epan/dissectors/packet-distcc.c

   1 /* packet-distcc.c
   2  * Routines for distcc dissection
   3  * Copyright 2003, Brad Hards <bradh@frogmouth.net>
   4  * Copyright 2003, Ronnie Sahlberg, added TCP desegmentation.
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * SPDX-License-Identifier: GPL-2.0-or-later
  11  */
  12
  13 /*
  14  * This dissector supports version 1 of the DISTCC protocol:
  15  *
  16  *    https://github.com/distcc/distcc/blob/master/doc/protocol-1.txt
  17  */
  18
  19 #include "config.h"
  20
  21 #include <epan/packet.h>
  22 #include <epan/expert.h>
  23 #include <epan/prefs.h>
  24
  25 #include <wsutil/strtoi.h>
  26
  27 static int proto_distcc;
  28 static int hf_distcc_version;
  29 static int hf_distcc_argc;
  30 static int hf_distcc_argv;
  31 static int hf_distcc_doti_source;
  32 static int hf_distcc_stat;
  33 static int hf_distcc_serr;
  34 static int hf_distcc_sout;
  35 static int hf_distcc_doto_object;
  36
  37
  38 static int ett_distcc;
  39
  40 static expert_field ei_distcc_short_pdu;
  41
  42
  43 static bool distcc_desegment = true;
  44
  45
  46 #define TCP_PORT_DISTCC 3632
  47
  48 void proto_register_distcc(void);
  49 extern void proto_reg_handoff_distcc(void);
  50
  51 static dissector_handle_t distcc_handle;
  52
  53 #define CHECK_PDU_LEN(x) \
  54     if(parameter>(unsigned)tvb_captured_length_remaining(tvb, offset) || parameter < 1){\
  55         len=tvb_captured_length_remaining(tvb, offset);\
  56         col_append_str(pinfo->cinfo, COL_INFO, "[Short" x " PDU]");\
  57     } \
  58     tvb_ensure_bytes_exist(tvb, offset, len);
  59
  60
  61 #define DESEGMENT_TCP(x) \
  62     if(distcc_desegment && pinfo->can_desegment){\
  63         /* only attempt reassembly if we have the full segment */\
  64         if(tvb_captured_length_remaining(tvb, offset)==tvb_reported_length_remaining(tvb, offset)){\
  65             if(parameter>(unsigned)tvb_captured_length_remaining(tvb, offset)){\
  66                 proto_tree_add_expert_format(tree, pinfo, &ei_distcc_short_pdu, tvb, offset-12, -1, "[Short " x " PDU]");\
  67                 pinfo->desegment_offset=offset-12;\
  68                 pinfo->desegment_len=parameter-tvb_captured_length_remaining(tvb, offset);\
  69                 return offset+len;\
  70             }\
  71         }\
  72     }
  73
  74 static int
  75 dissect_distcc_dist(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t parameter)
  76 {
  77     proto_tree_add_uint_format(tree, hf_distcc_version, tvb, offset-12, 12, parameter, "DIST: %u", parameter);
  78
  79     col_append_fstr(pinfo->cinfo, COL_INFO, "DIST:%u ", parameter);
  80
  81     return offset;
  82 }
  83
  84 static int
  85 dissect_distcc_done(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t parameter)
  86 {
  87     proto_tree_add_uint_format(tree, hf_distcc_version, tvb, offset-12, 12, parameter, "DONE: %u", parameter);
  88
  89     col_append_fstr(pinfo->cinfo, COL_INFO, "DONE:%u ", parameter);
  90
  91     return offset;
  92 }
  93
  94 static int
  95 dissect_distcc_stat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t parameter)
  96 {
  97     proto_tree_add_uint_format(tree, hf_distcc_stat, tvb, offset-12, 12, parameter, "STAT: %u", parameter);
  98
  99     col_append_fstr(pinfo->cinfo, COL_INFO, "STAT:%u ", parameter);
 100
 101     return offset;
 102 }
 103
 104 static int
 105 dissect_distcc_argc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t parameter)
 106 {
 107     proto_tree_add_uint(tree, hf_distcc_argc, tvb, offset-12, 12, parameter);
 108
 109     col_append_fstr(pinfo->cinfo, COL_INFO, "ARGC:%u ", parameter);
 110
 111     return offset;
 112 }
 113
 114 static int
 115 dissect_distcc_argv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, unsigned parameter)
 116 {
 117     int len=(int)parameter;
 118     char *argv;
 119     proto_item* ti;
 120
 121     CHECK_PDU_LEN("ARGV");
 122
 123     /* see if we need to desegment the PDU */
 124     DESEGMENT_TCP("ARGV");
 125
 126     /*
 127      * XXX - we have no idea what encoding is being used, other than
 128      * it being some flavor of "extended ASCII"; these days, it's
 129      * *probably* UTF-8, but it could conceivably be something else.
 130      */
 131     ti = proto_tree_add_item_ret_display_string(tree, hf_distcc_argv, tvb, offset, len, ENC_ASCII|ENC_NA, pinfo->pool, &argv);
 132
 133     col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", argv);
 134
 135     if(len!=(int)parameter){
 136         expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short ARGV PDU]");
 137     }
 138     return offset+len;
 139 }
 140
 141 static int
 142 dissect_distcc_serr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, unsigned parameter)
 143 {
 144     int len=(int)parameter;
 145     char *serr;
 146     proto_item* ti;
 147
 148     CHECK_PDU_LEN("SERR");
 149
 150     /* see if we need to desegment the PDU */
 151     DESEGMENT_TCP("SERR");
 152
 153     /*
 154      * XXX - we have no idea what encoding is being used, other than
 155      * it being some flavor of "extended ASCII"; these days, it's
 156      * *probably* UTF-8, but it could conceivably be something else.
 157      */
 158     ti = proto_tree_add_item_ret_display_string(tree, hf_distcc_serr, tvb, offset, len, ENC_ASCII|ENC_NA, pinfo->pool, &serr);
 159
 160     col_append_fstr(pinfo->cinfo, COL_INFO, "SERR:%s ", serr);
 161
 162     if(len!=(int)parameter){
 163         expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short SERR PDU]");
 164     }
 165     return offset+len;
 166 }
 167
 168 static int
 169 dissect_distcc_sout(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, unsigned parameter)
 170 {
 171     int len=(int)parameter;
 172     char *sout;
 173     proto_item* ti;
 174
 175     CHECK_PDU_LEN("SOUT");
 176
 177     /* see if we need to desegment the PDU */
 178     DESEGMENT_TCP("SOUT");
 179
 180     /*
 181      * XXX - we have no idea what encoding is being used, other than
 182      * it being some flavor of "extended ASCII"; these days, it's
 183      * *probably* UTF-8, but it could conceivably be something else.
 184      */
 185     ti = proto_tree_add_item_ret_display_string(tree, hf_distcc_sout, tvb, offset, len, ENC_ASCII|ENC_NA, pinfo->pool, &sout);
 186
 187     col_append_fstr(pinfo->cinfo, COL_INFO, "SOUT:%s ", sout);
 188
 189     if(len!=(int)parameter){
 190         expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short SOUT PDU]");
 191     }
 192     return offset+len;
 193 }
 194
 195
 196 static int
 197 dissect_distcc_doti(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, unsigned parameter)
 198 {
 199     int len=(int)parameter;
 200     proto_item* ti;
 201
 202     CHECK_PDU_LEN("DOTI");
 203
 204     /* see if we need to desegment the PDU */
 205     DESEGMENT_TCP("DOTI");
 206
 207     col_append_str(pinfo->cinfo, COL_INFO, "DOTI source ");
 208
 209     ti = proto_tree_add_item(tree, hf_distcc_doti_source, tvb, offset, len, ENC_ASCII);
 210
 211     if(len!=(int)parameter){
 212         expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short DOTI PDU]");
 213     }
 214     return offset+len;
 215 }
 216
 217 static int
 218 dissect_distcc_doto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, unsigned parameter)
 219 {
 220     int len=(int)parameter;
 221     proto_item* ti;
 222
 223     CHECK_PDU_LEN("DOTO");
 224
 225     /* see if we need to desegment the PDU */
 226     DESEGMENT_TCP("DOTO");
 227
 228     col_append_str(pinfo->cinfo, COL_INFO, "DOTO object ");
 229
 230     ti = proto_tree_add_item(tree, hf_distcc_doto_object, tvb, offset, len, ENC_NA);
 231
 232     if(len!=(int)parameter){
 233         expert_add_info_format(pinfo, ti, &ei_distcc_short_pdu, "[Short DOTO PDU]");
 234     }
 235     return offset+len;
 236 }
 237
 238
 239
 240 /* Packet dissection routine called by tcp (& udp) when port 3632 detected */
 241 static int
 242 dissect_distcc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
 243 {
 244     int offset=0;
 245     proto_tree *tree=NULL;
 246     proto_item *item=NULL;
 247     char buf[13];
 248     uint32_t parameter;
 249
 250
 251     col_set_str(pinfo->cinfo, COL_PROTOCOL, "DISTCC ");
 252
 253     col_clear(pinfo->cinfo, COL_INFO);
 254
 255     if (parent_tree) {
 256         item = proto_tree_add_item(parent_tree, proto_distcc, tvb, offset,
 257             -1, ENC_NA);
 258         tree = proto_item_add_subtree(item, ett_distcc);
 259     }
 260
 261     while (true) {
 262         /* read the raw token (4 bytes) and parameter (8 bytes) */
 263         tvb_memcpy(tvb, buf, offset, 12);
 264         buf[12] = '\0';
 265         offset+=12;
 266
 267         /* get the parameter value */
 268         if (!ws_hexstrtou32(buf + 4, NULL, &parameter))
 269             return offset;
 270
 271         if(!strncmp(buf, "DIST", 4)){
 272             offset=dissect_distcc_dist(tvb, pinfo, tree, offset, parameter);
 273         } else if(!strncmp(buf, "ARGC", 4)){
 274             offset=dissect_distcc_argc(tvb, pinfo, tree, offset, parameter);
 275         } else if(!strncmp(buf, "ARGV", 4)){
 276             offset=dissect_distcc_argv(tvb, pinfo, tree, offset, parameter);
 277         } else if(!strncmp(buf, "DOTI", 4)){
 278             offset=dissect_distcc_doti(tvb, pinfo, tree, offset, parameter);
 279         } else if(!strncmp(buf, "DONE", 4)){
 280             offset=dissect_distcc_done(tvb, pinfo, tree, offset, parameter);
 281         } else if(!strncmp(buf, "STAT", 4)){
 282             offset=dissect_distcc_stat(tvb, pinfo, tree, offset, parameter);
 283         } else if(!strncmp(buf, "SERR", 4)){
 284             offset=dissect_distcc_serr(tvb, pinfo, tree, offset, parameter);
 285         } else if(!strncmp(buf, "SOUT", 4)){
 286             offset=dissect_distcc_sout(tvb, pinfo, tree, offset, parameter);
 287         } else if(!strncmp(buf, "DOTO", 4)){
 288             offset=dissect_distcc_doto(tvb, pinfo, tree, offset, parameter);
 289         } else {
 290             call_data_dissector(tvb, pinfo, tree);
 291             break;
 292         }
 293     }
 294
 295     return tvb_captured_length(tvb);
 296 }
 297
 298 /* Register protocol with Wireshark. */
 299 void
 300 proto_register_distcc(void)
 301 {
 302     static hf_register_info hf[] = {
 303     {&hf_distcc_version,
 304      {"DISTCC Version", "distcc.version",
 305       FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
 306     },
 307     {&hf_distcc_argc,
 308      {"ARGC", "distcc.argc",
 309       FT_UINT32, BASE_DEC, NULL, 0x0, "Number of arguments", HFILL }
 310     },
 311     {&hf_distcc_argv,
 312      {"ARGV", "distcc.argv",
 313       FT_STRING, BASE_NONE, NULL, 0x0, "ARGV argument", HFILL }
 314     },
 315     {&hf_distcc_doti_source,
 316      {"Source", "distcc.doti_source",
 317       FT_STRING, BASE_NONE, NULL, 0x0, "DOTI Preprocessed Source File (.i)", HFILL }
 318     },
 319     {&hf_distcc_stat,
 320      {"Status", "distcc.status",
 321       FT_UINT32, BASE_DEC, NULL, 0x0, "Unix wait status for command completion", HFILL }
 322     },
 323     {&hf_distcc_serr,
 324      {"SERR", "distcc.serr",
 325       FT_STRING, BASE_NONE, NULL, 0x0, "STDERR output", HFILL }
 326     },
 327     {&hf_distcc_sout,
 328      {"SOUT", "distcc.sout",
 329       FT_STRING, BASE_NONE, NULL, 0x0, "STDOUT output", HFILL }
 330     },
 331     {&hf_distcc_doto_object,
 332      {"Object", "distcc.doto_object",
 333       FT_BYTES, BASE_NONE, NULL, 0x0, "DOTO Compiled object file (.o)", HFILL }
 334     }
 335
 336     };
 337
 338     static int *ett[] = {
 339         &ett_distcc,
 340     };
 341
 342     static ei_register_info ei[] = {
 343         { &ei_distcc_short_pdu, { "distcc.short_pdu", PI_MALFORMED, PI_ERROR, "Short PDU", EXPFILL }},
 344     };
 345
 346     module_t *distcc_module;
 347     expert_module_t* expert_distcc;
 348
 349     proto_distcc = proto_register_protocol("Distcc Distributed Compiler", "DISTCC", "distcc");
 350
 351     proto_register_field_array(proto_distcc, hf, array_length(hf));
 352     proto_register_subtree_array(ett, array_length(ett));
 353     expert_distcc = expert_register_protocol(proto_distcc);
 354     expert_register_field_array(expert_distcc, ei, array_length(ei));
 355
 356     distcc_module = prefs_register_protocol(proto_distcc, NULL);
 357
 358     prefs_register_bool_preference(distcc_module, "desegment_distcc_over_tcp",
 359         "Reassemble DISTCC-over-TCP messages spanning multiple TCP segments",
 360         "Whether the DISTCC dissector should reassemble messages spanning multiple TCP segments."
 361         " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
 362         &distcc_desegment);
 363
 364     distcc_handle = register_dissector("distcc", dissect_distcc, proto_distcc);
 365 }
 366
 367 void
 368 proto_reg_handoff_distcc(void)
 369 {
 370     dissector_add_uint_with_preference("tcp.port", TCP_PORT_DISTCC, distcc_handle);
 371 }
 372
 373 /*
 374  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 375  *
 376  * Local variables:
 377  * c-basic-offset: 4
 378  * tab-width: 8
 379  * indent-tabs-mode: nil
 380  * End:
 381  *
 382  * vi: set shiftwidth=4 tabstop=8 expandtab:
 383  * :indentSize=4:tabSize=8:noTabs=true:
 384  */