search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-icep.c
blob2fb163f937c03841a3cfcc63c7d292c1df682a7e
1 /* packet-icep.c
2 * Routines for "The ICE Protocol" dissection
3 * Copyright 2004 _FF_
4 * Francesco Fondelli <fondelli dot francesco, tiscali dot it>
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 /*
14 TODO:
15 1) Dissect encoded data (do sth like idl2wrs for CORBA).
16 2) Add conversations.
17
18 */
19
20 /*
21 NOTES:
22 1) p. 586 Chapter 23.2 of "The ICE Protocol"
23 "Data is always encoded using little-endian byte order for numeric types."
24 2) Information about Ice can be found here: http://www.zeroc.com
25 */
26
27 #define WS_LOG_DOMAIN "packet-icep"
28
29 #include "config.h"
30 #include <wireshark.h>
31
32 #include <epan/packet.h>
33 #include <epan/expert.h>
34 #include <epan/prefs.h>
35 #include "packet-tcp.h"
36
37 void proto_register_icep(void);
38 void proto_reg_handoff_icep(void);
39
40 static dissector_handle_t icep_tcp_handle, icep_udp_handle;
41
42 /* fixed values taken from the standard */
43 static const uint8_t icep_magic[] = { 'I', 'c', 'e', 'P' };
44 #define ICEP_HEADER_SIZE 14
45 #define ICEP_MIN_REPLY_SIZE 5
46 #define ICEP_MIN_PARAMS_SIZE 6
47 #define ICEP_MIN_COMMON_REQ_HEADER_SIZE 13
48
49 /* Initialize the protocol and registered fields */
50 static int proto_icep;
51
52 /* Message Header */
53 static int hf_icep_protocol_major;
54 static int hf_icep_protocol_minor;
55 static int hf_icep_encoding_major;
56 static int hf_icep_encoding_minor;
57 static int hf_icep_message_type;
58 static int hf_icep_compression_status;
59 static int hf_icep_message_size;
60 static int hf_icep_magic_number;
61
62 /* [Batch] Request Message Body */
63 static int hf_icep_request_id;
64 static int hf_icep_id_name;
65 static int hf_icep_id_category;
66 static int hf_icep_facet;
67 static int hf_icep_operation;
68 static int hf_icep_mode;
69 static int hf_icep_context;
70 static int hf_icep_params_size;
71 static int hf_icep_params_major;
72 static int hf_icep_params_minor;
73 static int hf_icep_params_encapsulated;
74 static int hf_icep_reply_data;
75 static int hf_icep_invocation_key;
76 static int hf_icep_invocation_value;
77
78 /* Reply Message Body */
79 static int hf_icep_reply_status;
80
81 /* Initialize the subtree pointers */
82 static int ett_icep;
83 static int ett_icep_msg;
84 static int ett_icep_invocation_context;
85
86 static expert_field ei_icep_params_size;
87 static expert_field ei_icep_context_missing;
88 static expert_field ei_icep_reply_data;
89 static expert_field ei_icep_length;
90 static expert_field ei_icep_facet_max_one_element;
91 static expert_field ei_icep_string_too_long;
92 static expert_field ei_icep_string_malformed;
93 static expert_field ei_icep_message_type;
94 static expert_field ei_icep_mode_missing;
95 static expert_field ei_icep_params_encapsulated;
96 static expert_field ei_icep_params_missing;
97 static expert_field ei_icep_batch_requests;
98 static expert_field ei_icep_empty_batch;
99 static expert_field ei_icep_facet_missing;
100 static expert_field ei_icep_context_too_long;
101
102 /* Preferences */
103 static unsigned icep_max_batch_requests = 64;
104 static unsigned icep_max_ice_string_len = 512;
105 static unsigned icep_max_ice_context_pairs = 64;
106
107
108 static const value_string icep_msgtype_vals[] = {
109 {0x0, "Request"},
110 {0x1, "Batch request"},
111 {0x2, "Reply"},
112 {0x3, "Validate connection"},
113 {0x4, "Close connection"},
114 {0, NULL}
115 };
116
117 static const value_string icep_zipstatus_vals[] = {
118 {0x0, "Uncompressed, sender cannot accept a compressed reply"},
119 {0x1, "Uncompressed, sender can accept a compressed reply"},
120 {0x2, "Compressed, sender can accept a compressed reply"},
121 {0, NULL}
122 };
123
124 static const value_string icep_replystatus_vals[] = {
125 {0x0, "Success"},
126 {0x1, "User exception"},
127 {0x2, "Object does not exist"},
128 {0x3, "Facet does not exist"},
129 {0x4, "Operation does not exist"},
130 {0x5, "Unknown Ice local exception"},
131 {0x6, "Unknown Ice user exception"},
132 {0x7, "Unknown exception"},
133 {0, NULL}
134 };
135
136 static const value_string icep_mode_vals[] = {
137 {0x0, "normal"},
138 {0x1, "nonmutating"},
139 {0x2, "idempotent"},
140 {0, NULL}
141 };
142
143 /*
144 * This function dissects an "Ice string", adds hf to "tree" and returns consumed
145 * bytes in "*consumed", if errors "*consumed" is -1.
146 *
147 * "*dest" is a null terminated version of the dissected Ice string.
148 */
149 static void dissect_ice_string(packet_info *pinfo, proto_tree *tree, proto_item *item, int hf_icep,
150 tvbuff_t *tvb, uint32_t offset, int32_t *consumed, const uint8_t **dest)
151 {
152 /* p. 586 chapter 23.2.1 and p. 588 chapter 23.2.5
153 * string == Size + content
154 * string = 1byte (0..254) + string not null terminated
155 * or
156 * string = 1byte (255) + 1int (255..2^32-1) + string not null terminated
157 */
158
159 uint32_t Size = 0;
160 const uint8_t *s = NULL;
161
162 (*consumed) = 0;
163
164 /* check for first byte */
165 if ( !tvb_bytes_exist(tvb, offset, 1) ) {
166
167 expert_add_info_format(pinfo, item, &ei_icep_string_malformed, "1st byte of Size missing");
168 col_append_str(pinfo->cinfo, COL_INFO, " (1st byte of Size missing)");
169
170 (*consumed) = -1;
171 return;
172 }
173
174 /* get the Size */
175 Size = tvb_get_uint8(tvb, offset);
176 offset++;
177 (*consumed)++;
178
179 if ( Size == 255 ) {
180
181 /* check for next 4 bytes */
182 if ( !tvb_bytes_exist(tvb, offset, 4) ) {
183
184 expert_add_info_format(pinfo, item, &ei_icep_string_malformed, "second field of Size missing");
185 col_append_str(pinfo->cinfo, COL_INFO, " (second field of Size missing)");
186
187 (*consumed) = -1;
188 return;
189 }
190
191 /* get second field of Size */
192 Size = tvb_get_letohl(tvb, offset);
193 offset += 4;
194 (*consumed) += 4;
195 }
196
197 ws_debug("string.Size --> %d", Size);
198
199 /* check if the string exists */
200 if ( !tvb_bytes_exist(tvb, offset, Size) ) {
201
202 expert_add_info_format(pinfo, item, &ei_icep_string_malformed, "missing or truncated string");
203 col_append_str(pinfo->cinfo, COL_INFO, " (missing or truncated string)");
204
205 (*consumed) = -1;
206 return;
207 }
208
209 if ( Size > icep_max_ice_string_len ) {
210
211 expert_add_info(pinfo, item, &ei_icep_string_too_long);
212 col_append_str(pinfo->cinfo, COL_INFO, " (string too long)");
213
214 (*consumed) = -1;
215 return;
216 }
217
218
219 if ( Size != 0 ) {
220 proto_tree_add_item_ret_string(tree, hf_icep, tvb, offset, Size, ENC_ASCII, pinfo->pool, &s);
221 } else {
222 s = wmem_strdup(pinfo->pool, "(empty)");
223 /* display the 0x00 Size byte when click on a empty ice_string */
224 proto_tree_add_string(tree, hf_icep, tvb, offset - 1, 1, s);
225 }
226
227 if ( dest != NULL )
228 *dest = s;
229
230 /*offset += Size;*/
231 (*consumed) += Size;
232 return;
233 }
234
235 /*
236 * This function dissects an "Ice facet", adds hf(s) to "tree" and returns consumed
237 * bytes in "*consumed", if errors "*consumed" is -1.
238 */
239 static void dissect_ice_facet(packet_info *pinfo, proto_tree *tree, proto_item *item, int hf_icep,
240 tvbuff_t *tvb, uint32_t offset, int32_t *consumed)
241 {
242 /* p. 588, chapter 23.2.6:
243 * "facet" is a StringSeq, a StringSeq is a:
244 * sequence<string>
245 *
246 *
247 * sequence == Size + SizeElements
248 * sequence = 1byte (0..254) + SizeElements
249 * or
250 * sequence = 1byte (255) + 1int (255..2^32-1) + SizeElements
251 *
252 *
253 * p.613. chapter 23.3.2
254 * "facet has either zero elements (empty) or one element"
255 *
256 *
257 */
258
259 uint32_t Size = 0; /* number of elements in the sequence */
260
261 (*consumed) = 0;
262
263 /* check first byte */
264 if ( !tvb_bytes_exist(tvb, offset, 1) ) {
265
266 expert_add_info(pinfo, item, &ei_icep_facet_missing);
267 col_append_str(pinfo->cinfo, COL_INFO, " (facet field missing)");
268
269 (*consumed) = -1;
270 return;
271 }
272
273 /* get first byte of Size */
274 Size = tvb_get_uint8(tvb, offset);
275 offset++;
276 (*consumed)++;
277
278 if ( Size == 0 ) {
279 /* display the 0x00 Size byte when click on a empty ice_string */
280 proto_tree_add_string(tree, hf_icep, tvb, offset - 1, 1, "(empty)");
281 return;
282 }
283
284 if ( Size == 1 ) {
285
286 int32_t consumed_facet = 0;
287
288 dissect_ice_string(pinfo, tree, item, hf_icep, tvb, offset, &consumed_facet, NULL);
289
290 if ( consumed_facet == -1 ) {
291 (*consumed) = -1;
292 return;
293 }
294
295 /*offset += consumed_facet;*/
296 (*consumed) += consumed_facet;
297 return;
298 }
299
300 /* if here => Size > 1 => not possible */
301
302 /* display the XX Size byte when click here */
303 expert_add_info(pinfo, item, &ei_icep_facet_max_one_element);
304
305 col_append_str(pinfo->cinfo, COL_INFO, " (facet can be max one element)");
306
307 (*consumed) = -1;
308 return;
309 }
310
311 /*
312 * This function dissects an "Ice context", adds hf(s) to "tree" and returns consumed
313 * bytes in "*consumed", if errors "*consumed" is -1.
314 */
315 static void dissect_ice_context(packet_info *pinfo, proto_tree *tree, proto_item *item,
316 tvbuff_t *tvb, uint32_t offset, int32_t *consumed)
317 {
318 /* p. 588, chapter 23.2.7 and p. 613, 23.3.2:
319 * "context" is a dictionary<string, string>
320 *
321 * dictionary<string, string> == Size + SizeKeyValuePairs
322 * dictionary<string, string> = 1byte (0..254) + SizeKeyValuePairs
323 * or
324 * dictionary<string, string>= 1byte (255) + 1int (255..2^32-1)+SizeKeyValuePairs
325 *
326 */
327
328 uint32_t Size = 0; /* number of key-value in the dictionary */
329 uint32_t i = 0;
330 const char *s = NULL;
331
332 (*consumed) = 0;
333
334 /* check first byte */
335 if ( !tvb_bytes_exist(tvb, offset, 1) ) {
336
337 expert_add_info_format(pinfo, item, &ei_icep_context_missing, "context missing");
338 col_append_str(pinfo->cinfo, COL_INFO, " (context missing)");
339
340 (*consumed) = -1;
341 return;
342 }
343
344 /* get first byte of Size */
345 Size = tvb_get_uint8(tvb, offset);
346 offset++;
347 (*consumed)++;
348
349 if ( Size == 255 ) {
350
351 /* check for next 4 bytes */
352 if ( !tvb_bytes_exist(tvb, offset, 4) ) {
353
354 expert_add_info_format(pinfo, item, &ei_icep_context_missing, "second field of Size missing");
355 col_append_str(pinfo->cinfo, COL_INFO, " (second field of Size missing)");
356
357 (*consumed) = -1;
358 return;
359 }
360
361 /* get second field of Size */
362 Size = tvb_get_letohl(tvb, offset);
363 offset += 4;
364 (*consumed) += 4;
365 }
366
367 ws_debug("context.Size --> %d", Size);
368
369 if ( Size > icep_max_ice_context_pairs ) {
370
371 /* display the XX Size byte when click here */
372 expert_add_info(pinfo, item, &ei_icep_context_too_long);
373
374 col_append_str(pinfo->cinfo, COL_INFO, " (too long context)");
375
376 (*consumed) = -1;
377 return;
378 }
379
380 if (Size == 0) {
381 s = "(empty)";
382 /* display the 0x00 Size byte when click on a empty context */
383 proto_tree_add_string(tree, hf_icep_context, tvb, offset - 1, 1, s);
384 return;
385 }
386
387 /* looping through the dictionary */
388 for ( i = 0; i < Size; i++ ) {
389 /* key */
390 int32_t consumed_key = 0;
391 const uint8_t *str_key = NULL;
392 /* value */
393 int32_t consumed_value = 0;
394 const uint8_t *str_value = NULL;
395 proto_item *ti;
396 proto_tree *context_tree;
397
398 ws_debug("looping through context dictionary, loop #%d", i);
399 context_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_icep_invocation_context, &ti, "Invocation Context");
400
401 dissect_ice_string(pinfo, context_tree, ti, hf_icep_invocation_key, tvb, offset, &consumed_key, &str_key);
402
403 if ( consumed_key == -1 ) {
404 (*consumed) = -1;
405 return;
406 }
407
408 offset += consumed_key;
409 (*consumed) += consumed_key;
410
411 dissect_ice_string(pinfo, context_tree, ti, hf_icep_invocation_value, tvb, offset, &consumed_value, &str_value);
412
413 if ( consumed_value == -1 ) {
414 (*consumed) = -1;
415 return;
416 }
417
418 offset += consumed_value;
419 (*consumed) += consumed_value;
420 if (ti)
421 proto_item_set_len(ti, (consumed_key + consumed_value) + 1);
422 }
423 }
424
425 /*
426 * This function dissects an "Ice params", adds hf(s) to "tree" and returns consumed
427 * bytes in "*consumed", if errors "*consumed" is -1.
428 */
429 static void dissect_ice_params(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
430 uint32_t offset, int32_t *consumed)
431 {
432 /* p. 612, chapter 23.3.2 and p. 587, 23.2.2:
433 * "params" is an Encapsulation
434 *
435 * struct Encapsulation {
436 * int size;
437 * byte major;
438 * byte minor;
439 * //(size - 6) bytes of data
440 * }
441 *
442 */
443
444 int32_t size = 0;
445 int tvb_data_remained = 0;
446
447 (*consumed) = 0;
448
449 /* check first 6 bytes */
450 if ( !tvb_bytes_exist(tvb, offset, ICEP_MIN_PARAMS_SIZE) ) {
451
452 expert_add_info(pinfo, item, &ei_icep_params_missing);
453 col_append_str(pinfo->cinfo, COL_INFO, " (params missing)");
454
455 (*consumed) = -1;
456 return;
457 }
458
459 /* get the size */
460 size = tvb_get_letohl(tvb, offset);
461
462 ws_debug("params.size --> %d", size);
463
464 if ( size < ICEP_MIN_PARAMS_SIZE ) {
465
466 expert_add_info(pinfo, item, &ei_icep_params_size);
467 col_append_str(pinfo->cinfo, COL_INFO, " (params size too small)");
468
469 (*consumed) = -1;
470 return;
471 }
472
473 if ( tree ) {
474
475 proto_tree_add_item(tree, hf_icep_params_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
476 offset += 4;
477 (*consumed) += 4;
478
479 proto_tree_add_item(tree, hf_icep_params_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
480 offset += 1;
481 (*consumed)++;
482
483 proto_tree_add_item(tree, hf_icep_params_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
484 offset += 1;
485 (*consumed)++;
486
487 } else {
488 /* skip size, major, minor */
489 offset += 6;
490 (*consumed) += 6;
491 }
492
493 if( size == ICEP_MIN_PARAMS_SIZE ) /* no encapsulated data present, it's normal */
494 return;
495
496 /* check if I got all encapsulated data */
497 tvb_data_remained = tvb_reported_length_remaining(tvb, offset);
498
499 if ( tvb_data_remained < ( size - ICEP_MIN_PARAMS_SIZE ) ) {
500
501 expert_add_info_format(pinfo, item, &ei_icep_params_encapsulated, "missing encapsulated data (%d bytes)", size - ICEP_MIN_PARAMS_SIZE - tvb_data_remained);
502
503 col_append_fstr(pinfo->cinfo, COL_INFO,
504 " (missing encapsulated data (%d bytes))",
505 size - ICEP_MIN_PARAMS_SIZE - tvb_data_remained);
506
507 (*consumed) = -1;
508 return;
509 }
510
511 /* encapsulated params */
512 proto_tree_add_item(tree, hf_icep_params_encapsulated, tvb, offset, (size - ICEP_MIN_PARAMS_SIZE), ENC_NA);
513
514 (*consumed) += (size - ICEP_MIN_PARAMS_SIZE);
515 }
516
517 static void dissect_icep_request_common(tvbuff_t *tvb, uint32_t offset,
518 packet_info *pinfo, proto_tree *icep_sub_tree, proto_item* icep_sub_item, int32_t *total_consumed)
519 {
520 /* p. 613, chapter 23.3.3 and p. 612 chapter 23.3.2:
521 * Request and BatchRequest differ only in the first 4 bytes (requestID)
522 * so them share this part
523 *
524 * Ice::Identity id;
525 * Ice::StringSeq facet;
526 * string operation;
527 * byte mode;
528 * Ice::Context context;
529 * Encapsulation params;
530 * }
531 */
532
533 int32_t consumed = 0;
534 const uint8_t *namestr = NULL;
535 const uint8_t *opstr = NULL;
536
537 (*total_consumed) = 0;
538
539 /* check common header (i.e. the batch request one)*/
540 if ( !tvb_bytes_exist(tvb, offset, ICEP_MIN_COMMON_REQ_HEADER_SIZE) ) {
541
542 expert_add_info_format(pinfo, icep_sub_item, &ei_icep_length, "too short header");
543 col_append_str(pinfo->cinfo, COL_INFO, " (too short header)");
544
545 goto error;
546 }
547
548 /* got at least 15 bytes */
549
550 /* "id" is a:
551 * struct Identity {
552 * string name;
553 * string category;
554 * }
555 */
556
557 dissect_ice_string(pinfo, icep_sub_tree, icep_sub_item, hf_icep_id_name, tvb, offset, &consumed, &namestr);
558
559 if ( consumed == -1 )
560 goto error;
561
562 offset += consumed; ws_debug("consumed --> %d", consumed);
563 (*total_consumed) += consumed;
564
565
566 dissect_ice_string(pinfo, icep_sub_tree, icep_sub_item, hf_icep_id_category, tvb, offset, &consumed, NULL);
567
568 if ( consumed == -1 )
569 goto error;
570
571 offset += consumed; ws_debug("consumed --> %d", consumed);
572 (*total_consumed) += consumed;
573
574
575 /* "facet" is a:
576 * sequence<string> StringSeq
577 *
578 */
579
580 dissect_ice_facet(pinfo, icep_sub_tree, icep_sub_item, hf_icep_facet, tvb, offset, &consumed);
581
582 if ( consumed == -1 )
583 goto error;
584
585 offset += consumed; ws_debug("consumed --> %d", consumed);
586 (*total_consumed) += consumed;
587
588 /* "operation" is an ice_string
589 *
590 */
591
592 dissect_ice_string(pinfo, icep_sub_tree, icep_sub_item, hf_icep_operation, tvb, offset, &consumed, &opstr);
593
594 if ( consumed == -1 )
595 goto error;
596 else {
597 offset += consumed; ws_debug("consumed --> %d", consumed);
598 (*total_consumed) += consumed;
599
600 if ( opstr && namestr ) {
601 ws_debug("operation --> %s.%s()", namestr, opstr);
602 col_append_fstr(pinfo->cinfo, COL_INFO, " %s.%s()",
603 namestr, opstr);
604 opstr = NULL;
605 namestr = NULL;
606 }
607 }
608
609 /* check and get mode byte */
610 if ( !tvb_bytes_exist(tvb, offset, 1) ) {
611
612 expert_add_info(pinfo, icep_sub_item, &ei_icep_mode_missing);
613
614 col_append_str(pinfo->cinfo, COL_INFO, " (mode field missing)");
615 goto error;
616 }
617
618 proto_tree_add_item(icep_sub_tree, hf_icep_mode, tvb, offset, 1, ENC_LITTLE_ENDIAN);
619
620 offset++; ws_debug("consumed --> 1");
621 (*total_consumed)++;
622
623
624 /* "context" is a dictionary<string, string>
625 *
626 */
627
628 dissect_ice_context(pinfo, icep_sub_tree, icep_sub_item, tvb, offset, &consumed);
629
630 if ( consumed == -1 )
631 goto error;
632
633 offset += consumed; ws_debug("consumed --> %d", consumed);
634 (*total_consumed) += consumed;
635
636 /* "params" is a Encapsulation
637 *
638 */
639
640 dissect_ice_params(pinfo, icep_sub_tree, icep_sub_item, tvb, offset, &consumed);
641
642 if ( consumed == -1 )
643 goto error;
644
645 /*offset += consumed;*/
646 ws_debug("consumed --> %d", consumed);
647 (*total_consumed) += consumed;
648
649 return;
650
651 error:
652 (*total_consumed) = -1;
653 }
654
655
656 static void dissect_icep_request(tvbuff_t *tvb, uint32_t offset,
657 packet_info *pinfo, proto_tree *icep_tree, proto_item* icep_item)
658 {
659 /* p. 612, chapter 23.3.2:
660 *
661 * struct RequestData {
662 * int requestID;
663 * Ice::Identity id;
664 * Ice::StringSeq facet;
665 * string operation;
666 * byte mode;
667 * Ice::Context context;
668 * Encapsulation params;
669 * }
670 */
671
672 proto_item *ti = NULL;
673 proto_tree *icep_sub_tree = NULL;
674 int32_t consumed = 0;
675 uint32_t reqid = 0;
676
677 ws_debug("dissect request");
678
679 /* check for req id */
680 if ( !tvb_bytes_exist(tvb, offset, 4) ) {
681
682 expert_add_info_format(pinfo, icep_item, &ei_icep_length, "too short header");
683 col_append_str(pinfo->cinfo, COL_INFO, " (too short header)");
684 return;
685 }
686
687 /* got at least 4 bytes */
688
689 /* create display subtree for this message type */
690
691 reqid = tvb_get_letohl(tvb, offset);
692
693 icep_sub_tree = proto_tree_add_subtree(icep_tree, tvb, offset, -1, ett_icep_msg, &ti, "Request Message Body");
694
695 proto_tree_add_item(icep_sub_tree, hf_icep_request_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
696
697 if ( reqid != 0 ) {
698 col_append_fstr(pinfo->cinfo, COL_INFO, "(%d):", tvb_get_letohl(tvb, offset));
699 } else
700 col_append_str(pinfo->cinfo, COL_INFO, "(oneway):");
701
702
703 offset += 4;
704 ws_debug("consumed --> 4");
705
706 dissect_icep_request_common(tvb, offset, pinfo, icep_sub_tree, ti, &consumed);
707
708 if ( consumed == -1 )
709 return;
710
711 /*offset += consumed;*/
712 ws_debug("consumed --> %d", consumed);
713 }
714
715
716
717 static void dissect_icep_batch_request(tvbuff_t *tvb, uint32_t offset,
718 packet_info *pinfo, proto_tree *icep_tree, proto_item* icep_item)
719 {
720 /* p. 613, chapter 23.3.3
721 * A batch request msg is a "sequence" of batch request
722 * Sequence is Size + elements
723 *
724 * struct BatchRequestData {
725 * Ice::Identity id;
726 * Ice::StringSeq facet;
727 * string operation;
728 * byte mode;
729 * Ice::Context context;
730 * Encapsulation params;
731 * }
732 *
733 * NOTE!!!:
734 * The only real implementation of the Ice protocol puts a 32bit count in front
735 * of a Batch Request, *not* an Ice::Sequence (as the standard says). Basically the
736 * same people wrote both code and standard so I'll follow the code.
737 */
738
739 proto_item *ti = NULL;
740 proto_tree *icep_sub_tree = NULL;
741 uint32_t num_reqs = 0;
742 uint32_t i = 0;
743 int32_t consumed = 0;
744
745 ws_debug("dissect batch request");
746
747 /* check for first 4 byte */
748 if ( !tvb_bytes_exist(tvb, offset, 4) ) {
749
750 expert_add_info_format(pinfo, icep_item, &ei_icep_length, "counter of batch requests missing");
751 col_append_str(pinfo->cinfo, COL_INFO, " (counter of batch requests missing)");
752 return;
753 }
754
755 num_reqs = tvb_get_letohl(tvb, offset);
756 offset += 4;
757
758 ws_debug("batch_requests.count --> %d", num_reqs);
759
760 if ( num_reqs > icep_max_batch_requests ) {
761
762 expert_add_info_format(pinfo, icep_item, &ei_icep_batch_requests, "too many batch requests (%d)", num_reqs);
763
764 col_append_fstr(pinfo->cinfo, COL_INFO, " (too many batch requests, %d)", num_reqs);
765 return;
766 }
767
768 if ( num_reqs == 0 ) {
769
770 proto_tree_add_expert(icep_tree, pinfo, &ei_icep_empty_batch, tvb, offset, -1);
771 col_append_str(pinfo->cinfo, COL_INFO, " (empty batch requests sequence)");
772
773 return;
774 }
775
776
777 col_append_str(pinfo->cinfo, COL_INFO, ":");
778
779 /*
780 * process requests
781 */
782
783 for ( i = 0; i < num_reqs; i++ ) {
784
785 ws_debug("looping through sequence of batch requests, loop #%d", i);
786
787 /* create display subtree for this message type */
788
789 icep_sub_tree = proto_tree_add_subtree_format(icep_tree, tvb, offset, -1,
790 ett_icep_msg, &ti, "Batch Request Message Body: #%d", i);
791
792 if (i != 0) {
793 col_append_str(pinfo->cinfo, COL_INFO, ",");
794 }
795
796 dissect_icep_request_common(tvb, offset, pinfo, icep_sub_tree, ti, &consumed);
797
798 if ( consumed == -1 )
799 return;
800
801 if ( icep_tree && ti )
802 proto_item_set_len(ti, consumed);
803
804 offset += consumed;
805 ws_debug("consumed --> %d", consumed);
806 }
807 }
808
809 static void dissect_icep_reply(tvbuff_t *tvb, uint32_t offset,
810 packet_info *pinfo, proto_tree *icep_tree, proto_item* icep_item)
811 {
812 /* p. 614, chapter 23.3.4:
813 *
814 * struct ReplyData {
815 * int requestId;
816 * byte replyStatus;
817 * [... messageSize - 19 bytes ... ]
818 * }
819 */
820
821 int32_t messageSize = 0;
822 uint32_t tvb_data_remained = 0;
823 uint32_t reported_reply_data = 0;
824 proto_item *ti = NULL;
825 proto_tree *icep_sub_tree = NULL;
826
827 ws_debug("dissect reply");
828
829 /* get at least a full reply message header */
830
831 if ( !tvb_bytes_exist(tvb, offset, ICEP_MIN_REPLY_SIZE) ) {
832
833 expert_add_info_format(pinfo, icep_item, &ei_icep_length, "too short header");
834
835 col_append_str(pinfo->cinfo, COL_INFO, " (too short header)");
836 return;
837 }
838
839 /* got 5 bytes, then data */
840
841 /* create display subtree for this message type */
842
843 icep_sub_tree = proto_tree_add_subtree(icep_tree, tvb, offset, -1,
844 ett_icep_msg, &ti, "Reply Message Body");
845
846 proto_tree_add_item(icep_sub_tree, hf_icep_request_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
847
848 col_append_fstr(pinfo->cinfo, COL_INFO, "(%d):", tvb_get_letohl(tvb, offset));
849
850 offset += 4;
851
852 proto_tree_add_item(icep_sub_tree, hf_icep_reply_status, tvb, offset, 1, ENC_LITTLE_ENDIAN);
853
854 col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
855 val_to_str_const(tvb_get_uint8(tvb, offset),
856 icep_replystatus_vals,
857 "unknown reply status"));
858
859 offset++;
860
861 ws_debug("consumed --> %d", 5);
862
863 /* check if I got all reply data */
864 tvb_data_remained = tvb_reported_length_remaining(tvb, offset);
865 messageSize = tvb_get_letohl(tvb, 10);
866 reported_reply_data = messageSize - (ICEP_HEADER_SIZE + ICEP_MIN_REPLY_SIZE);
867
868 /* no */
869 if ( tvb_data_remained < reported_reply_data ) {
870
871 expert_add_info_format(pinfo, ti, &ei_icep_reply_data, "Reply Data (missing %d bytes out of %d)", reported_reply_data - tvb_data_remained, reported_reply_data);
872
873 col_append_fstr(pinfo->cinfo, COL_INFO,
874 " (missing reply data, %d bytes)",
875 reported_reply_data - tvb_data_remained);
876
877 /*offset += tvb_data_remained;*/
878 ws_debug("consumed --> %d", tvb_data_remained);
879 return;
880 }
881
882 /* yes (reported_reply_data can be 0) */
883
884 proto_tree_add_item(icep_sub_tree, hf_icep_reply_data, tvb, offset, reported_reply_data, ENC_NA);
885
886 /*offset += reported_reply_data;*/
887 ws_debug("consumed --> %d", reported_reply_data);
888 }
889
890 static unsigned get_icep_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
891 int offset, void *data _U_)
892 {
893 return tvb_get_letohl(tvb, offset + 10);
894 }
895
896 static int dissect_icep_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
897 {
898 /* p. 611, chapter 23.3.1:
899 *
900 * struct HeaderData {
901 * int magic;
902 * byte protocolMajor;
903 * byte protocolMinor;
904 * byte encodingMajor;
905 * byte encodingMinor;
906 * byte messageType;
907 * byte compressionStatus;
908 * int messageSize;
909 * }
910 */
911
912 proto_item *ti, *msg_item = NULL;
913 proto_tree *icep_tree;
914 uint32_t offset = 0;
915
916 /* Make entries in Protocol column and Info column on summary display */
917
918 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICEP");
919
920 col_add_str(pinfo->cinfo, COL_INFO,
921 val_to_str(tvb_get_uint8(tvb, 8),
922 icep_msgtype_vals,
923 "Unknown Message Type: 0x%02x"));
924
925 ws_debug("got an icep msg, start analysis");
926
927 /* create display subtree for the protocol */
928
929 ti = proto_tree_add_item(tree, proto_icep, tvb, 0, -1, ENC_NA);
930 icep_tree = proto_item_add_subtree(ti, ett_icep);
931
932 if (icep_tree) {
933 /* add items to the subtree */
934
935 /* message header */
936
937 proto_tree_add_item(icep_tree, hf_icep_magic_number, tvb, offset, 4, ENC_ASCII);
938 offset += 4;
939
940 proto_tree_add_item(icep_tree, hf_icep_protocol_major,
941 tvb, offset, 1, ENC_LITTLE_ENDIAN);
942 offset++;
943
944 proto_tree_add_item(icep_tree, hf_icep_protocol_minor,
945 tvb, offset, 1, ENC_LITTLE_ENDIAN);
946 offset++;
947
948 proto_tree_add_item(icep_tree, hf_icep_encoding_major,
949 tvb, offset, 1, ENC_LITTLE_ENDIAN);
950 offset++;
951
952 proto_tree_add_item(icep_tree, hf_icep_encoding_minor,
953 tvb, offset, 1, ENC_LITTLE_ENDIAN);
954 offset++;
955
956 msg_item = proto_tree_add_item(icep_tree, hf_icep_message_type,
957 tvb, offset, 1, ENC_LITTLE_ENDIAN);
958 offset++;
959
960 proto_tree_add_item(icep_tree, hf_icep_compression_status,
961 tvb, offset, 1, ENC_LITTLE_ENDIAN);
962 offset++;
963
964 proto_tree_add_item(icep_tree, hf_icep_message_size,
965 tvb, offset, 4, ENC_LITTLE_ENDIAN);
966 offset += 4;
967 } else {
968 offset += ICEP_HEADER_SIZE;
969 }
970
971 switch(tvb_get_uint8(tvb, 8)) {
972 case 0x0:
973 ws_debug("request message body: parsing %d bytes",
974 tvb_captured_length_remaining(tvb, offset));
975 dissect_icep_request(tvb, offset, pinfo, icep_tree, ti);
976 break;
977 case 0x1:
978 ws_debug("batch request message body: parsing %d bytes",
979 tvb_captured_length_remaining(tvb, offset));
980 dissect_icep_batch_request(tvb, offset, pinfo, icep_tree, ti);
981 break;
982 case 0x2:
983 ws_debug("reply message body: parsing %d bytes",
984 tvb_captured_length_remaining(tvb, offset));
985 dissect_icep_reply(tvb, offset, pinfo, icep_tree, ti);
986 break;
987 case 0x3:
988 case 0x4:
989 /* messages already dissected */
990 break;
991 default:
992 expert_add_info_format(pinfo, msg_item, &ei_icep_message_type, "Unknown Message Type: 0x%02x", tvb_get_uint8(tvb, 8));
993 break;
994 }
995 return tvb_captured_length(tvb);
996 }
997
998 /* entry point */
999 static gboolean dissect_icep_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1000 {
1001 ws_debug("triggered");
1002
1003 if ( tvb_memeql(tvb, 0, icep_magic, 4) == -1 ) {
1004 /* Not a ICEP packet. */
1005 return FALSE;
1006 }
1007
1008 /* start dissecting */
1009
1010 tcp_dissect_pdus(tvb, pinfo, tree, true, ICEP_HEADER_SIZE,
1011 get_icep_pdu_len, dissect_icep_pdu, data);
1012
1013 return TRUE;
1014 }
1015
1016 static bool
1017 dissect_icep_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1018 {
1019 return (bool)dissect_icep_tcp(tvb, pinfo, tree, data) > 0;
1020 }
1021
1022 static gboolean dissect_icep_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1023 {
1024 ws_debug("triggered");
1025
1026 if ( tvb_memeql(tvb, 0, icep_magic, 4) == -1 ) {
1027 /* Not a ICEP packet. */
1028 return false;
1029 }
1030
1031 /* start dissecting */
1032 dissect_icep_pdu(tvb, pinfo, tree, data);
1033 return true;
1034 }
1035
1036 static bool
1037 dissect_icep_udp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1038 {
1039 return (bool)dissect_icep_udp(tvb, pinfo, tree, data) > 0;
1040 }
1041
1042 /* Register the protocol with Wireshark */
1043
1044 void proto_register_icep(void)
1045 {
1046 module_t *icep_module;
1047 expert_module_t* expert_icep;
1048
1049 /* Setup list of header fields */
1050
1051 static hf_register_info hf[] = {
1052
1053 { &hf_icep_protocol_major,
1054 {
1055 "Protocol Major", "icep.protocol_major",
1056 FT_INT8, BASE_DEC, NULL, 0x0,
1057 "The protocol major version number", HFILL
1058 }
1059 },
1060
1061 { &hf_icep_protocol_minor,
1062 {
1063 "Protocol Minor", "icep.protocol_minor",
1064 FT_INT8, BASE_DEC, NULL, 0x0,
1065 "The protocol minor version number", HFILL
1066 }
1067 },
1068
1069 { &hf_icep_encoding_major,
1070 {
1071 "Encoding Major", "icep.encoding_major",
1072 FT_INT8, BASE_DEC, NULL, 0x0,
1073 "The encoding major version number", HFILL
1074 }
1075 },
1076
1077 { &hf_icep_encoding_minor,
1078 {
1079 "Encoding Minor", "icep.encoding_minor",
1080 FT_INT8, BASE_DEC, NULL, 0x0,
1081 "The encoding minor version number", HFILL
1082 }
1083 },
1084
1085 { &hf_icep_message_type,
1086 {
1087 "Message Type", "icep.message_type",
1088 FT_INT8, BASE_DEC, VALS(icep_msgtype_vals), 0x0,
1089 "The message type", HFILL
1090 }
1091 },
1092
1093 { &hf_icep_magic_number,
1094 {
1095 "Magic Number", "icep.magic_number",
1096 FT_STRING, BASE_NONE, NULL, 0x0,
1097 NULL, HFILL
1098 }
1099 },
1100
1101 { &hf_icep_compression_status,
1102 {
1103 "Compression Status", "icep.compression_status",
1104 FT_INT8, BASE_DEC, VALS(icep_zipstatus_vals), 0x0,
1105 "The compression status of the message", HFILL
1106 }
1107 },
1108
1109 { &hf_icep_message_size,
1110 {
1111 "Message Size", "icep.message_status",
1112 FT_INT32, BASE_DEC, NULL, 0x0,
1113 "The size of the message in bytes, including the header",
1114 HFILL
1115 }
1116 },
1117
1118 { &hf_icep_request_id,
1119 {
1120 "Request Identifier", "icep.request_id",
1121 FT_INT32, BASE_DEC, NULL, 0x0,
1122 "The request identifier",
1123 HFILL
1124 }
1125 },
1126
1127 { &hf_icep_reply_status,
1128 {
1129 "Reply Status", "icep.protocol_major",
1130 FT_INT8, BASE_DEC, VALS(icep_replystatus_vals), 0x0,
1131 "The reply status", HFILL
1132 }
1133 },
1134
1135 { &hf_icep_id_name,
1136 {
1137 "Object Identity Name", "icep.id.name",
1138 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1139 "The object identity name", HFILL
1140 }
1141 },
1142
1143 { &hf_icep_id_category,
1144 {
1145 "Object Identity Content", "icep.id.content",
1146 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1147 "The object identity content", HFILL
1148 }
1149 },
1150
1151 { &hf_icep_facet,
1152 {
1153 "Facet Name", "icep.facet",
1154 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1155 "The facet name", HFILL
1156 }
1157 },
1158
1159 { &hf_icep_operation,
1160 {
1161 "Operation Name", "icep.operation",
1162 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1163 "The operation name", HFILL
1164 }
1165 },
1166
1167 { &hf_icep_mode,
1168 {
1169 "Ice::OperationMode", "icep.operation_mode",
1170 FT_INT8, BASE_DEC, VALS(icep_mode_vals), 0x0,
1171 "A byte representing Ice::OperationMode", HFILL
1172 }
1173 },
1174
1175 { &hf_icep_context,
1176 {
1177 "Invocation Context", "icep.context",
1178 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1179 "The invocation context", HFILL
1180 }
1181 },
1182
1183 { &hf_icep_params_size,
1184 {
1185 "Input Parameters Size", "icep.params.size",
1186 FT_INT32, BASE_DEC, NULL, 0x0,
1187 "The encapsulated input parameters size",
1188 HFILL
1189 }
1190 },
1191
1192 { &hf_icep_params_major,
1193 {
1194 "Input Parameters Encoding Major",
1195 "icep.params.major",
1196 FT_INT8, BASE_DEC, NULL, 0x0,
1197 "The major encoding version of encapsulated parameters",
1198 HFILL
1199 }
1200 },
1201
1202 { &hf_icep_params_minor,
1203 {
1204 "Input Parameters Encoding Minor",
1205 "icep.params.minor",
1206 FT_INT8, BASE_DEC, NULL, 0x0,
1207 "The minor encoding version of encapsulated parameters",
1208 HFILL
1209 }
1210 },
1211
1212 { &hf_icep_params_encapsulated,
1213 {
1214 "Encapsulated parameters",
1215 "icep.params.encapsulated",
1216 FT_BYTES, BASE_NONE, NULL, 0x0,
1217 "Remaining encapsulated parameters",
1218 HFILL
1219 }
1220 },
1221
1222 { &hf_icep_reply_data,
1223 {
1224 "Reported reply data",
1225 "icep.params.reply_data",
1226 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL
1227 }
1228 },
1229
1230 { &hf_icep_invocation_key,
1231 {
1232 "Key",
1233 "icep.invocation_key",
1234 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL
1235 }
1236 },
1237
1238 { &hf_icep_invocation_value,
1239 {
1240 "Value",
1241 "icep.invocation_value",
1242 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL
1243 }
1244 },
1245 };
1246
1247 /* Setup protocol subtree array */
1248
1249 static int *ett[] = {
1250 &ett_icep,
1251 &ett_icep_msg,
1252 &ett_icep_invocation_context,
1253 };
1254
1255 static ei_register_info ei[] = {
1256 { &ei_icep_string_malformed, { "icep.string.malformed", PI_MALFORMED, PI_ERROR, "String malformed", EXPFILL }},
1257 { &ei_icep_string_too_long, { "icep.string.too_long", PI_PROTOCOL, PI_WARN, "string too long", EXPFILL }},
1258 { &ei_icep_facet_missing, { "icep.facet.missing", PI_MALFORMED, PI_ERROR, "facet field missing", EXPFILL }},
1259 { &ei_icep_facet_max_one_element, { "icep.facet.max_one_element", PI_PROTOCOL, PI_WARN, "facet can be max one element", EXPFILL }},
1260 { &ei_icep_context_missing, { "icep.context.missing", PI_MALFORMED, PI_ERROR, "context missing", EXPFILL }},
1261 { &ei_icep_context_too_long, { "icep.context.too_long", PI_PROTOCOL, PI_WARN, "too long context", EXPFILL }},
1262 { &ei_icep_params_missing, { "icep.params.missing", PI_MALFORMED, PI_ERROR, "params missing", EXPFILL }},
1263 { &ei_icep_params_size, { "icep.params.size.invalid", PI_PROTOCOL, PI_WARN, "params size too small", EXPFILL }},
1264 { &ei_icep_params_encapsulated, { "icep.params.encapsulated.missing", PI_PROTOCOL, PI_WARN, "missing encapsulated data", EXPFILL }},
1265 { &ei_icep_length, { "icep.length_invalid", PI_MALFORMED, PI_ERROR, "Invalid length", EXPFILL }},
1266 { &ei_icep_mode_missing, { "icep.mode.missing", PI_MALFORMED, PI_ERROR, "mode field missing", EXPFILL }},
1267 { &ei_icep_batch_requests, { "icep.batch_requests.invalid", PI_PROTOCOL, PI_WARN, "too many batch requests", EXPFILL }},
1268 { &ei_icep_empty_batch, { "icep.batch_requests.empty", PI_PROTOCOL, PI_WARN, "empty batch requests sequence", EXPFILL }},
1269 { &ei_icep_reply_data, { "icep.params.reply_data.missing", PI_MALFORMED, PI_ERROR, "Reply Data missing", EXPFILL }},
1270 { &ei_icep_message_type, { "icep.message_type.unknown", PI_PROTOCOL, PI_WARN, "Unknown Message Type", EXPFILL }},
1271 };
1272
1273 /* Register the protocol name and description */
1274
1275 proto_icep =
1276 proto_register_protocol("Internet Communications Engine Protocol", "ICEP", "icep");
1277
1278 /* Required function calls to register the header fields and subtrees used */
1279
1280 proto_register_field_array(proto_icep, hf, array_length(hf));
1281 proto_register_subtree_array(ett, array_length(ett));
1282 expert_icep = expert_register_protocol(proto_icep);
1283 expert_register_field_array(expert_icep, ei, array_length(ei));
1284
1285 icep_module = prefs_register_protocol(proto_icep, NULL);
1286 prefs_register_uint_preference(icep_module, "max_batch_requests",
1287 "Maximum batch requests",
1288 "Maximum number of batch requests allowed",
1289 10, &icep_max_batch_requests);
1290
1291 prefs_register_uint_preference(icep_module, "max_ice_string_len",
1292 "Maximum string length",
1293 "Maximum length allowed of an ICEP string",
1294 10, &icep_max_ice_string_len);
1295
1296 prefs_register_uint_preference(icep_module, "max_ice_context_pairs",
1297 "Maximum context pairs",
1298 "Maximum number of context pairs allowed",
1299 10, &icep_max_ice_context_pairs);
1300
1301 icep_tcp_handle = register_dissector("iecp.tcp", dissect_icep_tcp, proto_icep);
1302 icep_udp_handle = register_dissector("iecp.udp", dissect_icep_udp, proto_icep);
1303 }
1304
1305
1306 void proto_reg_handoff_icep(void)
1307 {
1308 /* Register as a heuristic TCP/UDP dissector */
1309 heur_dissector_add("tcp", dissect_icep_tcp_heur, "ICEP over TCP", "icep_tcp", proto_icep, HEURISTIC_ENABLE);
1310 heur_dissector_add("udp", dissect_icep_udp_heur, "ICEP over UDP", "icep_udp", proto_icep, HEURISTIC_ENABLE);
1311
1312 /* Register TCP port for dissection */
1313 dissector_add_for_decode_as_with_preference("tcp.port", icep_tcp_handle);
1314 /* Register UDP port for dissection */
1315 dissector_add_for_decode_as_with_preference("udp.port", icep_udp_handle);
1316 }
1317
1318 /*
1319 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1320 *
1321 * Local variables:
1322 * c-basic-offset: 4
1323 * tab-width: 8
1324 * indent-tabs-mode: nil
1325 * End:
1326 *
1327 * vi: set shiftwidth=4 tabstop=8 expandtab:
1328 * :indentSize=4:tabSize=8:noTabs=true:
1329 */
Metzes wireshark repo