static int hf_reload_framing_message;
36 static int hf_reload_framing_message_length;
37 static int hf_reload_framing_message_data;
38 static int hf_reload_framing_received;
39 static int hf_reload_framing_parsed_received;
40 static int hf_reload_framing_duplicate;
41 static int hf_reload_framing_response_in;
42 static int hf_reload_framing_response_to;
43 static int hf_reload_framing_time;
45 static dissector_handle_t reload_handle;
46 static dissector_handle_t reload_framing_tcp_handle;
47 static dissector_handle_t reload_framing_udp_handle;
49 static int exported_pdu_tap = -1;
51 /* Structure containing transaction specific information */
52 typedef struct _reload_frame_t {
53 uint32_t data_frame;
54 uint32_t ack_frame;
55 nstime_t req_time;
56 } reload_frame_t;
58 /* Structure containing conversation specific information */
59 typedef struct _reload_frame_conv_info_t {
60 wmem_tree_t *transaction_pdus;
61 } reload_conv_info_t;
64 /* RELOAD Message classes = (message_code & 0x1) (response = request +1) */
65 #define DATA 128
66 #define ACK 129
69 /* Initialize the subtree pointers */
70 static int ett_reload_framing;
71 static int ett_reload_framing_message;
72 static int ett_reload_framing_received;
74 static expert_field ei_reload_no_dissector;
76 #define UDP_PORT_RELOAD 6084
77 #define TCP_PORT_RELOAD 6084
79 #define MIN_HDR_LENGTH 9
80 #define MIN_RELOADDATA_HDR_LENGTH 38
82 #define RELOAD_TOKEN 0xd2454c4f
84 static const value_string types[] = {
85 {DATA, "DATA"},
86 {ACK, "ACK"},
87 {0x00, NULL}
90 static unsigned
91 get_reload_framing_message_length(packet_info *pinfo _U_, tvbuff_t *tvb,
92 int offset, void *data _U_)
94 /* Get the type */
95 uint32_t length = 9;
98 if (tvb_get_uint8(tvb, offset) == DATA) {
99 length = 1 + 4 + 3 + tvb_get_ntoh24(tvb, 1 + 4);
102 return length;
106 static int
107 dissect_reload_framing_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool from_dtls)
109 proto_item *ti;
110 proto_tree *reload_framing_tree;
111 uint32_t relo_token;
112 uint32_t message_length = 0;
113 wmem_tree_key_t transaction_id_key[4];
114 uint32_t *key_save, len_save;
115 uint32_t sequence;
116 unsigned effective_length;
117 uint16_t offset;
118 conversation_t *conversation;
119 reload_conv_info_t *reload_framing_info = NULL;
120 reload_frame_t * reload_frame;
121 uint8_t type;
123 offset = 0;
124 effective_length = tvb_captured_length(tvb);
126 /* First, make sure we have enough data to do the check. */
127 if (effective_length < MIN_HDR_LENGTH) {
128 return 0;
131 /* Next, make sure we can create transaction ID keys. */
132 if (!(pinfo->src.data && pinfo->dst.data)) {
133 return 0;
136 conversation = find_conversation_pinfo(pinfo, 0);
137 if (conversation)
138 reload_framing_info = (reload_conv_info_t *)conversation_get_proto_data(conversation, proto_reload_framing);
140 /* Get the type
141 * https://tools.ietf.org/html/draft-ietf-p2psip-base-12
142 * 5.6.2. Framing Header
144 type = tvb_get_uint8(tvb, 0);
146 switch(type) {
147 case DATA:
148 /* in the data type, check the reload token to be sure this
149 * is a reLoad packet
151 if (effective_length < 12) /* [type + seq + length + token] */
152 return 0;
154 relo_token = tvb_get_ntohl(tvb,1 + 4 + 3);
155 if (relo_token != RELOAD_TOKEN) {
156 return 0;
158 message_length = tvb_get_ntoh24(tvb, 1 + 4);
159 if (message_length < MIN_RELOADDATA_HDR_LENGTH) {
160 return 0;
162 break;
163 case ACK:
164 /* Require previous ACK (i.e., reload_framing_info attached to conversation). */
165 if (effective_length < 9 || ! reload_framing_info) {
166 return 0;
168 break;
169 default:
170 return 0;
173 if (from_dtls && have_tap_listener(exported_pdu_tap)) {
174 exp_pdu_data_t *exp_pdu_data = export_pdu_create_common_tags(pinfo, "reload-framing", EXP_PDU_TAG_DISSECTOR_NAME);
176 exp_pdu_data->tvb_captured_length = effective_length;
177 exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
178 exp_pdu_data->pdu_tvb = tvb;
180 tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
183 /* The message seems to be a valid RELOAD framing message! */
185 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RELOAD Frame");
186 col_clear(pinfo->cinfo, COL_INFO);
188 /* Create the transaction key which may be used to track the conversation */
190 sequence = tvb_get_ntohl(tvb, 1);
191 transaction_id_key[0].length = 1;
192 transaction_id_key[0].key = &sequence; /* sequence number */
194 /* When the wmem_tree_* functions iterate through the keys, they
195 * perform pointer arithmetic with uint32_t (which requires copying
196 * the address, at least on some platforms, as there's no guarantee
197 * that the address structure data field is 4-byte aligned), so we
198 * have to divide our length fields by that to make things work, but
199 * we still want to wmem_alloc and memcpy the entire amounts, since
200 * those both operate in raw bytes. */
201 if (type==DATA) {
202 transaction_id_key[1].length = 1;
203 transaction_id_key[1].key = &pinfo->srcport;
204 transaction_id_key[2].length = (pinfo->src.len) / (unsigned)sizeof(uint32_t);
205 transaction_id_key[2].key = (uint32_t *)wmem_alloc(pinfo->pool, pinfo->src.len);
206 memcpy(transaction_id_key[2].key, pinfo->src.data, pinfo->src.len);
208 else {
209 transaction_id_key[1].length = 1;
210 transaction_id_key[1].key = &pinfo->destport;
211 transaction_id_key[2].length = (pinfo->dst.len) / (unsigned)sizeof(uint32_t);
212 transaction_id_key[2].key = (uint32_t *)wmem_alloc(pinfo->pool, pinfo->dst.len);
213 memcpy(transaction_id_key[2].key, pinfo->dst.data, pinfo->dst.len);
215 transaction_id_key[3].length=0;
216 transaction_id_key[3].key=NULL;
217 /* The tree functions are destructive to this part of the key, so save the
218 * proper values here and restore them after each call. */
219 key_save = transaction_id_key[2].key;
220 len_save = transaction_id_key[2].length;
222 if (!conversation) {
223 conversation = conversation_new(pinfo->num, &pinfo->src, &pinfo->dst,
224 conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, 0);
228 * Do we already have a state structure for this conv
230 if (!reload_framing_info) {
231 /* No. Attach that information to the conversation, and add
232 * it to the list of information structures.
234 reload_framing_info = wmem_new(wmem_file_scope(), reload_conv_info_t);
235 reload_framing_info->transaction_pdus = wmem_tree_new(wmem_file_scope());
236 conversation_add_proto_data(conversation, proto_reload_framing, reload_framing_info);
239 if (!pinfo->fd->visited) {
240 if ((reload_frame = (reload_frame_t *)
241 wmem_tree_lookup32_array(reload_framing_info->transaction_pdus, transaction_id_key)) == NULL) {
242 transaction_id_key[2].key = key_save;
243 transaction_id_key[2].length = len_save;
244 reload_frame = wmem_new(wmem_file_scope(), reload_frame_t);
245 reload_frame->data_frame = 0;
246 reload_frame->ack_frame = 0;
247 reload_frame->req_time = pinfo->abs_ts;
248 wmem_tree_insert32_array(reload_framing_info->transaction_pdus, transaction_id_key, (void *)reload_frame);
250 transaction_id_key[2].key = key_save;
251 transaction_id_key[2].length = len_save;
253 /* check whether the message is a request or a response */
255 if (type == DATA) {
256 /* This is a data */
257 if (reload_frame->data_frame == 0) {
258 reload_frame->data_frame = pinfo->num;
261 else {
262 /* This is a catch-all for all non-request messages */
263 if (reload_frame->ack_frame == 0) {
264 reload_frame->ack_frame = pinfo->num;
268 else {
269 reload_frame=(reload_frame_t *)wmem_tree_lookup32_array(reload_framing_info->transaction_pdus, transaction_id_key);
270 transaction_id_key[2].key = key_save;
271 transaction_id_key[2].length = len_save;
274 if (!reload_frame) {
275 /* create a "fake" pana_trans structure */
276 reload_frame = wmem_new(pinfo->pool, reload_frame_t);
277 reload_frame->data_frame = (type==DATA) ? pinfo->num : 0;
278 reload_frame->ack_frame = (type!=DATA) ? pinfo->num : 0;
279 reload_frame->req_time = pinfo->abs_ts;
282 ti = proto_tree_add_item(tree, proto_reload_framing, tvb, 0, -1, ENC_NA);
284 reload_framing_tree = proto_item_add_subtree(ti, ett_reload_framing);
286 col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(type, types, "Unknown"));
287 proto_item_append_text(ti, ": %s", val_to_str_const(type, types, "Unknown"));
289 /* Retransmission control */
290 if (type == DATA) {
291 if (reload_frame->data_frame != pinfo->num) {
292 proto_item *it;
293 it = proto_tree_add_uint(reload_framing_tree, hf_reload_framing_duplicate, tvb, 0, 0, reload_frame->data_frame);
294 proto_item_set_generated(it);
296 if (reload_frame->ack_frame) {
297 proto_item *it;
298 it = proto_tree_add_uint(reload_framing_tree, hf_reload_framing_response_in, tvb, 0, 0, reload_frame->ack_frame);
299 proto_item_set_generated(it);
302 else {
303 /* This is a response */
304 if (reload_frame->ack_frame != pinfo->num) {
305 proto_item *it;
306 it = proto_tree_add_uint(reload_framing_tree, hf_reload_framing_duplicate, tvb, 0, 0, reload_frame->ack_frame);
307 proto_item_set_generated(it);
310 if (reload_frame->data_frame) {
311 proto_item *it;
312 nstime_t ns;
314 it = proto_tree_add_uint(reload_framing_tree, hf_reload_framing_response_to, tvb, 0, 0, reload_frame->data_frame);
315 proto_item_set_generated(it);
317 nstime_delta(&ns, &pinfo->abs_ts, &reload_frame->req_time);
318 it = proto_tree_add_time(reload_framing_tree, hf_reload_framing_time, tvb, 0, 0, &ns);
319 proto_item_set_generated(it);
324 * Message dissection
326 proto_tree_add_item(reload_framing_tree, hf_reload_framing_type, tvb, offset , 1, ENC_BIG_ENDIAN);
327 offset += 1;
328 switch (type) {
330 case DATA:
332 tvbuff_t *next_tvb;
333 proto_item *ti_message;
334 proto_tree *message_tree;
336 proto_tree_add_item(reload_framing_tree, hf_reload_framing_sequence, tvb, offset , 4, ENC_BIG_ENDIAN);
337 offset += 4;
338 ti_message = proto_tree_add_item(reload_framing_tree, hf_reload_framing_message, tvb, offset, 3+message_length, ENC_NA);
339 proto_item_append_text(ti_message, " (opaque<%d>)", message_length);
340 message_tree = proto_item_add_subtree(ti_message, ett_reload_framing_message);
341 proto_tree_add_item(message_tree, hf_reload_framing_message_length, tvb, offset, 3, ENC_BIG_ENDIAN);
342 offset += 3;
343 proto_tree_add_item(message_tree, hf_reload_framing_message_data, tvb, offset, message_length, ENC_NA);
344 next_tvb = tvb_new_subset_length_caplen(tvb, offset, effective_length - offset, message_length);
345 if (reload_handle == NULL) {
346 expert_add_info(pinfo, ti, &ei_reload_no_dissector);
347 return tvb_captured_length(tvb);
349 call_dissector_only(reload_handle, next_tvb, pinfo, tree, NULL);
351 break;
353 case ACK:
355 proto_item *ti_received;
357 proto_tree_add_uint(reload_framing_tree, hf_reload_framing_ack_sequence, tvb, offset , 4, sequence);
358 offset += 4;
360 ti_received = proto_tree_add_item(reload_framing_tree, hf_reload_framing_received, tvb, offset , 4, ENC_BIG_ENDIAN);
362 uint32_t received;
363 int last_received = -1;
364 unsigned int indx = 0;
365 proto_tree *received_tree;
366 proto_item *ti_parsed_received = NULL;
368 received = tvb_get_ntohl(tvb, offset);
369 while ((indx<32) && (received<<indx) != 0) {
370 if (received &(1U<<(31-indx))) {
371 if (indx==0) {
372 received_tree = proto_item_add_subtree(ti_received, ett_reload_framing_received);
373 ti_parsed_received = proto_tree_add_item(received_tree, hf_reload_framing_parsed_received, tvb, offset, 4, ENC_NA);
374 proto_item_append_text(ti_parsed_received, "[%u", (sequence -32+indx));
375 last_received = indx;
377 else {
378 if (received &(1U<<(31-indx+1))) {
379 indx++;
380 /* the previous one is also acked: in the middle of a range: skip */
381 continue;
383 else {
384 /* 1st acked in a series */
385 if (last_received<0) {
386 /* 1st acked ever */
387 received_tree = proto_item_add_subtree(ti_received, ett_reload_framing_received);
388 ti_parsed_received = proto_tree_add_item(received_tree, hf_reload_framing_parsed_received, tvb, offset, 4, ENC_NA);
389 proto_item_append_text(ti_parsed_received, "[%u",(sequence-32+indx));
391 else {
392 proto_item_append_text(ti_parsed_received, ",%u",(sequence-32+indx));
394 last_received = indx;
399 else if (indx>0) {
400 if ((indx>1) && (received &(1U<<(31-indx+1))) && (received &(1U<<(31-indx+2)))) {
401 /* end of a series */
402 if ((indx>2) && (received &(1U<<(31-indx+3)))) {
403 proto_item_append_text(ti_parsed_received,"-%u",(sequence-32+indx-1));
405 else {
406 /* just a pair */
407 proto_item_append_text(ti_received, ",%u", (sequence-32+indx-1));
410 else {
411 indx++;
412 continue;
415 indx++;
417 if (last_received>=0) {
418 if ((indx>1) && (received &(1U<<(31-indx+1))) && (received &(1U<<(31-indx+2)))) {
419 /* end of a series */
420 if ((indx>2) && (received &(1U<<(31-indx+3)))) {
421 proto_item_append_text(ti_parsed_received,"-%u",(sequence-32+indx-1));
423 else {
424 /* just a pair */
425 proto_item_append_text(ti_parsed_received, ",%u", (sequence-32+indx-1));
428 proto_item_append_text(ti_parsed_received, "]");
429 proto_item_set_generated(ti_parsed_received);
433 break;
435 default:
436 DISSECTOR_ASSERT_NOT_REACHED();
439 return tvb_captured_length(tvb);
442 static int
443 dissect_reload_framing(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
445 return dissect_reload_framing_message(tvb, pinfo, tree, false);
448 static int
449 dissect_reload_framing_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
451 /* XXX: Check if we have a valid RELOAD Frame Type ? */
452 tcp_dissect_pdus(tvb, pinfo, tree, true, MIN_HDR_LENGTH,
453 get_reload_framing_message_length, dissect_reload_framing, data);
454 return tvb_captured_length(tvb);
457 /* ToDo: If a TCP connection is identified heuristically as reload-framing, then
458 * the code should be such that reload-framing PDUs can be re-assembled (as is
459 * done for a TCP connection identified as reload-framing because of
460 * the TCP port used).
462 static bool
463 dissect_reload_framing_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
465 if (dissect_reload_framing_message(tvb, pinfo, tree, false) == 0) {
467 * It wasn't a valid RELOAD message, and wasn't
468 * dissected as such.
470 return false;
472 return true;
475 static bool
476 dissect_reload_framing_heur_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
478 if (dissect_reload_framing_message(tvb, pinfo, tree, true) == 0) {
480 * It wasn't a valid RELOAD message, and wasn't
481 * dissected as such.
483 return false;
485 return true;
488 void
489 proto_register_reload_framing(void)
492 static hf_register_info hf[] = {
493 { &hf_reload_framing_type,
494 { "type (FramedMessageType)", "reload_framing.type", FT_UINT8,
495 BASE_DEC, VALS(types), 0x0, NULL, HFILL
498 { &hf_reload_framing_sequence,
499 { "sequence (uint32)", "reload_framing.sequence", FT_UINT32,
500 BASE_DEC, NULL, 0x0, NULL, HFILL
503 { &hf_reload_framing_ack_sequence,
504 { "ack_sequence (uint32)", "reload_framing.ack_sequence", FT_UINT32,
505 BASE_DEC, NULL, 0x0, NULL, HFILL
508 { &hf_reload_framing_message,
509 { "message", "reload_framing.message", FT_NONE,
510 BASE_NONE, NULL, 0x0, NULL, HFILL
513 { &hf_reload_framing_message_length,
514 { "length (uint24)", "reload_framing.message.length", FT_UINT32,
515 BASE_DEC, NULL, 0x0, NULL, HFILL
518 { &hf_reload_framing_message_data,
519 { "data", "reload_framing.message.data", FT_BYTES,
520 BASE_NONE, NULL, 0x0, NULL, HFILL
523 { &hf_reload_framing_received,
524 { "received (uint32)", "reload_framing.received", FT_UINT32,
525 BASE_HEX, NULL, 0x0, NULL, HFILL
528 { &hf_reload_framing_parsed_received,
529 { "Acked Frames:", "reload_framing.parsed_received", FT_NONE,
530 BASE_NONE, NULL, 0x0, NULL, HFILL
533 { &hf_reload_framing_response_in,
534 { "Response In", "reload_framing.response-in", FT_FRAMENUM,
535 BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0, "The response to this RELOAD Request is in this frame", HFILL
538 { &hf_reload_framing_response_to,
539 { "Request In", "reload_framing.response-to", FT_FRAMENUM,
540 BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0, "This is a response to the RELOAD Request in this frame", HFILL
543 { &hf_reload_framing_time,
544 { "Time", "reload_framing.time", FT_RELATIVE_TIME,
545 BASE_NONE, NULL, 0x0, "The time between the Request and the Response", HFILL
548 { &hf_reload_framing_duplicate,
549 { "Duplicated original message in", "reload_framing.duplicate", FT_FRAMENUM,
550 BASE_NONE, NULL, 0x0, "This is a duplicate of RELOAD message in this frame", HFILL
555 /* Setup protocol subtree array */
556 static int *ett[] = {
557 &ett_reload_framing,
558 &ett_reload_framing_message,
559 &ett_reload_framing_received,
562 static ei_register_info ei[] = {
563 { &ei_reload_no_dissector, { "reload_framing.no_dissector", PI_PROTOCOL, PI_WARN, "Can not find reload dissector", EXPFILL }},
566 expert_module_t* expert_reload_framing;
568 /* Register the protocol name and description */
569 proto_reload_framing = proto_register_protocol("REsource LOcation And Discovery Framing", "RELOAD FRAMING", "reload-framing");
571 /* Required function calls to register the header fields and subtrees used */
572 proto_register_field_array(proto_reload_framing, hf, array_length(hf));
573 proto_register_subtree_array(ett, array_length(ett));
574 expert_reload_framing = expert_register_protocol(proto_reload_framing);
575 expert_register_field_array(expert_reload_framing, ei, array_length(ei));
577 reload_framing_udp_handle = register_dissector("reload-framing", dissect_reload_framing, proto_reload_framing);
578 reload_framing_tcp_handle = register_dissector("reload-framing.tcp", dissect_reload_framing_tcp, proto_reload_framing);
582 void
583 proto_reg_handoff_reload_framing(void)
585 reload_handle = find_dissector_add_dependency("reload", proto_reload_framing);
587 dissector_add_uint_with_preference("tcp.port", TCP_PORT_RELOAD, reload_framing_tcp_handle);
588 dissector_add_uint_with_preference("udp.port", UDP_PORT_RELOAD, reload_framing_udp_handle);
590 heur_dissector_add("udp", dissect_reload_framing_heur, "RELOAD Framing over UDP", "reload_framing_udp", proto_reload_framing, HEURISTIC_ENABLE);
591 heur_dissector_add("tcp", dissect_reload_framing_heur, "RELOAD Framing over TCP", "reload_framing_tcp", proto_reload_framing, HEURISTIC_ENABLE);
592 heur_dissector_add("dtls", dissect_reload_framing_heur_dtls, "RELOAD Framing over DTLS", "reload_framing_dtls", proto_reload_framing, HEURISTIC_ENABLE);
594 exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
598 * Editor modelines - https://www.wireshark.org/tools/modelines.html
600 * Local variables:
601 * c-basic-offset: 2
602 * tab-width: 8
603 * indent-tabs-mode: nil
604 * End:
606 * vi: set shiftwidth=2 tabstop=8 expandtab:
607 * :indentSize=2:tabSize=8:noTabs=true: