search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-blip.c
blob96aeacad1ac9bbf6209d84bd8358d56f78d64327
1 /* packet-blip.c
2 *
3 * BLIP protocol for Couchbase Lite <-> Sync Gateway 2.0+ Replication
4 *
5 * Spec: https://github.com/couchbaselabs/BLIP-Cpp/blob/master/docs/BLIP%20Protocol.md
6 *
7 * Copyright 2018, Traun Leyden <traun@couchbase.com>
8 * Copyright 2018, Jim Borden <jim.borden@couchbase.com>
9 *
10 * Wireshark - Network traffic analyzer
11 * By Gerald Combs <gerald@wireshark.org>
12 * Copyright 1998 Gerald Combs
13 *
14 * SPDX-License-Identifier: GPL-2.0-or-later
15 */
16
17 #include "config.h"
18
19 #include <epan/packet.h>
20 #include <epan/conversation.h>
21 #include <epan/prefs.h>
22 #include <epan/expert.h>
23 #include <epan/strutil.h>
24 #include "proto_data.h"
25
26 #if defined(HAVE_ZLIB) && !defined(HAVE_ZLIBNG)
27 #define ZLIB_PREFIX(x) x
28 #include <zlib.h>
29 typedef z_stream zlib_stream;
30 #endif /* HAVE_ZLIB */
31
32 #ifdef HAVE_ZLIBNG
33 #define ZLIB_PREFIX(x) zng_ ## x
34 #include <zlib-ng.h>
35 typedef zng_stream zlib_stream;
36 #endif /* HAVE_ZLIBNG */
37 void proto_reg_handoff_blip(void);
38 void proto_register_blip(void);
39
40 #define BLIP_BODY_CHECKSUM_SIZE 4
41
42 // blip_conversation_entry_t is metadata that the blip dissector associates w/ each wireshark conversation
43 typedef struct {
44
45 // Keep track of the largest frame number seen. This is useful for determining whether
46 // this is the first frame in a request message or not.
47
48 // key: msgtype:srcport:destport:messagenumber -> value: frame number for the _first_ frame in this request message
49 // Example: "MSG:23243:4984:56" -> 12
50 // which means: "the first frame for blip message number 56, originating from source port 23243,
51 // ... and going to port 4984 for message type = MSG occurred in wireshark packet #12"
52 wmem_map_t *blip_requests;
53
54 #if defined(HAVE_ZLIB) || defined(HAVE_ZLIBNG)
55 // The streams used to decode a particular connection. These are per direction and per connection.
56 wmem_map_t *decompress_streams;
57 #endif
58 } blip_conversation_entry_t;
59
60 #if defined (HAVE_ZLIB) || defined (HAVE_ZLIBNG)
61 typedef enum
62 {
63 no_error = 0,
64 zlib_error,
65 overflow_error
66 } decompress_error_t;
67
68 typedef struct
69 {
70 decompress_error_t domain;
71 int code;
72 size_t size;
73 void* buf;
74 } decompress_result_t;
75 #endif
76
77 // File level variables
78 static dissector_handle_t blip_handle;
79 static int proto_blip;
80 static int hf_blip_message_number;
81 static int hf_blip_frame_flags;
82 static int hf_blip_properties_length;
83 static int hf_blip_properties;
84 static int hf_blip_message_body;
85 static int hf_blip_ack_size;
86 static int hf_blip_checksum;
87
88 static int ett_blip;
89
90 static expert_field ei_blip_decompress_buffer_error;
91
92 // Compressed = 0x08
93 // Urgent = 0x10
94 // NoReply = 0x20
95 // MoreComing = 0x40
96 // In ascending order so that a binary search will be used as per the
97 // README.dissector
98 static const value_string flag_combos[] = {
99 { 0x00, "None" },
100 { 0x08, "Compressed" },
101 { 0x10, "Urgent" },
102 { 0x10|0x08, "Compressed|Urgent" },
103 { 0x20, "NoReply" },
104 { 0x20|0x08, "Compressed|NoReply" },
105 { 0x20|0x10, "Urgent|NoReply" },
106 { 0x20|0x10|0x08, "Compressed|Urgent|NoReply" },
107 { 0x40, "MoreComing" },
108 { 0x40|0x08, "Compressed|MoreComing" },
109 { 0x40|0x10, "Urgent|MoreComing" },
110 { 0x40|0x10|0x08, "Compressed|Urgent|MoreComing" },
111 { 0x40|0x20, "NoReply|MoreComing" },
112 { 0x40|0x20|0x08, "Compressed|NoReply|MoreComing" },
113 { 0x40|0x20|0x10, "Urgent|NoReply|MoreComing" },
114 { 0x40|0x20|0x10|0x08, "Compressed|Urgent|NoReply|MoreComing" },
115 { 0, NULL }
116 };
117
118 static value_string_ext flag_combos_ext = VALUE_STRING_EXT_INIT(flag_combos);
119
120 static const val64_string msg_types[] = {
121 { 0x00ll, "MSG" },
122 { 0x01ll, "RPY" },
123 { 0x02ll, "ERR" },
124 { 0x04ll, "ACKMSG" },
125 { 0x05ll, "ACKRPY" },
126 { 0, NULL }
127 };
128
129 // Preferences
130 #if defined (HAVE_ZLIB) || defined (HAVE_ZLIBNG)
131 static unsigned max_uncompressed_size = 64; // Max uncompressed body size in Kb
132 #endif
133
134 // MSG = 0x00
135 // RPY = 0x01
136 // ERR = 0x02
137 // ACKMSG = 0x04
138 // ACKRPY = 0x05
139 static const char*
140 get_message_type(uint64_t value_frame_flags)
141 {
142 // Mask out the least significant bits: 0000 0111
143 uint64_t type_mask_val = (0x07ll & value_frame_flags);
144 return val64_to_str_const(type_mask_val, msg_types, "???");
145 }
146
147 static bool
148 is_ack_message(uint64_t value_frame_flags) {
149 // Note, even though this is a 64-bit int, only the least significant byte has meaningful information,
150 // since frame flags all fit into one byte at the time this code was written.
151
152 // Mask out the least significant bits: 0000 0111
153 uint64_t type_mask_val = (0x07ll & value_frame_flags);
154
155 // ACKMSG
156 if (type_mask_val == 0x04ll) {
157 return true;
158 }
159
160 // ACKRPY
161 if (type_mask_val == 0x05ll) {
162 return true;
163 }
164
165 return false;
166 }
167
168 static bool
169 is_compressed(uint64_t value_frame_flags)
170 {
171 // Note, even though this is a 64-bit int, only the least significant byte has meaningful information,
172 // since frame flags all fit into one byte at the time this code was written.
173
174 if ((0x08ll & value_frame_flags) == 0x08ll) {
175 return true;
176 }
177
178 return false;
179
180 }
181
182 static char*
183 message_hash_key_convo(packet_info *pinfo,
184 uint64_t value_frame_flags,
185 uint64_t value_message_num)
186 {
187 // Derive the hash key to use
188 // msgtype:srcport:destport:messagenum
189
190 const char *msg_type = get_message_type(value_frame_flags);
191 char *hash_key = wmem_strdup_printf(pinfo->pool, "%s:%u:%u:%" PRIu64,
192 msg_type, pinfo->srcport, pinfo->destport, value_message_num);
193
194 return hash_key;
195 }
196
197 // Finds out whether this is the first blip frame in the blip message (which can consist of a series of frames).
198 // If it is, updates the conversation_entry_ptr->blip_requests hash to record the pinfo->num (wireshark packet number)
199 static bool
200 is_first_frame_in_msg(blip_conversation_entry_t *conversation_entry_ptr, packet_info *pinfo,
201 uint64_t value_frame_flags, uint64_t value_message_num) {
202
203 bool first_frame_in_msg = true;
204
205 // Temporary pool for the lookup hash_key. Will get duplicated on the file_scope() pool if needed to be
206 // stored in the hashtable.
207 char *hash_key = message_hash_key_convo(pinfo, value_frame_flags, value_message_num);
208 unsigned* first_frame_number_for_msg = (unsigned*)wmem_map_lookup(conversation_entry_ptr->blip_requests, (void *) hash_key);
209
210 if (first_frame_number_for_msg != NULL) {
211 if (GPOINTER_TO_UINT(first_frame_number_for_msg) != pinfo->num) {
212 first_frame_in_msg = false;
213 }
214 } else {
215 // If storing the key in the hashmap, re-allocate it with the file_scope() allocator
216 char *hash_key_copy = wmem_strdup(wmem_file_scope(), hash_key);
217
218 wmem_map_insert(conversation_entry_ptr->blip_requests, (void *) hash_key_copy, GUINT_TO_POINTER(pinfo->num));
219 }
220
221 return first_frame_in_msg;
222 }
223
224 static int
225 handle_ack_message(tvbuff_t *tvb, _U_ packet_info *pinfo, proto_tree *blip_tree, int offset, _U_ uint64_t value_frame_flags)
226 {
227 // This gets the number of ack bytes received as a var int in order to find out how much to bump
228 // the offset for the next proto_tree item
229 uint64_t value_ack_size;
230 unsigned varint_ack_size_length = tvb_get_varint(
231 tvb,
232 offset,
233 FT_VARINT_MAX_LEN,
234 &value_ack_size,
235 ENC_VARINT_PROTOBUF);
236
237 proto_tree_add_item(blip_tree, hf_blip_ack_size, tvb, offset, varint_ack_size_length, ENC_VARINT_PROTOBUF);
238
239 return tvb_captured_length(tvb);
240 }
241
242 static blip_conversation_entry_t*
243 get_blip_conversation(packet_info* pinfo)
244 {
245 // Create a new conversation if needed and associate the blip_conversation_entry_t with it
246 // Adapted from sample code in doc/README.dissector
247 conversation_t *conversation;
248 conversation = find_or_create_conversation(pinfo);
249 blip_conversation_entry_t *conversation_entry_ptr = (blip_conversation_entry_t*)conversation_get_proto_data(conversation, proto_blip);
250 if (conversation_entry_ptr == NULL) {
251
252 // create a new blip_conversation_entry_t
253 conversation_entry_ptr = wmem_new(wmem_file_scope(), blip_conversation_entry_t);
254
255 // create a new hash map and save a reference in blip_conversation_entry_t
256 conversation_entry_ptr->blip_requests = wmem_map_new(wmem_file_scope(), g_str_hash, g_str_equal);
257 #if defined(HAVE_ZLIB) || defined(HAVE_ZLIBNG)
258 conversation_entry_ptr->decompress_streams = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal);
259 #endif
260 conversation_add_proto_data(conversation, proto_blip, conversation_entry_ptr);
261 }
262
263 return conversation_entry_ptr;
264 }
265
266 #if defined (HAVE_ZLIB) || defined (HAVE_ZLIBNG)
267 static bool
268 z_stream_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data)
269 {
270 zlib_stream*decompress_stream = (zlib_stream*)user_data;
271 ZLIB_PREFIX(inflateEnd)(decompress_stream);
272 return false;
273 }
274
275 static zlib_stream*
276 get_decompress_stream(packet_info* pinfo)
277 {
278 const blip_conversation_entry_t* blip_convo = get_blip_conversation(pinfo);
279
280 // Store compression state per srcport/destport.
281 uint32_t hash_key = (pinfo->srcport << 16) | pinfo->destport;
282 zlib_stream* decompress_stream = (zlib_stream*)wmem_map_lookup(blip_convo->decompress_streams, GUINT_TO_POINTER(hash_key));
283 if(decompress_stream) {
284 return decompress_stream;
285 }
286
287 decompress_stream = wmem_new0(wmem_file_scope(), zlib_stream);
288 wmem_map_insert(blip_convo->decompress_streams, GUINT_TO_POINTER(hash_key), decompress_stream);
289 wmem_register_callback(wmem_file_scope(), z_stream_destroy_cb, decompress_stream);
290
291 return decompress_stream;
292 }
293
294 static tvbuff_t*
295 decompress(packet_info* pinfo, proto_tree* tree, tvbuff_t* tvb, int offset, int length)
296 {
297 if(PINFO_FD_VISITED(pinfo)) {
298 const decompress_result_t* saved_data = (decompress_result_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_blip, 0);
299 if(!saved_data) {
300 proto_tree_add_string(tree, hf_blip_message_body, tvb, offset, tvb_reported_length_remaining(tvb, offset), "<Error decompressing data>");
301 return NULL;
302 }
303
304 if(saved_data->domain) {
305 proto_item* field = proto_tree_add_string(tree, hf_blip_message_body, tvb, offset, tvb_reported_length_remaining(tvb, offset), "<Error decompressing data>");
306 if(saved_data->domain == zlib_error) {
307 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, got zlib error %d", saved_data->code);
308 } else {
309 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, buffer too small (%u Kb). Please adjust in settings.", max_uncompressed_size);
310 }
311
312 return NULL;
313 } else {
314 tvbuff_t* decompressedChild = tvb_new_child_real_data(tvb, (uint8_t *)saved_data->buf,
315 (int)saved_data->size, (int)saved_data->size);
316 add_new_data_source(pinfo, decompressedChild, "Decompressed Payload");
317 return decompressedChild;
318 }
319 }
320
321 static bool size_overflow = false;
322 const uint8_t* buf = tvb_get_ptr(tvb, offset, length);
323 zlib_stream* decompress_stream = get_decompress_stream(pinfo);
324 static Byte trailer[4] = { 0x00, 0x00, 0xff, 0xff };
325 if(!decompress_stream->next_out) {
326 decompress_stream->zalloc = 0;
327 decompress_stream->zfree = 0;
328 decompress_stream->opaque = 0;
329 int err = ZLIB_PREFIX(inflateInit2)(decompress_stream, -MAX_WBITS);
330 if(err != Z_OK) {
331 decompress_stream->next_out = 0;
332 REPORT_DISSECTOR_BUG("Unable to create INFLATE context to decompress messages");
333 return NULL;
334 }
335 }
336
337 // Create a temporary buffer of the maximum size, which will get cleaned up later
338 // when the packet scope is freed
339 uInt buffer_size = max_uncompressed_size * 1024;
340 Bytef* decompress_buffer = (Bytef*)wmem_alloc(pinfo->pool, buffer_size);
341 decompress_stream->next_in = (Bytef*)buf;
342 decompress_stream->avail_in = length;
343 decompress_stream->next_out = decompress_buffer;
344 decompress_stream->avail_out = buffer_size;
345 size_t start = decompress_stream->total_out;
346 int err = ZLIB_PREFIX(inflate)(decompress_stream, Z_NO_FLUSH);
347 if(err != Z_OK) {
348 proto_item* field = proto_tree_add_string(tree, hf_blip_message_body, tvb, offset, tvb_reported_length_remaining(tvb, offset), "<Error decompressing data>");
349 decompress_result_t* data_to_save = wmem_new0(wmem_file_scope(), decompress_result_t);
350 if(size_overflow && err == Z_DATA_ERROR) {
351 data_to_save->domain = overflow_error;
352 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, buffer too small (%u Kb). Please adjust in settings.", max_uncompressed_size);
353 } else {
354 data_to_save->domain = zlib_error;
355 data_to_save->code = err;
356 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, got zlib error %d", err);
357 }
358
359 p_add_proto_data(wmem_file_scope(), pinfo, proto_blip, 0, data_to_save);
360 return NULL;
361 }
362
363 decompress_stream->next_in = trailer;
364 decompress_stream->avail_in = 4;
365 err = ZLIB_PREFIX(inflate)(decompress_stream, Z_SYNC_FLUSH);
366 if(err != Z_OK) {
367 proto_item* field = proto_tree_add_string(tree, hf_blip_message_body, tvb, offset, tvb_reported_length_remaining(tvb, offset), "<Error decompressing data>");
368 decompress_result_t* data_to_save = wmem_new0(wmem_file_scope(), decompress_result_t);
369 if(err == Z_BUF_ERROR) {
370 data_to_save->domain = overflow_error;
371 size_overflow = true;
372 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, buffer too small (%u Kb). Please adjust in settings.", max_uncompressed_size);
373 } else {
374 data_to_save->domain = zlib_error;
375 data_to_save->code = err;
376 expert_add_info_format(pinfo, field, &ei_blip_decompress_buffer_error, "Unable to decompress message, got zlib error %d", err);
377 }
378
379 p_add_proto_data(wmem_file_scope(), pinfo, proto_blip, 0, data_to_save);
380 return NULL;
381 }
382
383 // Shrink the buffer so that there is not wasted space on the end of it since
384 // it will be long lived in the file scope
385 size_t bodyLength = decompress_stream->total_out - start;
386 Bytef* shortened_buffer = (Bytef *)wmem_memdup(wmem_file_scope(), decompress_buffer, bodyLength);
387
388 tvbuff_t* decompressedChild = tvb_new_child_real_data(tvb, shortened_buffer, (unsigned)bodyLength, (int)bodyLength);
389 add_new_data_source(pinfo, decompressedChild, "Decompressed Payload");
390 decompress_result_t* data_to_save = wmem_new0(wmem_file_scope(), decompress_result_t);
391 data_to_save->size = (size_t)bodyLength;
392 data_to_save->buf = shortened_buffer;
393 p_add_proto_data(wmem_file_scope(), pinfo, proto_blip, 0, data_to_save);
394
395 return decompressedChild;
396 }
397 #endif /* HAVE_ZLIB */
398
399 static int
400 dissect_blip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, _U_ void *data)
401 {
402
403 proto_tree *blip_tree;
404 int offset = 0;
405
406 /* Set the protocol column to say BLIP */
407 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BLIP");
408 /* Clear out stuff in the info column */
409 col_clear(pinfo->cinfo,COL_INFO);
410
411 // ------------------------------------- Setup BLIP tree -----------------------------------------------------------
412
413
414 /* Add a subtree to dissection. See WSDG 9.2.2. Dissecting the details of the protocol */
415 proto_item *blip_item = proto_tree_add_item(tree, proto_blip, tvb, offset, -1, ENC_NA);
416
417 blip_tree = proto_item_add_subtree(blip_item, ett_blip);
418
419
420 // ------------------------ BLIP Frame Header: Message Number VarInt -----------------------------------------------
421
422 // This gets the message number as a var int in order to find out how much to bump
423 // the offset for the next proto_tree item
424 uint64_t value_message_num;
425 unsigned varint_message_num_length = tvb_get_varint(
426 tvb,
427 offset,
428 FT_VARINT_MAX_LEN,
429 &value_message_num,
430 ENC_VARINT_PROTOBUF);
431
432 proto_tree_add_item(blip_tree, hf_blip_message_number, tvb, offset, varint_message_num_length, ENC_VARINT_PROTOBUF);
433
434 offset += varint_message_num_length;
435
436 // ------------------------ BLIP Frame Header: Frame Flags VarInt --------------------------------------------------
437
438 // This gets the message number as a var int in order to find out how much to bump
439 // the offset for the next proto_tree item
440 uint64_t value_frame_flags;
441 unsigned varint_frame_flags_length = tvb_get_varint(
442 tvb,
443 offset,
444 FT_VARINT_MAX_LEN,
445 &value_frame_flags,
446 ENC_VARINT_PROTOBUF);
447
448 uint64_t masked = value_frame_flags & ~0x07;
449 proto_tree_add_uint(blip_tree, hf_blip_frame_flags, tvb, offset, varint_frame_flags_length, (uint8_t)masked);
450
451 offset += varint_frame_flags_length;
452
453 const char* msg_type = get_message_type(value_frame_flags);
454 char* msg_num = wmem_strdup_printf(pinfo->pool, "#%" PRIu64, value_message_num);
455 char* col_info = wmem_strconcat(pinfo->pool, msg_type, msg_num, NULL);
456 col_add_str(pinfo->cinfo, COL_INFO, col_info);
457
458 // If it's an ACK message, handle that separately, since there are no properties etc.
459 if (is_ack_message(value_frame_flags) == true) {
460 return handle_ack_message(tvb, pinfo, blip_tree, offset, value_frame_flags);
461 }
462
463
464 // ------------------------------------- Conversation Tracking -----------------------------------------------------
465
466 blip_conversation_entry_t *conversation_entry_ptr = get_blip_conversation(pinfo);
467
468 // Is this the first frame in a blip message with multiple frames?
469 bool first_frame_in_msg = is_first_frame_in_msg(
470 conversation_entry_ptr,
471 pinfo,
472 value_frame_flags,
473 value_message_num
474 );
475
476 tvbuff_t* tvb_to_use = tvb;
477 bool compressed = is_compressed(value_frame_flags);
478
479 if(compressed) {
480 #if defined (HAVE_ZLIB) || defined (HAVE_ZLIBNG)
481 tvb_to_use = decompress(pinfo, blip_tree, tvb, offset, tvb_reported_length_remaining(tvb, offset) - BLIP_BODY_CHECKSUM_SIZE);
482 if(!tvb_to_use) {
483 return tvb_reported_length(tvb);
484 }
485 offset = 0;
486 #else /* ! HAVE_ZLIB */
487 proto_tree_add_string(tree, hf_blip_message_body, tvb, offset, tvb_reported_length_remaining(tvb, offset), "<decompression support is not available>");
488 return tvb_reported_length(tvb);
489 #endif /* ! HAVE_ZLIB */
490 }
491
492 // Is this the first frame in a message?
493 if (first_frame_in_msg == true) {
494
495 // ------------------------ BLIP Frame Header: Properties Length VarInt --------------------------------------------------
496
497 // WARNING: this only works because this code assumes that ALL MESSAGES FIT INTO ONE FRAME, which is absolutely not true.
498 // In other words, as soon as there is a message that spans two frames, this code will break.
499
500 uint64_t value_properties_length;
501 unsigned value_properties_length_varint_length = tvb_get_varint(
502 tvb_to_use,
503 offset,
504 FT_VARINT_MAX_LEN,
505 &value_properties_length,
506 ENC_VARINT_PROTOBUF);
507
508 proto_tree_add_item(blip_tree, hf_blip_properties_length, tvb_to_use, offset, value_properties_length_varint_length, ENC_VARINT_PROTOBUF);
509
510 offset += value_properties_length_varint_length;
511
512 // ------------------------ BLIP Frame: Properties --------------------------------------------------
513
514 // WARNING: this only works because this code assumes that ALL MESSAGES FIT INTO ONE FRAME, which is absolutely not true.
515 // In other words, as soon as there is a message that spans two frames, this code will break.
516
517 // At this point, the length of the properties is known and is stored in value_properties_length.
518 // This reads the entire properties out of the tvb and into a buffer (buf).
519 uint8_t* buf = tvb_get_string_enc(pinfo->pool, tvb_to_use, offset, (int) value_properties_length, ENC_UTF_8);
520
521 // "Profile\0subChanges\0continuous\0true\0foo\0bar" -> "Profile:subChanges:continuous:true:foo:bar"
522 // Iterate over buf and change all the \0 null characters to ':', since otherwise trying to set a header
523 // field to this buffer via proto_tree_add_item() will end up only printing it up to the first null character,
524 // for example "Profile", even though there are many more properties that follow.
525 for (int i = 0; i < (int) value_properties_length; i++) {
526 if (i < (int) (value_properties_length - 1)) {
527 if (buf[i] == '\0') { // TODO: I don't even know if this is actually a safe assumption in a UTF-8 encoded string
528 buf[i] = ':';
529 }
530 }
531 }
532
533 if(value_properties_length > 0) {
534 proto_tree_add_string(blip_tree, hf_blip_properties, tvb_to_use, offset, (int)value_properties_length, (const char *)buf);
535 }
536
537 // Bump the offset by the length of the properties
538 offset += (int)value_properties_length;
539 }
540
541 // ------------------------ BLIP Frame: Message Body --------------------------------------------------
542
543 // WS_DLL_PUBLIC int tvb_reported_length_remaining(const tvbuff_t *tvb, const int offset);
544 int reported_length_remaining = tvb_reported_length_remaining(tvb_to_use, offset);
545
546 // Don't read in the trailing checksum at the end
547 if (!compressed && reported_length_remaining >= BLIP_BODY_CHECKSUM_SIZE) {
548 reported_length_remaining -= BLIP_BODY_CHECKSUM_SIZE;
549 }
550
551 if(reported_length_remaining > 0) {
552 proto_tree_add_item(blip_tree, hf_blip_message_body, tvb_to_use, offset, reported_length_remaining, ENC_UTF_8);
553 }
554
555 proto_tree_add_item(blip_tree, hf_blip_checksum, tvb, tvb_reported_length(tvb) - BLIP_BODY_CHECKSUM_SIZE, BLIP_BODY_CHECKSUM_SIZE, ENC_BIG_ENDIAN);
556
557 // -------------------------------------------- Etc ----------------------------------------------------------------
558
559 return tvb_captured_length(tvb);
560 }
561
562 void
563 proto_register_blip(void)
564 {
565 static hf_register_info hf[] = {
566 { &hf_blip_message_number,
567 { "Message Number", "blip.messagenum", FT_UINT64, BASE_DEC,
568 NULL, 0x0, NULL, HFILL }
569 },
570 { &hf_blip_frame_flags,
571 { "Frame Flags", "blip.frameflags", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
572 &flag_combos_ext, 0x0, NULL, HFILL }
573 },
574 { &hf_blip_properties_length,
575 { "Properties Length", "blip.propslength", FT_UINT64, BASE_DEC,
576 NULL, 0x0, NULL, HFILL }
577 },
578 { &hf_blip_properties,
579 { "Properties", "blip.props", FT_STRING, BASE_NONE,
580 NULL, 0x0, NULL, HFILL }
581 },
582 { &hf_blip_message_body,
583 { "Message Body", "blip.messagebody", FT_STRING, BASE_NONE,
584 NULL, 0x0, NULL, HFILL }
585 },
586 { &hf_blip_ack_size,
587 { "ACK num bytes", "blip.numackbytes", FT_UINT64, BASE_DEC,
588 NULL, 0x0, NULL, HFILL }
589 },
590 { &hf_blip_checksum,
591 { "Checksum", "blip.checksum", FT_UINT32, BASE_DEC,
592 NULL, 0x0, NULL, HFILL }
593 }
594 };
595
596 /* Setup protocol subtree array */
597 static int *ett[] = {
598 &ett_blip
599 };
600
601 /* Expert Infos */
602 static ei_register_info ei[] = {
603 { &ei_blip_decompress_buffer_error, { "blip.decompress_buffer_error", PI_UNDECODED, PI_WARN, "Decompression error", EXPFILL }}
604 };
605
606 proto_blip = proto_register_protocol("BLIP Couchbase Mobile", "BLIP", "blip");
607 expert_module_t* expert_blip = expert_register_protocol(proto_blip);
608
609 proto_register_field_array(proto_blip, hf, array_length(hf));
610 proto_register_subtree_array(ett, array_length(ett));
611 expert_register_field_array(expert_blip, ei, array_length(ei));
612
613 blip_handle = register_dissector("blip", dissect_blip, proto_blip);
614
615 #ifdef HAVE_ZLIB
616 module_t *blip_module = prefs_register_protocol(proto_blip, NULL);
617 prefs_register_uint_preference(blip_module, "max_uncompressed_size",
618 "Maximum uncompressed message size (Kb)",
619 "The maximum size of the buffer for uncompressed messages. "
620 "If a message is larger than this, then the packet containing "
621 "the message, as well as subsequent packets, will fail to "
622 "decompress", 10, &max_uncompressed_size);
623 #endif
624 }
625
626 void
627 proto_reg_handoff_blip(void)
628 {
629
630 // Register the blip dissector as a subprotocol dissector of "ws.protocol",
631 // matching any packets with a Web-Sec-Protocol header of "BLIP_3+CBMobile_2"
632 // "BLIP_3+CBMobile_3", or "BLIP_3+CBMobile_4"
633 //
634 // See https://github.com/couchbase/sync_gateway/issues/3356#issuecomment-370958321 for
635 // more notes on how the websocket dissector routes packets down to subprotocol handlers.
636
637 dissector_add_string("ws.protocol", "BLIP_3+CBMobile_4", blip_handle);
638 dissector_add_string("ws.protocol", "BLIP_3+CBMobile_3", blip_handle);
639 dissector_add_string("ws.protocol", "BLIP_3+CBMobile_2", blip_handle);
640 }
641
642 /*
643 * Editor modelines - https://www.wireshark.org/tools/modelines.html
644 *
645 * Local Variables:
646 * c-basic-offset: 8
647 * tab-width: 8
648 * indent-tabs-mode: t
649 * End:
650 *
651 * ex: set shiftwidth=8 tabstop=8 noexpandtab:
652 * :indentSize=8:tabSize=8:noTabs=false:
653 */
Metzes wireshark repo