search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-gnutella.c
blobb70b15ed6a19b081209066ea1afbb2ccbf161742
1 /* packet-gnutella.c
2 * Routines for gnutella dissection
3 * Copyright 2001, B. Johannessen <bob@havoq.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #include <epan/packet.h>
15 #include "packet-tcp.h"
16
17 void proto_register_gnutella(void);
18 void proto_reg_handoff_gnutella(void);
19
20 static dissector_handle_t gnutella_handle;
21
22 /*
23 * See
24 *
25 * http://rfc-gnutella.sourceforge.net/developer/index.html
26 */
27
28 static int proto_gnutella;
29
30 static int hf_gnutella_stream;
31
32 static int hf_gnutella_header;
33 static int hf_gnutella_header_id;
34 static int hf_gnutella_header_payload;
35 static int hf_gnutella_header_ttl;
36 static int hf_gnutella_header_hops;
37 static int hf_gnutella_header_size;
38
39 static int hf_gnutella_pong_payload;
40 static int hf_gnutella_pong_port;
41 static int hf_gnutella_pong_ip;
42 static int hf_gnutella_pong_files;
43 static int hf_gnutella_pong_kbytes;
44
45 static int hf_gnutella_query_payload;
46 static int hf_gnutella_query_min_speed;
47 static int hf_gnutella_query_search;
48
49 static int hf_gnutella_queryhit_payload;
50 static int hf_gnutella_queryhit_count;
51 static int hf_gnutella_queryhit_port;
52 static int hf_gnutella_queryhit_ip;
53 static int hf_gnutella_queryhit_speed;
54 static int hf_gnutella_queryhit_extra;
55 static int hf_gnutella_queryhit_servent_id;
56
57 static int hf_gnutella_queryhit_hit;
58 static int hf_gnutella_queryhit_hit_index;
59 static int hf_gnutella_queryhit_hit_size;
60 static int hf_gnutella_queryhit_hit_name;
61 static int hf_gnutella_queryhit_hit_extra;
62
63 static int hf_gnutella_push_payload;
64 static int hf_gnutella_push_servent_id;
65 static int hf_gnutella_push_index;
66 static int hf_gnutella_push_ip;
67 static int hf_gnutella_push_port;
68
69 static int ett_gnutella;
70
71 #define GNUTELLA_TCP_PORT 6346
72
73 /*
74 * Used to determine whether a chunk of data looks like a Gnutella packet
75 * or not - it might be a transfer stream, or it might be part of a
76 * Gnutella packet that starts in an earlier missing TCP segment.
77 *
78 * One Gnutella spec says packets SHOULD be no bigger than 4K, although
79 * that's SHOULD, not MUST.
80 */
81 #define GNUTELLA_MAX_SNAP_SIZE 4096
82
83 #define GNUTELLA_UNKNOWN_NAME "Unknown"
84 #define GNUTELLA_PING 0x00
85 #define GNUTELLA_PING_NAME "Ping"
86 #define GNUTELLA_PONG 0x01
87 #define GNUTELLA_PONG_NAME "Pong"
88 #define GNUTELLA_PUSH 0x40
89 #define GNUTELLA_PUSH_NAME "Push"
90 #define GNUTELLA_QUERY 0x80
91 #define GNUTELLA_QUERY_NAME "Query"
92 #define GNUTELLA_QUERYHIT 0x81
93 #define GNUTELLA_QUERYHIT_NAME "QueryHit"
94
95 #define GNUTELLA_HEADER_LENGTH 23
96 #define GNUTELLA_SERVENT_ID_LENGTH 16
97 #define GNUTELLA_PORT_LENGTH 2
98 #define GNUTELLA_IP_LENGTH 4
99 #define GNUTELLA_LONG_LENGTH 4
100 #define GNUTELLA_SHORT_LENGTH 2
101 #define GNUTELLA_BYTE_LENGTH 1
102
103 #define GNUTELLA_PONG_LENGTH 14
104 #define GNUTELLA_PONG_PORT_OFFSET 0
105 #define GNUTELLA_PONG_IP_OFFSET 2
106 #define GNUTELLA_PONG_FILES_OFFSET 6
107 #define GNUTELLA_PONG_KBYTES_OFFSET 10
108
109 #define GNUTELLA_QUERY_SPEED_OFFSET 0
110 #define GNUTELLA_QUERY_SEARCH_OFFSET 2
111
112 #define GNUTELLA_QUERYHIT_HEADER_LENGTH 11
113 #define GNUTELLA_QUERYHIT_COUNT_OFFSET 0
114 #define GNUTELLA_QUERYHIT_PORT_OFFSET 1
115 #define GNUTELLA_QUERYHIT_IP_OFFSET 3
116 #define GNUTELLA_QUERYHIT_SPEED_OFFSET 7
117 #define GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET 11
118 #define GNUTELLA_QUERYHIT_HIT_INDEX_OFFSET 0
119 #define GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET 4
120 #define GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH 2
121
122 #define GNUTELLA_PUSH_SERVENT_ID_OFFSET 0
123 #define GNUTELLA_PUSH_INDEX_OFFSET 16
124 #define GNUTELLA_PUSH_IP_OFFSET 20
125 #define GNUTELLA_PUSH_PORT_OFFSET 24
126
127 #define GNUTELLA_HEADER_ID_OFFSET 0
128 #define GNUTELLA_HEADER_PAYLOAD_OFFSET 16
129 #define GNUTELLA_HEADER_TTL_OFFSET 17
130 #define GNUTELLA_HEADER_HOPS_OFFSET 18
131 #define GNUTELLA_HEADER_SIZE_OFFSET 19
132
133 static void dissect_gnutella_pong(tvbuff_t *tvb, unsigned offset, proto_tree *tree) {
134
135 proto_tree_add_item(tree,
136 hf_gnutella_pong_port,
137 tvb,
138 offset + GNUTELLA_PONG_PORT_OFFSET,
139 GNUTELLA_PORT_LENGTH,
140 ENC_LITTLE_ENDIAN);
141
142 proto_tree_add_item(tree,
143 hf_gnutella_pong_ip,
144 tvb,
145 offset + GNUTELLA_PONG_IP_OFFSET,
146 GNUTELLA_IP_LENGTH,
147 ENC_BIG_ENDIAN);
148
149 proto_tree_add_item(tree,
150 hf_gnutella_pong_files,
151 tvb,
152 offset + GNUTELLA_PONG_FILES_OFFSET,
153 GNUTELLA_LONG_LENGTH,
154 ENC_LITTLE_ENDIAN);
155
156 proto_tree_add_item(tree,
157 hf_gnutella_pong_kbytes,
158 tvb,
159 offset + GNUTELLA_PONG_KBYTES_OFFSET,
160 GNUTELLA_LONG_LENGTH,
161 ENC_LITTLE_ENDIAN);
162
163 }
164
165 static void dissect_gnutella_query(tvbuff_t *tvb, unsigned offset, proto_tree *tree, unsigned size) {
166
167 proto_tree_add_item(tree,
168 hf_gnutella_query_min_speed,
169 tvb,
170 offset + GNUTELLA_QUERY_SPEED_OFFSET,
171 GNUTELLA_SHORT_LENGTH,
172 ENC_LITTLE_ENDIAN);
173
174 if (size > GNUTELLA_SHORT_LENGTH) {
175 /*
176 * XXX - the 0.4 spec says, of this field:
177 *
178 * It SHOULD use an ASCII-compatible encoding and
179 * charset. In this version of the protocol, no
180 * encoding was specified, but most servents use
181 * the ISO-8859-1 character set, but other encodings
182 * such as UTF-8 MAY also be used (possibly in
183 * conjonction with Query Data), as well as other
184 * international character sets (ISO-8859-*, KOI-8,
185 * S-JIS, Big5, ...).
186 *
187 * No obvious mechanism is provided to indicate what
188 * encoding is being used; perhaps this should be
189 * made a preference, defaulting to ISO 8859-1.
190 */
191 proto_tree_add_item(tree,
192 hf_gnutella_query_search,
193 tvb,
194 offset + GNUTELLA_QUERY_SEARCH_OFFSET,
195 size - GNUTELLA_SHORT_LENGTH,
196 ENC_ASCII);
197 }
198 else {
199 proto_tree_add_string_format(tree,
200 hf_gnutella_query_search, tvb,
201 offset + GNUTELLA_QUERY_SEARCH_OFFSET,
202 0, "", "Missing data for Query Search.");
203 }
204 }
205
206 static void dissect_gnutella_queryhit(tvbuff_t *tvb, unsigned offset, proto_tree *tree, unsigned size) {
207
208 proto_tree *qhi, *hit_tree;
209 int hit_count, i;
210 int hit_offset;
211 int name_length, extra_length;
212 int idx_at_offset, size_at_offset;
213 int servent_id_at_offset;
214 int name_at_offset, extra_at_offset;
215 int cur_char, remaining, used;
216
217 hit_count = tvb_get_uint8(tvb, offset + GNUTELLA_QUERYHIT_COUNT_OFFSET);
218
219 proto_tree_add_uint(tree,
220 hf_gnutella_queryhit_count,
221 tvb,
222 offset + GNUTELLA_QUERYHIT_COUNT_OFFSET,
223 GNUTELLA_BYTE_LENGTH,
224 hit_count);
225
226 proto_tree_add_item(tree,
227 hf_gnutella_queryhit_port,
228 tvb,
229 offset + GNUTELLA_QUERYHIT_PORT_OFFSET,
230 GNUTELLA_PORT_LENGTH,
231 ENC_LITTLE_ENDIAN);
232
233 proto_tree_add_item(tree,
234 hf_gnutella_queryhit_ip,
235 tvb,
236 offset + GNUTELLA_QUERYHIT_IP_OFFSET,
237 GNUTELLA_IP_LENGTH,
238 ENC_BIG_ENDIAN);
239
240 proto_tree_add_item(tree,
241 hf_gnutella_queryhit_speed,
242 tvb,
243 offset + GNUTELLA_QUERYHIT_SPEED_OFFSET,
244 GNUTELLA_LONG_LENGTH,
245 ENC_LITTLE_ENDIAN);
246
247 hit_offset = offset + GNUTELLA_QUERYHIT_FIRST_HIT_OFFSET;
248
249 for(i = 0; i < hit_count; i++) {
250 idx_at_offset = hit_offset;
251 size_at_offset = hit_offset + GNUTELLA_QUERYHIT_HIT_SIZE_OFFSET;
252
253 hit_offset += (GNUTELLA_LONG_LENGTH * 2);
254
255 name_length = 0;
256 extra_length = 0;
257
258 name_at_offset = hit_offset;
259
260 while(hit_offset - offset < size) {
261 cur_char = tvb_get_uint8(tvb, hit_offset);
262 if(cur_char == '\0')
263 break;
264
265 hit_offset++;
266 name_length++;
267 }
268
269 hit_offset++;
270
271 extra_at_offset = hit_offset;
272
273 while(hit_offset - offset < size) {
274 cur_char = tvb_get_uint8(tvb, hit_offset);
275 if(cur_char == '\0')
276 break;
277
278 hit_offset++;
279 extra_length++;
280 }
281
282 hit_offset++;
283
284 qhi = proto_tree_add_item(tree,
285 hf_gnutella_queryhit_hit,
286 tvb,
287 idx_at_offset,
288 (GNUTELLA_LONG_LENGTH * 2) +
289 name_length + extra_length +
290 GNUTELLA_QUERYHIT_END_OF_STRING_LENGTH,
291 ENC_NA);
292
293 hit_tree = proto_item_add_subtree(qhi, ett_gnutella);
294
295 proto_tree_add_item(hit_tree,
296 hf_gnutella_queryhit_hit_index,
297 tvb,
298 idx_at_offset,
299 GNUTELLA_LONG_LENGTH,
300 ENC_LITTLE_ENDIAN);
301
302 proto_tree_add_item(hit_tree,
303 hf_gnutella_queryhit_hit_size,
304 tvb,
305 size_at_offset,
306 GNUTELLA_LONG_LENGTH,
307 ENC_LITTLE_ENDIAN);
308
309 proto_tree_add_item(hit_tree,
310 hf_gnutella_queryhit_hit_name,
311 tvb,
312 name_at_offset,
313 name_length,
314 ENC_ASCII);
315
316 if(extra_length) {
317 proto_tree_add_item(hit_tree,
318 hf_gnutella_queryhit_hit_extra,
319 tvb,
320 extra_at_offset,
321 extra_length,
322 ENC_NA);
323 }
324 }
325
326 used = hit_offset - offset;
327 remaining = size - used;
328
329 if(remaining > GNUTELLA_SERVENT_ID_LENGTH) {
330 servent_id_at_offset = hit_offset + remaining - GNUTELLA_SERVENT_ID_LENGTH;
331
332 proto_tree_add_item(tree,
333 hf_gnutella_queryhit_extra,
334 tvb,
335 hit_offset,
336 servent_id_at_offset - hit_offset,
337 ENC_NA);
338 }
339 else {
340 servent_id_at_offset = hit_offset;
341 }
342
343 proto_tree_add_item(tree,
344 hf_gnutella_queryhit_servent_id,
345 tvb,
346 servent_id_at_offset,
347 GNUTELLA_SERVENT_ID_LENGTH,
348 ENC_NA);
349
350 }
351
352 static void dissect_gnutella_push(tvbuff_t *tvb, unsigned offset, proto_tree *tree) {
353
354 proto_tree_add_item(tree,
355 hf_gnutella_push_servent_id,
356 tvb,
357 offset + GNUTELLA_PUSH_SERVENT_ID_OFFSET,
358 GNUTELLA_SERVENT_ID_LENGTH,
359 ENC_NA);
360
361 proto_tree_add_item(tree,
362 hf_gnutella_push_index,
363 tvb,
364 offset + GNUTELLA_PUSH_INDEX_OFFSET,
365 GNUTELLA_LONG_LENGTH,
366 ENC_LITTLE_ENDIAN);
367
368 proto_tree_add_item(tree,
369 hf_gnutella_push_ip,
370 tvb,
371 offset + GNUTELLA_PUSH_IP_OFFSET,
372 GNUTELLA_IP_LENGTH,
373 ENC_BIG_ENDIAN);
374
375 proto_tree_add_item(tree,
376 hf_gnutella_push_port,
377 tvb,
378 offset + GNUTELLA_PUSH_PORT_OFFSET,
379 GNUTELLA_PORT_LENGTH,
380 ENC_LITTLE_ENDIAN);
381
382 }
383
384 static unsigned
385 get_gnutella_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
386 int offset, void *data _U_)
387 {
388 uint32_t size;
389
390 size = tvb_get_letohl(
391 tvb,
392 offset + GNUTELLA_HEADER_SIZE_OFFSET);
393 if (size > GNUTELLA_MAX_SNAP_SIZE) {
394 /*
395 * XXX - arbitrary limit, preventing overflows and
396 * attempts to reassemble 4GB of data.
397 */
398 size = GNUTELLA_MAX_SNAP_SIZE;
399 }
400
401 /* The size doesn't include the header */
402 return GNUTELLA_HEADER_LENGTH + size;
403 }
404
405 static int dissect_gnutella_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
406
407 proto_item *ti, *hi, *pi;
408 proto_tree *gnutella_tree = NULL;
409 proto_tree *gnutella_header_tree, *gnutella_pong_tree;
410 proto_tree *gnutella_queryhit_tree, *gnutella_push_tree;
411 proto_tree *gnutella_query_tree;
412 uint8_t payload_descriptor;
413 uint32_t size = 0;
414 const char *payload_descriptor_text;
415
416 if (tree) {
417 ti = proto_tree_add_item(tree,
418 proto_gnutella,
419 tvb,
420 0,
421 -1,
422 ENC_NA);
423 gnutella_tree = proto_item_add_subtree(ti, ett_gnutella);
424
425 size = tvb_get_letohl(
426 tvb,
427 GNUTELLA_HEADER_SIZE_OFFSET);
428 }
429
430 payload_descriptor = tvb_get_uint8(
431 tvb,
432 GNUTELLA_HEADER_PAYLOAD_OFFSET);
433
434 switch(payload_descriptor) {
435 case GNUTELLA_PING:
436 payload_descriptor_text = GNUTELLA_PING_NAME;
437 break;
438 case GNUTELLA_PONG:
439 payload_descriptor_text = GNUTELLA_PONG_NAME;
440 break;
441 case GNUTELLA_PUSH:
442 payload_descriptor_text = GNUTELLA_PUSH_NAME;
443 break;
444 case GNUTELLA_QUERY:
445 payload_descriptor_text = GNUTELLA_QUERY_NAME;
446 break;
447 case GNUTELLA_QUERYHIT:
448 payload_descriptor_text = GNUTELLA_QUERYHIT_NAME;
449 break;
450 default:
451 payload_descriptor_text = GNUTELLA_UNKNOWN_NAME;
452 break;
453 }
454
455 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
456 payload_descriptor_text);
457
458 if (tree) {
459 hi = proto_tree_add_item(gnutella_tree,
460 hf_gnutella_header,
461 tvb,
462 0,
463 GNUTELLA_HEADER_LENGTH,
464 ENC_NA);
465 gnutella_header_tree = proto_item_add_subtree(hi, ett_gnutella);
466
467 proto_tree_add_item(gnutella_header_tree,
468 hf_gnutella_header_id,
469 tvb,
470 GNUTELLA_HEADER_ID_OFFSET,
471 GNUTELLA_SERVENT_ID_LENGTH,
472 ENC_NA);
473
474 proto_tree_add_uint_format_value(gnutella_header_tree,
475 hf_gnutella_header_payload,
476 tvb,
477 GNUTELLA_HEADER_PAYLOAD_OFFSET,
478 GNUTELLA_BYTE_LENGTH,
479 payload_descriptor,
480 "%i (%s)",
481 payload_descriptor,
482 payload_descriptor_text);
483
484 proto_tree_add_item(gnutella_header_tree,
485 hf_gnutella_header_ttl,
486 tvb,
487 GNUTELLA_HEADER_TTL_OFFSET,
488 GNUTELLA_BYTE_LENGTH,
489 ENC_BIG_ENDIAN);
490
491 proto_tree_add_item(gnutella_header_tree,
492 hf_gnutella_header_hops,
493 tvb,
494 GNUTELLA_HEADER_HOPS_OFFSET,
495 GNUTELLA_BYTE_LENGTH,
496 ENC_BIG_ENDIAN);
497
498 proto_tree_add_uint(gnutella_header_tree,
499 hf_gnutella_header_size,
500 tvb,
501 GNUTELLA_HEADER_SIZE_OFFSET,
502 GNUTELLA_LONG_LENGTH,
503 size);
504
505 if (size > 0) {
506 switch(payload_descriptor) {
507 case GNUTELLA_PONG:
508 pi = proto_tree_add_item(
509 gnutella_header_tree,
510 hf_gnutella_pong_payload,
511 tvb,
512 GNUTELLA_HEADER_LENGTH,
513 size,
514 ENC_NA);
515 gnutella_pong_tree = proto_item_add_subtree(
516 pi,
517 ett_gnutella);
518 dissect_gnutella_pong(
519 tvb,
520 GNUTELLA_HEADER_LENGTH,
521 gnutella_pong_tree);
522 break;
523 case GNUTELLA_PUSH:
524 pi = proto_tree_add_item(
525 gnutella_header_tree,
526 hf_gnutella_push_payload,
527 tvb,
528 GNUTELLA_HEADER_LENGTH,
529 size,
530 ENC_NA);
531 gnutella_push_tree = proto_item_add_subtree(
532 pi,
533 ett_gnutella);
534 dissect_gnutella_push(
535 tvb,
536 GNUTELLA_HEADER_LENGTH,
537 gnutella_push_tree);
538 break;
539 case GNUTELLA_QUERY:
540 pi = proto_tree_add_item(
541 gnutella_header_tree,
542 hf_gnutella_query_payload,
543 tvb,
544 GNUTELLA_HEADER_LENGTH,
545 size,
546 ENC_NA);
547 gnutella_query_tree = proto_item_add_subtree(
548 pi,
549 ett_gnutella);
550 dissect_gnutella_query(
551 tvb,
552 GNUTELLA_HEADER_LENGTH,
553 gnutella_query_tree,
554 size);
555 break;
556 case GNUTELLA_QUERYHIT:
557 pi = proto_tree_add_item(
558 gnutella_header_tree,
559 hf_gnutella_queryhit_payload,
560 tvb,
561 GNUTELLA_HEADER_LENGTH,
562 size,
563 ENC_NA);
564 gnutella_queryhit_tree = proto_item_add_subtree(
565 pi,
566 ett_gnutella);
567 dissect_gnutella_queryhit(
568 tvb,
569 GNUTELLA_HEADER_LENGTH,
570 gnutella_queryhit_tree,
571 size);
572 break;
573 }
574 }
575 }
576
577 return tvb_captured_length(tvb);
578 }
579
580
581 static int dissect_gnutella(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) {
582
583 proto_item *ti;
584 proto_tree *gnutella_tree = NULL;
585 uint32_t size;
586
587 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Gnutella");
588
589 col_clear(pinfo->cinfo, COL_INFO);
590
591 /*
592 * OK, do we have enough data to determine whether this
593 * is Gnutella messages or just a transfer stream?
594 */
595 if (tvb_bytes_exist(tvb, GNUTELLA_HEADER_SIZE_OFFSET, 4)) {
596 /*
597 * Yes - fetch the length and see if it's bigger
598 * than GNUTELLA_MAX_SNAP_SIZE; if it is, we assume
599 * it's a transfer stream.
600 *
601 * Should we also check the payload descriptor?
602 */
603 size = tvb_get_letohl(
604 tvb,
605 GNUTELLA_HEADER_SIZE_OFFSET);
606 if (size > GNUTELLA_MAX_SNAP_SIZE) {
607 if (tree) {
608 ti = proto_tree_add_item(tree,
609 proto_gnutella,
610 tvb,
611 0,
612 -1,
613 ENC_NA);
614 gnutella_tree = proto_item_add_subtree(ti,
615 ett_gnutella);
616
617 proto_tree_add_item(gnutella_tree,
618 hf_gnutella_stream,
619 tvb,
620 0,
621 -1,
622 ENC_NA);
623 }
624 return tvb_captured_length(tvb);
625 }
626 }
627
628 tcp_dissect_pdus(tvb, pinfo, tree, true, GNUTELLA_HEADER_SIZE_OFFSET+4,
629 get_gnutella_pdu_len, dissect_gnutella_pdu, data);
630 return tvb_captured_length(tvb);
631 }
632
633 void proto_register_gnutella(void) {
634
635 static hf_register_info hf[] = {
636 { &hf_gnutella_header,
637 { "Descriptor Header", "gnutella.header",
638 FT_NONE, BASE_NONE, NULL, 0,
639 "Gnutella Descriptor Header", HFILL }
640 },
641 { &hf_gnutella_pong_payload,
642 { "Pong", "gnutella.pong.payload",
643 FT_NONE, BASE_NONE, NULL, 0,
644 "Gnutella Pong Payload", HFILL }
645 },
646 { &hf_gnutella_push_payload,
647 { "Push", "gnutella.push.payload",
648 FT_NONE, BASE_NONE, NULL, 0,
649 "Gnutella Push Payload", HFILL }
650 },
651 { &hf_gnutella_query_payload,
652 { "Query", "gnutella.query.payload",
653 FT_NONE, BASE_NONE, NULL, 0,
654 "Gnutella Query Payload", HFILL }
655 },
656 { &hf_gnutella_queryhit_payload,
657 { "QueryHit", "gnutella.queryhit.payload",
658 FT_NONE, BASE_NONE, NULL, 0,
659 "Gnutella QueryHit Payload", HFILL }
660 },
661 { &hf_gnutella_stream,
662 { "Gnutella Upload / Download Stream", "gnutella.stream",
663 FT_NONE, BASE_NONE, NULL, 0,
664 NULL, HFILL }
665 },
666 { &hf_gnutella_header_id,
667 { "ID", "gnutella.header.id",
668 FT_BYTES, BASE_NONE, NULL, 0,
669 "Gnutella Descriptor ID", HFILL }
670 },
671 { &hf_gnutella_header_payload,
672 { "Payload", "gnutella.header.payload",
673 FT_UINT8, BASE_DEC, NULL, 0,
674 "Gnutella Descriptor Payload", HFILL }
675 },
676 { &hf_gnutella_header_ttl,
677 { "TTL", "gnutella.header.ttl",
678 FT_UINT8, BASE_DEC, NULL, 0,
679 "Gnutella Descriptor Time To Live", HFILL }
680 },
681 { &hf_gnutella_header_hops,
682 { "Hops", "gnutella.header.hops",
683 FT_UINT8, BASE_DEC, NULL, 0,
684 "Gnutella Descriptor Hop Count", HFILL }
685 },
686 { &hf_gnutella_header_size,
687 { "Length", "gnutella.header.size",
688 FT_UINT8, BASE_DEC, NULL, 0,
689 "Gnutella Descriptor Payload Length", HFILL }
690 },
691 { &hf_gnutella_pong_port,
692 { "Port", "gnutella.pong.port",
693 FT_UINT16, BASE_DEC, NULL, 0,
694 "Gnutella Pong TCP Port", HFILL }
695 },
696 { &hf_gnutella_pong_ip,
697 { "IP", "gnutella.pong.ip",
698 FT_IPv4, BASE_NONE, NULL, 0,
699 "Gnutella Pong IP Address", HFILL }
700 },
701 { &hf_gnutella_pong_files,
702 { "Files Shared", "gnutella.pong.files",
703 FT_UINT32, BASE_DEC, NULL, 0,
704 "Gnutella Pong Files Shared", HFILL }
705 },
706 { &hf_gnutella_pong_kbytes,
707 { "KBytes Shared", "gnutella.pong.kbytes",
708 FT_UINT32, BASE_DEC, NULL, 0,
709 "Gnutella Pong KBytes Shared", HFILL }
710 },
711 { &hf_gnutella_query_min_speed,
712 { "Min Speed", "gnutella.query.min_speed",
713 FT_UINT32, BASE_DEC, NULL, 0,
714 "Gnutella Query Minimum Speed", HFILL }
715 },
716 { &hf_gnutella_query_search,
717 { "Search", "gnutella.query.search",
718 FT_STRINGZ, BASE_NONE, NULL, 0,
719 "Gnutella Query Search", HFILL }
720 },
721 { &hf_gnutella_queryhit_hit,
722 { "Hit", "gnutella.queryhit.hit",
723 FT_NONE, BASE_NONE, NULL, 0,
724 "Gnutella QueryHit", HFILL }
725 },
726 { &hf_gnutella_queryhit_hit_index,
727 { "Index", "gnutella.queryhit.hit.index",
728 FT_UINT32, BASE_DEC, NULL, 0,
729 "Gnutella QueryHit Index", HFILL }
730 },
731 { &hf_gnutella_queryhit_hit_size,
732 { "Size", "gnutella.queryhit.hit.size",
733 FT_UINT32, BASE_DEC, NULL, 0,
734 "Gnutella QueryHit Size", HFILL }
735 },
736 { &hf_gnutella_queryhit_hit_name,
737 { "Name", "gnutella.queryhit.hit.name",
738 FT_STRING, BASE_NONE, NULL, 0,
739 "Gnutella Query Name", HFILL }
740 },
741 { &hf_gnutella_queryhit_hit_extra,
742 { "Extra", "gnutella.queryhit.hit.extra",
743 FT_BYTES, BASE_NONE, NULL, 0,
744 "Gnutella Query Extra", HFILL }
745 },
746 { &hf_gnutella_queryhit_count,
747 { "Count", "gnutella.queryhit.count",
748 FT_UINT8, BASE_DEC, NULL, 0,
749 "Gnutella QueryHit Count", HFILL }
750 },
751 { &hf_gnutella_queryhit_port,
752 { "Port", "gnutella.queryhit.port",
753 FT_UINT16, BASE_DEC, NULL, 0,
754 "Gnutella QueryHit Port", HFILL }
755 },
756 { &hf_gnutella_queryhit_ip,
757 { "IP", "gnutella.queryhit.ip",
758 FT_IPv4, BASE_NONE, NULL, 0,
759 "Gnutella QueryHit IP Address", HFILL }
760 },
761 { &hf_gnutella_queryhit_speed,
762 { "Speed", "gnutella.queryhit.speed",
763 FT_UINT32, BASE_DEC, NULL, 0,
764 "Gnutella QueryHit Speed", HFILL }
765 },
766 { &hf_gnutella_queryhit_extra,
767 { "Extra", "gnutella.queryhit.extra",
768 FT_BYTES, BASE_NONE, NULL, 0,
769 "Gnutella QueryHit Extra", HFILL }
770 },
771 { &hf_gnutella_queryhit_servent_id,
772 { "Servent ID", "gnutella.queryhit.servent_id",
773 FT_BYTES, BASE_NONE, NULL, 0,
774 "Gnutella QueryHit Servent ID", HFILL }
775 },
776 { &hf_gnutella_push_servent_id,
777 { "Servent ID", "gnutella.push.servent_id",
778 FT_BYTES, BASE_NONE, NULL, 0,
779 "Gnutella Push Servent ID", HFILL }
780 },
781 { &hf_gnutella_push_ip,
782 { "IP", "gnutella.push.ip",
783 FT_IPv4, BASE_NONE, NULL, 0,
784 "Gnutella Push IP Address", HFILL }
785 },
786 { &hf_gnutella_push_index,
787 { "Index", "gnutella.push.index",
788 FT_UINT32, BASE_DEC, NULL, 0,
789 "Gnutella Push Index", HFILL }
790 },
791 { &hf_gnutella_push_port,
792 { "Port", "gnutella.push.port",
793 FT_UINT16, BASE_DEC, NULL, 0,
794 "Gnutella Push Port", HFILL }
795 },
796 };
797
798 static int *ett[] = {
799 &ett_gnutella,
800 };
801
802 proto_gnutella = proto_register_protocol("Gnutella Protocol", "GNUTELLA", "gnutella");
803
804 proto_register_field_array(proto_gnutella, hf, array_length(hf));
805
806 proto_register_subtree_array(ett, array_length(ett));
807
808 gnutella_handle = register_dissector("gnutella", dissect_gnutella, proto_gnutella);
809 }
810
811 void proto_reg_handoff_gnutella(void) {
812 dissector_add_uint_with_preference("tcp.port", GNUTELLA_TCP_PORT, gnutella_handle);
813 }
814
815 /*
816 * Editor modelines - https://www.wireshark.org/tools/modelines.html
817 *
818 * Local variables:
819 * c-basic-offset: 8
820 * tab-width: 8
821 * indent-tabs-mode: t
822 * End:
823 *
824 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
825 * :indentSize=8:tabSize=8:noTabs=false:
826 */
Metzes wireshark repo