search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-ippusb.c
blobb38b33bbccbe6f26798006d1b45e8c0a535bbfa7
1 /* packet-ippusb.c
2 * Routines for IPPUSB packet disassembly
3 * https://robots.org.uk/IPPOverUSB
4 *
5 * Jamie Hare <jamienh@umich.edu>
6 *
7 * PROTONAME: Internet Printing Protocol Over USB
8 * PROTOSHORTNAME: IPPUSB
9 * PROTOABBREV: ippusb
10 *
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
14 *
15 * SPDX-License-Identifier: GPL-2.0-or-later
16 */
17
18 #include "config.h"
19
20 #include <epan/packet.h>
21 #include <epan/strutil.h>
22 #include <epan/to_str.h>
23 #include <epan/conversation.h>
24 #include <epan/wmem_scopes.h>
25 #include <reassemble.h>
26 #include "packet-usb.h"
27
28 /*
29 * IPPUSB transfer_type values
30 */
31 #define HTTP 0
32
33 /* As also defined in IPP dissector */
34 #define PRINT_JOB 0x0002
35 #define SEND_DOCUMENT 0x0006
36
37 #define TAG_END_OF_ATTRIBUTES 0x03
38 #define NEWLINE 0x0a
39
40 #define CHUNK_LENGTH_MIN 5
41
42 #define BITS_PER_BYTE 8
43
44 static const uint8_t CHUNKED_END[] = { 0x30, 0x0d, 0x0a, 0x0d, 0x0a };
45 static const uint8_t RETURN_NEWLINE[] = { 0x0d, 0x0a };
46 static tvbuff_t *return_newline_tvb;
47
48 void proto_register_ippusb(void);
49 void proto_reg_handoff_ippusb(void);
50 static int is_http_header(unsigned first_linelen, const unsigned char *first_line);
51
52 static dissector_handle_t ippusb_handle;
53
54 static int proto_ippusb;
55 static int ett_ippusb;
56 static int ett_ippusb_as;
57 static int ett_ippusb_attr;
58 static int ett_ippusb_member;
59 static int ett_ippusb_fragment;
60 static int ett_ippusb_fragments;
61
62 /* For reassembly */
63 static int32_t ippusb_last_pdu = -1;
64
65 static int hf_ippusb_fragments;
66 static int hf_ippusb_fragment;
67 static int hf_ippusb_fragment_overlap;
68 static int hf_ippusb_fragment_overlap_conflict;
69 static int hf_ippusb_fragment_multiple_tails;
70 static int hf_ippusb_fragment_too_long_fragment;
71 static int hf_ippusb_fragment_error;
72 static int hf_ippusb_fragment_count;
73 static int hf_ippusb_reassembled_in;
74 static int hf_ippusb_reassembled_length;
75 static int hf_ippusb_reassembled_data;
76
77 /* Reassemble by default */
78 static bool global_ippusb_reassemble = true;
79
80 static const fragment_items ippusb_frag_items = {
81 &ett_ippusb_fragment,
82 &ett_ippusb_fragments,
83 &hf_ippusb_fragments,
84 &hf_ippusb_fragment,
85 &hf_ippusb_fragment_overlap,
86 &hf_ippusb_fragment_overlap_conflict,
87 &hf_ippusb_fragment_multiple_tails,
88 &hf_ippusb_fragment_too_long_fragment,
89 &hf_ippusb_fragment_error,
90 &hf_ippusb_fragment_count,
91 &hf_ippusb_reassembled_in,
92 &hf_ippusb_reassembled_length,
93 &hf_ippusb_reassembled_data,
94 "IPPUSB fragments"
95 };
96
97 struct ippusb_multisegment_pdu {
98 unsigned nxtpdu;
99 uint32_t first_frame;
100 uint32_t running_size;
101 bool finished;
102 bool reassembled;
103 bool is_ipp;
104
105 uint32_t document;
106 #define MSP_HAS_DOCUMENT 0x00000001
107 #define MSP_DOCUMENT_TRUNCATED 0x00000002
108
109 uint32_t flags;
110 #define MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT 0x00000001
111 #define MSP_FLAGS_GOT_ALL_SEGMENTS 0x00000002
112 #define MSP_FLAGS_MISSING_FIRST_SEGMENT 0x00000004
113 };
114
115 static struct ippusb_multisegment_pdu *
116 pdu_store(packet_info *pinfo, wmem_tree_t *multisegment_pdus, uint32_t first_frame, bool is_ipp, unsigned document)
117 {
118 struct ippusb_multisegment_pdu *msp;
119
120 msp = wmem_new(wmem_file_scope(), struct ippusb_multisegment_pdu);
121 msp->first_frame = first_frame;
122 msp->finished = false;
123 msp->reassembled = false;
124 msp->is_ipp = is_ipp;
125 msp->document = document;
126 msp->flags = 0;
127 wmem_tree_insert32(multisegment_pdus, pinfo->num, (void *)msp);
128
129 return msp;
130 }
131
132 struct ippusb_analysis {
133 wmem_tree_t *multisegment_pdus;
134 };
135
136 static struct ippusb_analysis *
137 init_ippusb_conversation_data(void)
138 {
139 struct ippusb_analysis *ippusbd;
140
141 ippusbd = wmem_new0(wmem_file_scope(), struct ippusb_analysis);
142
143 ippusbd->multisegment_pdus = wmem_tree_new(wmem_file_scope());
144
145 return ippusbd;
146 }
147
148 static struct ippusb_analysis *
149 get_ippusb_conversation_data(conversation_t *conv, packet_info *pinfo)
150 {
151 struct ippusb_analysis *ippusbd;
152
153 if(conv == NULL ) {
154 conv = find_or_create_conversation(pinfo);
155 }
156
157 ippusbd = (struct ippusb_analysis *)conversation_get_proto_data(conv, proto_ippusb);
158
159 if (!ippusbd) {
160 ippusbd = init_ippusb_conversation_data();
161 conversation_add_proto_data(conv, proto_ippusb, ippusbd);
162 }
163
164 return ippusbd;
165 }
166
167
168 static void *ippusb_temporary_key(const packet_info *pinfo _U_, const uint32_t id _U_, const void *data)
169 {
170 return (void *)data;
171 }
172
173 static void *ippusb_persistent_key(const packet_info *pinfo _U_, const uint32_t id _U_, const void *data)
174 {
175 return (void *)data;
176 }
177
178 static void ippusb_free_temporary_key(void *ptr _U_) { }
179
180 static void ippusb_free_persistent_key(void *ptr _U_) { }
181
182 static reassembly_table_functions ippusb_reassembly_table_functions =
183 {
184 g_direct_hash,
185 g_direct_equal,
186 ippusb_temporary_key,
187 ippusb_persistent_key,
188 ippusb_free_temporary_key,
189 ippusb_free_persistent_key
190 };
191
192 static dissector_table_t ippusb_dissector_table;
193 static reassembly_table ippusb_reassembly_table;
194
195 /* Main dissector function */
196 static int
197 dissect_ippusb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
198 {
199 int offset = 0;
200 int ret = 0;
201 unsigned first_linelen;
202 const unsigned char *first_line;
203 int next_offset;
204 uint8_t last;
205 uint8_t status_code;
206 struct ippusb_analysis *ippusbd = NULL;
207 conversation_t *conv = NULL;
208
209 struct ippusb_multisegment_pdu *new_msp = NULL;
210 struct ippusb_multisegment_pdu *current_msp = NULL;
211 struct ippusb_multisegment_pdu *previous_msp = NULL;
212
213 int reported_length = tvb_reported_length(tvb);
214 int captured_length = tvb_captured_length(tvb);
215
216 if((conv = find_conversation_pinfo(pinfo, 0)) != NULL) {
217 /* Update how far the conversation reaches */
218 if (pinfo->num > conv->last_frame) {
219 conv->last_frame = pinfo->num;
220 }
221 }
222 else {
223 conv = conversation_new(pinfo->num, &pinfo->src, &pinfo->dst, CONVERSATION_TCP,
224 pinfo->srcport, pinfo->destport, 0);
225 }
226
227 ippusbd = get_ippusb_conversation_data(conv, pinfo);
228
229 first_linelen = tvb_find_line_end(tvb, offset, tvb_ensure_captured_length_remaining(tvb, offset), &next_offset, true);
230 first_line = tvb_get_ptr(tvb, offset, first_linelen);
231
232 /* Get last byte of segment */
233 last = tvb_get_uint8(tvb, captured_length - 1);
234 status_code = tvb_get_bits8(tvb, 3 * BITS_PER_BYTE, BITS_PER_BYTE);
235
236 /* Is the segment the last chunk from chunk transfer? */
237 bool is_last_chunk = false;
238 if (captured_length == CHUNK_LENGTH_MIN) {
239 is_last_chunk = tvb_memeql(tvb, offset, CHUNKED_END, CHUNK_LENGTH_MIN) == 0;
240 }
241
242 if (is_http_header(first_linelen, first_line) && last == TAG_END_OF_ATTRIBUTES && status_code != PRINT_JOB && status_code != SEND_DOCUMENT) {
243 /* An individual ippusb packet with http header */
244
245 proto_tree_add_item(tree, proto_ippusb, tvb, offset, -1, ENC_NA);
246
247 if (ippusb_last_pdu >= 0 && !pinfo->fd->visited) {
248 ippusb_last_pdu = -1;
249 }
250
251 ret = dissector_try_uint_with_data(ippusb_dissector_table, HTTP, tvb, pinfo, tree, true, data);
252 }
253 else if (global_ippusb_reassemble) {
254 /* If reassembly is wanted */
255
256 if (!pinfo->fd->visited) {
257 /* First time this segment is ever seen */
258
259 bool save_fragmented = pinfo->fragmented;
260 pinfo->fragmented = true;
261
262 proto_tree_add_item(tree, proto_ippusb, tvb, offset, -1, ENC_NA);
263
264 if (is_http_header(first_linelen, first_line)) {
265 /* The start of a new packet that will need to be reassembled */
266
267 new_msp = pdu_store(pinfo, ippusbd->multisegment_pdus, pinfo->num, true, 0);
268 new_msp->running_size = captured_length;
269
270 fragment_add_check(&ippusb_reassembly_table, tvb, offset, pinfo, new_msp->first_frame,
271 GUINT_TO_POINTER(new_msp->first_frame), 0, captured_length, true);
272
273 ippusb_last_pdu = pinfo->num;
274 }
275 else {
276
277 previous_msp = (struct ippusb_multisegment_pdu *)wmem_tree_lookup32_le(ippusbd->multisegment_pdus, ippusb_last_pdu);
278
279 if (previous_msp) {
280 previous_msp->nxtpdu = pinfo->num;
281 new_msp = pdu_store(pinfo, ippusbd->multisegment_pdus, previous_msp->first_frame, previous_msp->is_ipp, previous_msp->document);
282 new_msp->running_size = previous_msp->running_size + captured_length;
283
284 /* This packet has an HTTP header but is not an ipp packet */
285 if ((first_linelen >= strlen("Content-Type: ") && strncmp(first_line, "Content-Type: ", strlen("Content-Type: ")) == 0) &&
286 (first_linelen < strlen("Content-Type: application/ipp") || strncmp(first_line, "Content-Type: application/ipp", strlen("Content-Type: application/ipp")) != 0)) {
287 new_msp->is_ipp = false;
288 }
289
290 /* This packet will have an attached document */
291 if (status_code == PRINT_JOB || status_code == SEND_DOCUMENT) {
292 new_msp->document |= MSP_HAS_DOCUMENT;
293 }
294
295 if (!is_last_chunk) {
296 /* If this segment is not the last chunk in a chunked transfer */
297
298 if (captured_length < reported_length && (new_msp->document & MSP_HAS_DOCUMENT)) {
299 /* The attached document segment is smaller than it says it should be and cannot be reassembled properly */
300
301 tvbuff_t *new_tvb = tvb_new_subset_length(tvb, 0, captured_length);
302
303 fragment_add_check(&ippusb_reassembly_table, new_tvb, offset, pinfo, new_msp->first_frame,
304 GUINT_TO_POINTER(new_msp->first_frame), previous_msp->running_size, captured_length, true);
305
306 new_msp->document |= MSP_DOCUMENT_TRUNCATED;
307 }
308 else {
309 fragment_add_check(&ippusb_reassembly_table, tvb, offset, pinfo, new_msp->first_frame,
310 GUINT_TO_POINTER(new_msp->first_frame), previous_msp->running_size, captured_length, true);
311 }
312
313 if (last != NEWLINE) {
314 fragment_add_check(&ippusb_reassembly_table, return_newline_tvb, offset, pinfo, new_msp->first_frame,
315 GUINT_TO_POINTER(new_msp->first_frame), new_msp->running_size, sizeof(RETURN_NEWLINE), true);
316
317 new_msp->running_size += sizeof(RETURN_NEWLINE);
318 }
319
320 ippusb_last_pdu = pinfo->num;
321 }
322 else {
323 /* This segment contains the end of ipp chunked transfer information */
324
325 new_msp->finished = true;
326 ippusb_last_pdu = -1;
327
328 fragment_head *head = fragment_add_check(&ippusb_reassembly_table, tvb, offset, pinfo, new_msp->first_frame,
329 GUINT_TO_POINTER(new_msp->first_frame), previous_msp->running_size, captured_length, false);
330 tvbuff_t *processed_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPPUSB", head, &ippusb_frag_items, NULL, tree);
331
332 new_msp->reassembled = true;
333 pinfo->can_desegment = 0;
334
335 if(processed_tvb){
336 ret = dissector_try_uint_with_data(ippusb_dissector_table, HTTP, processed_tvb, pinfo, tree, true, data);
337 col_append_str(pinfo->cinfo, COL_INFO, " Reassembled Data");
338 }
339 }
340 }
341 }
342
343 pinfo->fragmented = save_fragmented;
344 }
345 else {
346 /* Not the first time this segment is seen */
347
348 bool save_fragmented = pinfo->fragmented;
349 pinfo->fragmented = true;
350 current_msp = (struct ippusb_multisegment_pdu *)wmem_tree_lookup32_le(ippusbd->multisegment_pdus, pinfo->num);
351
352 /* This is not an ipp packet */
353 if(current_msp && !(current_msp->is_ipp)){
354 return captured_length;
355 }
356
357 if (current_msp && !current_msp->finished && current_msp->nxtpdu == 0) {
358 /* This is a packet that was not completed and assembly will be attempted */
359
360 proto_tree_add_item(tree, proto_ippusb, tvb, offset, -1, ENC_NA);
361 fragment_head *head;
362
363 if (!current_msp->reassembled) {
364 /* The first time this segment is passed over after the initial round
365 * it will be added to the pdu and reassembled */
366
367 pinfo->fd->visited = false;
368
369 if (captured_length < reported_length && (current_msp->document & MSP_HAS_DOCUMENT)) {
370 /* The attached document segment is smaller than it says it should be and cannot be reassembled properly */
371
372 tvbuff_t *new_tvb = tvb_new_subset_length(tvb, 0, captured_length);
373
374 head = fragment_add_check(&ippusb_reassembly_table, new_tvb, offset, pinfo, current_msp->first_frame,
375 GUINT_TO_POINTER(current_msp->first_frame), current_msp->running_size - captured_length, captured_length, false);
376
377 current_msp->document |= MSP_DOCUMENT_TRUNCATED;
378 }
379 else {
380 head = fragment_add_check(&ippusb_reassembly_table, tvb, 0, pinfo, current_msp->first_frame,
381 GUINT_TO_POINTER(current_msp->first_frame), current_msp->running_size - captured_length, captured_length, false);
382 }
383
384 pinfo->fd->visited = true;
385
386 current_msp->reassembled = true;
387 }
388 else {
389 /* Packet has already been reassembled */
390
391 head = fragment_get_reassembled_id(&ippusb_reassembly_table, pinfo, current_msp->first_frame);
392 }
393
394 tvbuff_t *processed_tvb = process_reassembled_data(tvb, offset, pinfo, " Reassembled IPPUSB", head, &ippusb_frag_items, NULL, tree);
395
396 if (processed_tvb) {
397 pinfo->can_desegment = 0;
398
399 ret = dissector_try_uint_with_data(ippusb_dissector_table, HTTP, processed_tvb, pinfo, tree, true, data);
400
401 if (current_msp->document & MSP_DOCUMENT_TRUNCATED) {
402 col_append_str(pinfo->cinfo, COL_INFO, " Document Truncated");
403 }
404 }
405 }
406 else if (current_msp && is_last_chunk) {
407 /* This is the last segment of the chunked transfer and reassembled packet */
408
409 proto_tree_add_item(tree, proto_ippusb, tvb, offset, -1, ENC_NA);
410
411 fragment_head *head = fragment_get_reassembled_id(&ippusb_reassembly_table, pinfo, current_msp->first_frame);
412
413 tvbuff_t *processed_tvb = process_reassembled_data(tvb, offset, pinfo, " Reassembled IPPUSB", head, &ippusb_frag_items, NULL, tree);
414
415 if (processed_tvb) {
416 pinfo->can_desegment = 0;
417
418 ret = dissector_try_uint_with_data(ippusb_dissector_table, HTTP, processed_tvb, pinfo, tree, true, data);
419
420 col_append_str(pinfo->cinfo, COL_INFO, " Reassembled Data");
421
422 /* If the document was truncated mark it as such in the UX */
423 if (current_msp->document & MSP_DOCUMENT_TRUNCATED) {
424 col_append_str(pinfo->cinfo, COL_INFO, " Document Truncated");
425 }
426 }
427 }
428
429 pinfo->fragmented = save_fragmented;
430 }
431 }
432
433 if (ret) {
434 return tvb_captured_length(tvb);
435 }
436 else {
437 return 0;
438 }
439 }
440
441 static int
442 is_http_header(unsigned first_linelen, const unsigned char *first_line) {
443 if ((first_linelen >= strlen("HTTP/") && strncmp(first_line, "HTTP/", strlen("HTTP/")) == 0) ||
444 (first_linelen >= strlen("POST /ipp") && strncmp(first_line, "POST /ipp", strlen("POST /ipp")) == 0) ||
445 (first_linelen >= strlen("POST / HTTP") && strncmp(first_line, "POST / HTTP", strlen("POST / HTTP")) == 0)) {
446
447 return true;
448 }
449 else {
450 return false;
451 }
452 }
453
454 static void
455 ippusb_shutdown(void) {
456 tvb_free(return_newline_tvb);
457 }
458
459 void
460 proto_register_ippusb(void)
461 {
462 static hf_register_info hf[] = {
463
464 /* Reassembly */
465 { &hf_ippusb_fragment,
466 { "Fragment", "ippusb.fragment", FT_FRAMENUM, BASE_NONE,
467 NULL, 0x0, NULL, HFILL }},
468 { &hf_ippusb_fragments,
469 { "Fragments", "ippusb.fragments", FT_BYTES, BASE_NONE,
470 NULL, 0x0, NULL, HFILL }},
471 { &hf_ippusb_fragment_overlap,
472 { "Fragment overlap", "ippusb.fragment.overlap", FT_BOOLEAN, BASE_NONE,
473 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
474 { &hf_ippusb_fragment_overlap_conflict,
475 { "Conflicting data in fragment overlap", "ippusb.fragment.overlap.conflict",
476 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
477 "Overlapping fragments contained conflicting data", HFILL }},
478 { &hf_ippusb_fragment_multiple_tails,
479 { "Multiple tail fragments found", "ippusb.fragment.multipletails",
480 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
481 "Several tails were found when defragmenting the packet", HFILL }},
482 { &hf_ippusb_fragment_too_long_fragment,
483 { "Fragment too long", "ippusb.fragment.toolongfragment",
484 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
485 "Fragment contained data past end of packet", HFILL }},
486 { &hf_ippusb_fragment_error,
487 { "Defragmentation error", "ippusb.fragment.error", FT_FRAMENUM, BASE_NONE,
488 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
489 { &hf_ippusb_fragment_count,
490 { "Fragment count", "ippusb.fragment.count", FT_UINT32, BASE_DEC,
491 NULL, 0x0, NULL, HFILL }},
492 { &hf_ippusb_reassembled_in,
493 { "Reassembled payload in frame", "ippusb.reassembled_in", FT_FRAMENUM, BASE_NONE,
494 NULL, 0x0, "This payload packet is reassembled in this frame", HFILL }},
495 { &hf_ippusb_reassembled_length,
496 { "Reassembled payload length", "ippusb.reassembled.length", FT_UINT32, BASE_DEC,
497 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
498 { &hf_ippusb_reassembled_data,
499 { "Reassembled data", "ippusb.reassembled.data", FT_BYTES, BASE_NONE,
500 NULL, 0x0, "The reassembled payload", HFILL }},
501 };
502
503 static int *ett[] = {
504 &ett_ippusb,
505 &ett_ippusb_as,
506 &ett_ippusb_attr,
507 &ett_ippusb_member,
508 &ett_ippusb_fragments,
509 &ett_ippusb_fragment
510 };
511
512 proto_ippusb = proto_register_protocol("Internet Printing Protocol Over USB", "IPPUSB", "ippusb");
513
514 ippusb_dissector_table = register_dissector_table("ippusb", "IPP Over USB", proto_ippusb, FT_UINT8, BASE_DEC);
515
516 proto_register_field_array(proto_ippusb, hf, array_length(hf));
517 proto_register_subtree_array(ett, array_length(ett));
518
519 /* Register reassembly table. */
520 reassembly_table_register(&ippusb_reassembly_table, &ippusb_reassembly_table_functions);
521
522 /* Preferences */
523 module_t *ippusb_module = prefs_register_protocol(proto_ippusb, NULL);
524
525 /* Reassembly, made an option due to memory costs */
526 prefs_register_bool_preference(ippusb_module, "attempt_reassembly", "Reassemble payload", "", &global_ippusb_reassemble);
527
528 return_newline_tvb = tvb_new_real_data(RETURN_NEWLINE, sizeof(RETURN_NEWLINE), sizeof(RETURN_NEWLINE));
529
530 register_shutdown_routine(ippusb_shutdown);
531
532 ippusb_handle = register_dissector("ippusb", dissect_ippusb, proto_ippusb);
533 }
534
535 void
536 proto_reg_handoff_ippusb(void)
537 {
538 dissector_add_uint("usb.bulk", IF_CLASS_PRINTER, ippusb_handle);
539 }
540
541 /*
542 * Editor modelines - https://www.wireshark.org/tools/modelines.html
543 *
544 * Local variables:
545 * c-basic-offset: 4
546 * tab-width: 8
547 * indent-tabs-mode: nil
548 * End:
549 *
550 * vi: set shiftwidth=4 tabstop=8 expandtab:
551 * :indentSize=4:tabSize=8:noTabs=true:
552 */
Metzes wireshark repo