epan/dissectors/packet-enc.c

   1 /* packet-enc.c
   2  *
   3  * Copyright (c) 2003 Markus Friedl.  All rights reserved.
   4  *
   5  * SPDX-License-Identifier: BSD-2-Clause
   6  */
   7
   8 #include "config.h"
   9
  10 #include <epan/packet.h>
  11 #include <epan/capture_dissectors.h>
  12 #include <epan/aftypes.h>
  13 #include <wsutil/pint.h>
  14
  15 void proto_register_enc(void);
  16 void proto_reg_handoff_enc(void);
  17
  18 static dissector_handle_t enc_handle;
  19 static capture_dissector_handle_t enc_cap_handle;
  20
  21
  22 /* The header in OpenBSD Encapsulating Interface files. */
  23
  24 struct enchdr {
  25   uint32_t af;
  26   uint32_t spi;
  27   uint32_t flags;
  28 };
  29 #define BSD_ENC_HDRLEN    12
  30
  31 #define BSD_ENC_M_CONF          0x00000400  /* payload encrypted */
  32 #define BSD_ENC_M_AUTH          0x00000800  /* payload authenticated */
  33 #define BSD_ENC_M_COMP          0x00001000  /* payload compressed */
  34 #define BSD_ENC_M_AUTH_AH       0x00002000  /* header authenticated */
  35
  36 #define BSD_ENC_M_RESERVED      0xFFFFC3FF  /* Reserved/unused flags */
  37
  38 static dissector_table_t enc_dissector_table;
  39
  40 /* header fields */
  41 static int proto_enc;
  42 static int hf_enc_af;
  43 static int hf_enc_spi;
  44 static int hf_enc_flags;
  45 static int hf_enc_flags_payload_enc;
  46 static int hf_enc_flags_payload_auth;
  47 static int hf_enc_flags_payload_compress;
  48 static int hf_enc_flags_header_auth;
  49 static int hf_enc_flags_reserved;
  50
  51 static int ett_enc;
  52 static int ett_enc_flag;
  53
  54 static bool
  55 capture_enc(const unsigned char *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
  56 {
  57   uint32_t af;
  58
  59   if (!BYTES_ARE_IN_FRAME(0, len, BSD_ENC_HDRLEN))
  60     return false;
  61
  62   memcpy((char *)&af, (const char *)&pd[0], sizeof(af));
  63   if ((af & 0xFFFF0000) != 0) {
  64     /*
  65      * BSD AF_ types will always have the upper 16 bits as 0, so if any
  66      * of them are non-zero, the af field must be byte-swapped, and
  67      * will, at least in DLT_ENC headers, always have at least one of
  68      * the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
  69      * 0), so if the af field is byte-swapped, at least one of the
  70      * upper 16 bits will be 0.
  71      */
  72     af = GUINT32_SWAP_LE_BE(af);
  73   }
  74   return try_capture_dissector("enc", af, pd, BSD_ENC_HDRLEN, len, cpinfo, pseudo_header);
  75 }
  76
  77 static const value_string af_vals[] = {
  78   { BSD_AF_INET,  "IPv4" },
  79   { BSD_AF_INET6_BSD, "IPv6" },
  80   { 0, NULL }
  81 };
  82
  83 static int
  84 dissect_enc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  85 {
  86   struct enchdr  ench;
  87   unsigned       writer_encoding;
  88   tvbuff_t      *next_tvb;
  89   proto_tree    *enc_tree;
  90   proto_item    *ti;
  91
  92   static int * const flags[] = {
  93     &hf_enc_flags_payload_enc,
  94     &hf_enc_flags_payload_auth,
  95     &hf_enc_flags_payload_compress,
  96     &hf_enc_flags_header_auth,
  97     &hf_enc_flags_reserved,
  98     NULL
  99   };
 100
 101   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENC");
 102
 103   /*
 104    * Initially assume the file was written by a host with our byte order.
 105    */
 106   writer_encoding = ENC_HOST_ENDIAN;
 107   ench.af = tvb_get_h_uint32(tvb, 0);
 108   if ((ench.af & 0xFFFF0000) != 0) {
 109     /*
 110      * BSD AF_ types will always have the upper 16 bits as 0, so if any
 111      * of them are non-zero, the af field must be byte-swapped, and
 112      * will, at least in DLT_ENC headers, always have at least one of
 113      * the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
 114      * 0), so if the af field is byte-swapped, at least one of the
 115      * upper 16 bits will be 0.
 116      */
 117     ench.af = GUINT32_SWAP_LE_BE(ench.af);
 118
 119     /*
 120      * It was written by a host with the *opposite* byte order.
 121      */
 122     writer_encoding = ENC_ANTI_HOST_ENDIAN;
 123   }
 124   ench.spi = tvb_get_ntohl(tvb, 4);
 125
 126   if (tree) {
 127     ti = proto_tree_add_protocol_format(tree, proto_enc, tvb, 0,
 128                                         BSD_ENC_HDRLEN,
 129                                         "Enc %s, SPI 0x%8.8x",
 130                                         val_to_str(ench.af, af_vals, "unknown (%u)"),
 131                                         ench.spi);
 132     enc_tree = proto_item_add_subtree(ti, ett_enc);
 133
 134     proto_tree_add_item(enc_tree, hf_enc_af, tvb, 0, 4, writer_encoding);
 135     proto_tree_add_item(enc_tree, hf_enc_spi, tvb, 4, 4, ENC_BIG_ENDIAN);
 136     proto_tree_add_bitmask(enc_tree, tvb, 8, hf_enc_flags, ett_enc_flag, flags, writer_encoding);
 137   }
 138
 139   /* Set the tvbuff for the payload after the header */
 140   next_tvb = tvb_new_subset_remaining(tvb, BSD_ENC_HDRLEN);
 141   if (!dissector_try_uint(enc_dissector_table, ench.af, next_tvb, pinfo, tree))
 142     call_data_dissector(next_tvb, pinfo, tree);
 143
 144   return tvb_captured_length(tvb);
 145 }
 146
 147 void
 148 proto_register_enc(void)
 149 {
 150   static hf_register_info hf[] = {
 151     { &hf_enc_af,
 152       { "Address Family", "enc.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
 153         "Protocol (IPv4 vs IPv6)", HFILL }},
 154     { &hf_enc_spi,
 155       { "SPI", "enc.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
 156         "Security Parameter Index", HFILL }},
 157     { &hf_enc_flags,
 158       { "Flags", "enc.flags", FT_UINT32, BASE_HEX, NULL, 0x0,
 159         "ENC flags", HFILL }},
 160     { &hf_enc_flags_payload_enc,
 161       { "Payload encrypted", "enc.flags.payload_enc", FT_BOOLEAN, 32, NULL, BSD_ENC_M_CONF,
 162         NULL, HFILL }},
 163     { &hf_enc_flags_payload_auth,
 164       { "Payload authenticated", "enc.flags.payload_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH,
 165         NULL, HFILL }},
 166     { &hf_enc_flags_payload_compress,
 167       { "Payload compressed", "enc.flags.payload_compress", FT_BOOLEAN, 32, NULL, BSD_ENC_M_COMP,
 168         NULL, HFILL }},
 169     { &hf_enc_flags_header_auth,
 170       { "Header authenticated", "enc.flags.header_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH_AH,
 171         NULL, HFILL }},
 172     { &hf_enc_flags_reserved,
 173       { "Reserved", "enc.flags.reserved", FT_UINT32, BASE_HEX, NULL, BSD_ENC_M_RESERVED,
 174         NULL, HFILL }},
 175   };
 176   static int *ett[] =
 177   {
 178       &ett_enc,
 179       &ett_enc_flag
 180   };
 181
 182   proto_enc = proto_register_protocol("OpenBSD Encapsulating device",
 183                                       "ENC", "enc");
 184   proto_register_field_array(proto_enc, hf, array_length(hf));
 185   proto_register_subtree_array(ett, array_length(ett));
 186
 187   enc_dissector_table = register_dissector_table("enc", "OpenBSD Encapsulating device", proto_enc, FT_UINT32, BASE_DEC);
 188   register_capture_dissector_table("enc", "ENC");
 189
 190   enc_handle  = register_dissector("enc", dissect_enc, proto_enc);
 191   enc_cap_handle = register_capture_dissector("enc", capture_enc, proto_enc);
 192 }
 193
 194 void
 195 proto_reg_handoff_enc(void)
 196 {
 197   dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_handle);
 198   capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_cap_handle);
 199 }
 200
 201 /*
 202  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 203  *
 204  * Local Variables:
 205  * c-basic-offset: 2
 206  * tab-width: 8
 207  * indent-tabs-mode: nil
 208  * End:
 209  *
 210  * ex: set shiftwidth=2 tabstop=8 expandtab:
 211  * :indentSize=2:tabSize=8:noTabs=true:
 212  */