search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-finger.c
blob5c8a98ae76825dd872dd8771f996303e46bc2919
1 /* packet-finger.c
2 * Routines for basic finger dissection (see https://tools.ietf.org/html/rfc742)
3 * Copyright 2013, Christopher Maynard <Christopher.Maynard@gtech.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13 #include <epan/packet.h>
14 #include <epan/conversation.h>
15 #include <epan/expert.h>
16
17 #include "packet-tcp.h"
18
19 void proto_register_finger(void);
20 void proto_reg_handoff_finger(void);
21
22 static dissector_handle_t finger_handle;
23
24 #define FINGER_PORT 79 /* This is the registered IANA port */
25
26 static int proto_finger;
27 static int hf_finger_query;
28 static int hf_finger_response;
29 static int hf_finger_response_in;
30 static int hf_finger_response_to;
31 static int hf_finger_response_time;
32
33 static expert_field ei_finger_nocrlf;
34
35 static int ett_finger;
36
37 typedef struct _finger_transaction_t {
38 uint32_t req_frame;
39 uint32_t rep_frame;
40 nstime_t req_time;
41 } finger_transaction_t;
42
43 static int
44 dissect_finger(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
45 void *data)
46 {
47 proto_item *ti, *expert_ti;
48 proto_tree *finger_tree;
49 conversation_t *conversation;
50 finger_transaction_t *finger_trans;
51 bool is_query;
52 unsigned len;
53 struct tcpinfo *tcpinfo = (struct tcpinfo*)data;
54
55 col_set_str(pinfo->cinfo, COL_PROTOCOL, "FINGER");
56
57 if (pinfo->destport == FINGER_PORT) {
58 is_query = true;
59 col_set_str(pinfo->cinfo, COL_INFO, "Query");
60 } else {
61 is_query = false;
62 col_set_str(pinfo->cinfo, COL_INFO, "Response");
63 }
64
65 conversation = find_or_create_conversation(pinfo);
66 finger_trans = (finger_transaction_t *)conversation_get_proto_data(conversation, proto_finger);
67 if (finger_trans == NULL) {
68 finger_trans = wmem_new0(wmem_file_scope(), finger_transaction_t);
69 conversation_add_proto_data(conversation, proto_finger, finger_trans);
70 }
71
72 len = tvb_reported_length(tvb);
73 if (!PINFO_FD_VISITED(pinfo)) {
74 if (pinfo->can_desegment) {
75 if (is_query) {
76 if ((len < 2) || (tvb_memeql(tvb, len - 2, (const uint8_t*)"\r\n", 2))) {
77 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
78 pinfo->desegment_offset = 0;
79 return -1;
80 } else {
81 finger_trans->req_frame = pinfo->num;
82 finger_trans->req_time = pinfo->abs_ts;
83 }
84 } else if (!(tcpinfo && (IS_TH_FIN(tcpinfo->flags) || tcpinfo->is_reassembled))) {
85 /* If this is the FIN (or already desegmented, as with an out
86 * of order segment received after FIN) go ahead and dissect
87 * on the first pass.
88 */
89 pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
90 pinfo->desegment_offset = 0;
91 return -1;
92 }
93 }
94 } else if (is_query && (finger_trans->req_frame == 0)) {
95 finger_trans->req_frame = pinfo->num;
96 finger_trans->req_time = pinfo->abs_ts;
97 }
98
99 if (!is_query && (finger_trans->rep_frame == 0)) {
100 /* By comparing finger_trans->rep_frame to 0, if reassembly is turned
101 * on, finger_trans->rep_frame will be assigned to the reassembled frame
102 * number, and if reassembly is turned off, finger_trans->rep_frame will
103 * be assigned to the first frame number of the response. This seems
104 * to match other protocols' behavior. The alternative is:
105 * if (pinfo->num > finger_trans->rep_frame)
106 * which will give us the same frame number either way.
107 */
108 finger_trans->rep_frame = pinfo->num;
109 }
110
111 ti = proto_tree_add_protocol_format(tree, proto_finger, tvb, 0, -1,
112 "FINGER: %s", is_query ? "Query" : "Response");
113 finger_tree = proto_item_add_subtree(ti, ett_finger);
114
115 if (is_query) {
116 expert_ti = proto_tree_add_item(finger_tree, hf_finger_query, tvb, 0, -1, ENC_ASCII);
117 if ((len < 2) || (tvb_memeql(tvb, len - 2, (const uint8_t*)"\r\n", 2))) {
118 /*
119 * From RFC742, Send a single "command line", ending with <CRLF>.
120 */
121 expert_add_info(pinfo, expert_ti, &ei_finger_nocrlf);
122 }
123 if (tree && finger_trans->rep_frame) {
124 ti = proto_tree_add_uint(finger_tree, hf_finger_response_in,
125 tvb, 0, 0, finger_trans->rep_frame);
126 proto_item_set_generated(ti);
127 }
128 } else if (tree && finger_trans->rep_frame) {
129 proto_tree_add_item(finger_tree, hf_finger_response, tvb, 0, -1, ENC_ASCII);
130 if (finger_trans->req_frame) {
131 nstime_t ns;
132
133 ti = proto_tree_add_uint(finger_tree, hf_finger_response_to,
134 tvb, 0, 0, finger_trans->req_frame);
135 proto_item_set_generated(ti);
136
137 if (pinfo->num == finger_trans->rep_frame) {
138 nstime_delta(&ns, &pinfo->abs_ts, &finger_trans->req_time);
139 ti = proto_tree_add_time(finger_tree, hf_finger_response_time, tvb, 0, 0, &ns);
140 proto_item_set_generated(ti);
141 }
142 }
143 }
144
145 return tvb_captured_length(tvb);
146 }
147
148 void
149 proto_register_finger(void)
150 {
151 expert_module_t *expert_finger;
152
153 static hf_register_info hf[] = {
154 { &hf_finger_query,
155 { "Query", "finger.query", FT_STRING, BASE_NONE, NULL, 0x0,
156 NULL, HFILL }
157 },
158 { &hf_finger_response,
159 { "Response", "finger.response", FT_STRING, BASE_NONE, NULL, 0x0,
160 NULL, HFILL }
161 },
162 { &hf_finger_response_in,
163 { "Response In", "finger.response_in", FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE),
164 0x0, "The response to this FINGER query is in this frame",
165 HFILL }
166 },
167 { &hf_finger_response_to,
168 { "Request In", "finger.response_to", FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST),
169 0x0, "This is a response to the FINGER query in this frame",
170 HFILL }
171 },
172 { &hf_finger_response_time,
173 { "Response Time", "finger.response_time", FT_RELATIVE_TIME,
174 BASE_NONE, NULL, 0x0,
175 "The time between the Query and the Response", HFILL }
176 }
177 };
178
179 static int *ett[] = {
180 &ett_finger
181 };
182
183 static ei_register_info ei[] = {
184 { &ei_finger_nocrlf,
185 { "finger.nocrlf", PI_MALFORMED, PI_WARN, "Missing <CR><LF>", EXPFILL}
186 }
187 };
188
189 proto_finger = proto_register_protocol("finger", "FINGER", "finger");
190 finger_handle = register_dissector("finger", dissect_finger, proto_finger);
191 proto_register_field_array(proto_finger, hf, array_length(hf));
192 proto_register_subtree_array(ett, array_length(ett));
193 expert_finger = expert_register_protocol(proto_finger);
194 expert_register_field_array(expert_finger, ei, array_length(ei));
195 }
196
197 void
198 proto_reg_handoff_finger(void)
199 {
200 dissector_add_uint_with_preference("tcp.port", FINGER_PORT, finger_handle);
201 }
202
203 /*
204 * Editor modelines - https://www.wireshark.org/tools/modelines.html
205 *
206 * Local variables:
207 * c-basic-offset: 4
208 * tab-width: 8
209 * indent-tabs-mode: nil
210 * End:
211 *
212 * vi: set shiftwidth=4 tabstop=8 expandtab:
213 * :indentSize=4:tabSize=8:noTabs=true:
214 */
215
Metzes wireshark repo