search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-mndp.c
blobba38e3c515e989ea1124de15658466eb5e050e8b
1 /* packet-mndp.c
2 * Routines for the disassembly of the Mikrotik Neighbor Discovery Protocol
3 *
4 * Copyright 2011 Joerg Mayer (see AUTHORS file)
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 /*
14 http://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery
15 TODO:
16 - Find out about first 4 bytes (are the first 2 simply part of the sequence number?)
17 - Find out about additional TLVs
18 - Find out about unpack values
19 */
20
21 #include "config.h"
22
23 #include <epan/packet.h>
24 void proto_register_mndp(void);
25 void proto_reg_handoff_mndp(void);
26
27 static dissector_handle_t mndp_handle;
28
29 /* protocol handles */
30 static int proto_mndp;
31
32 /* ett handles */
33 static int ett_mndp;
34 static int ett_mndp_tlv_header;
35
36 /* hf elements */
37 /* tlv generic */
38 static int hf_mndp_tlv_type;
39 static int hf_mndp_tlv_length;
40 static int hf_mndp_tlv_data;
41 /* tunnel header */
42 static int hf_mndp_header_unknown;
43 static int hf_mndp_header_seqno;
44 /* tlvs */
45 static int hf_mndp_mac;
46 static int hf_mndp_softwareid;
47 static int hf_mndp_version;
48 static int hf_mndp_identity;
49 static int hf_mndp_uptime;
50 static int hf_mndp_platform;
51 static int hf_mndp_board;
52 static int hf_mndp_unpack;
53 static int hf_mndp_ipv6address;
54 static int hf_mndp_interfacename;
55 static int hf_mndp_ipv4address;
56
57 #define PROTO_SHORT_NAME "MNDP"
58 #define PROTO_LONG_NAME "Mikrotik Neighbor Discovery Protocol"
59
60 #define PORT_MNDP 5678 /* Not IANA registered */
61
62 /* ============= copy/paste/modify from value_string.[hc] ============== */
63 typedef struct _ext_value_string {
64 uint32_t value;
65 const char *strptr;
66 int* hf_element;
67 int (*specialfunction)(tvbuff_t *, packet_info *, proto_tree *, uint32_t,
68 uint32_t, const struct _ext_value_string *);
69 const struct _ext_value_string *evs;
70 } ext_value_string;
71
72
73 static const char*
74 match_strextval_idx(uint32_t val, const ext_value_string *vs, int *idx) {
75 int i = 0;
76
77 if(vs) {
78 while (vs[i].strptr) {
79 if (vs[i].value == val) {
80 if (idx)
81 *idx = i;
82 return vs[i].strptr;
83 }
84 i++;
85 }
86 }
87
88 if (idx)
89 *idx = -1;
90 return NULL;
91 }
92
93 static const char*
94 extval_to_str_idx(wmem_allocator_t *pool, uint32_t val, const ext_value_string *vs, int *idx, const char *fmt) {
95 const char *ret;
96
97 if (!fmt)
98 fmt="Unknown";
99
100 ret = match_strextval_idx(val, vs, idx);
101 if (ret != NULL)
102 return ret;
103
104 return wmem_strdup_printf(pool, fmt, val);
105 }
106 /* ============= end copy/paste/modify ============== */
107
108 /* Forward decls needed by mndp_tunnel_tlv_vals et al */
109 static int dissect_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *mndp_tree,
110 uint32_t offset, uint32_t length, const ext_value_string *value_array);
111
112 static const ext_value_string mndp_body_tlv_vals[] = {
113 { 1, "MAC-Address", &hf_mndp_mac, NULL, NULL },
114 { 5, "Identity", &hf_mndp_identity, NULL, NULL },
115 { 7, "Version", &hf_mndp_version, NULL, NULL },
116 { 8, "Platform", &hf_mndp_platform, NULL, NULL },
117 { 10, "Uptime", &hf_mndp_uptime, NULL, (ext_value_string *)true },
118 { 11, "Software-ID", &hf_mndp_softwareid, NULL, NULL },
119 { 12, "Board", &hf_mndp_board, NULL, NULL },
120 { 14, "Unpack", &hf_mndp_unpack, NULL, NULL },
121 { 15, "IPv6-Address", &hf_mndp_ipv6address, NULL, NULL },
122 { 16, "Interface name", &hf_mndp_interfacename, NULL, NULL },
123 { 17, "IPv4-Address", &hf_mndp_ipv4address, NULL, NULL },
124
125 { 0, NULL, NULL, NULL, NULL }
126 };
127
128 static const value_string mndp_unpack_vals[] = {
129 /* none|simple|uncompressed-headers|uncompressed-all */
130 { 1, "None" },
131 { 0, NULL }
132 };
133
134 static int
135 dissect_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *mndp_tree,
136 uint32_t offset, uint32_t length _U_, const ext_value_string *value_array)
137 {
138 uint32_t tlv_type;
139 uint32_t tlv_length;
140 proto_item *tlv_tree;
141 proto_item *type_item;
142 int type_index;
143 uint32_t tlv_end;
144 unsigned encoding_info;
145
146 tlv_type = tvb_get_ntohs(tvb, offset);
147 tlv_length = tvb_get_ntohs(tvb, offset + 2);
148 tlv_tree = proto_tree_add_subtree_format(mndp_tree, tvb,
149 offset, tlv_length+4, ett_mndp_tlv_header, NULL,
150 "T %d, L %d: %s",
151 tlv_type,
152 tlv_length,
153 extval_to_str_idx(pinfo->pool, tlv_type, value_array, NULL, "Unknown"));
154
155 type_item = proto_tree_add_item(tlv_tree, hf_mndp_tlv_type,
156 tvb, offset, 2, ENC_BIG_ENDIAN);
157 proto_item_append_text(type_item, " = %s",
158 extval_to_str_idx(pinfo->pool, tlv_type, value_array,
159 &type_index, "Unknown"));
160 offset += 2;
161 proto_tree_add_item(tlv_tree, hf_mndp_tlv_length,
162 tvb, offset, 2, ENC_BIG_ENDIAN);
163 offset += 2;
164
165 if (tlv_length == 0)
166 return offset;
167
168 tlv_end = offset + tlv_length;
169
170 /* Make hf_ handling independent of specialfunction */
171 /* FIXME: Properly handle encoding info */
172 if ( type_index != -1
173 && !value_array[type_index].specialfunction
174 && value_array[type_index].evs != NULL
175 ) {
176 encoding_info = value_array[type_index].evs ? true : false;
177 } else {
178 encoding_info = false;
179 }
180 if ( type_index != -1 && value_array[type_index].hf_element) {
181 proto_tree_add_item(tlv_tree,
182 *(value_array[type_index].hf_element),
183 tvb, offset, tlv_length, encoding_info);
184 } else {
185 proto_tree_add_item(tlv_tree, hf_mndp_tlv_data,
186 tvb, offset, tlv_length, ENC_NA);
187 }
188 if ( type_index != -1 && value_array[type_index].specialfunction ) {
189 uint32_t newoffset;
190
191 while (offset < tlv_end) {
192 newoffset = value_array[type_index].specialfunction (
193 tvb, pinfo, tlv_tree, offset, tlv_length,
194 value_array[type_index].evs);
195 DISSECTOR_ASSERT(newoffset > offset);
196 offset = newoffset;
197 }
198 }
199 return tlv_end;
200 }
201
202 static int
203 dissect_mndp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
204 {
205 proto_item *ti;
206 proto_tree *mndp_tree;
207 uint32_t offset = 0;
208 uint32_t packet_length;
209
210 col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_SHORT_NAME);
211
212 packet_length = tvb_reported_length(tvb);
213
214 /* Header dissection */
215 ti = proto_tree_add_item(tree, proto_mndp, tvb, offset, -1,
216 ENC_NA);
217 mndp_tree = proto_item_add_subtree(ti, ett_mndp);
218
219 proto_tree_add_item(mndp_tree, hf_mndp_header_unknown, tvb, offset, 2,
220 ENC_NA);
221 offset += 2;
222 proto_tree_add_item(mndp_tree, hf_mndp_header_seqno, tvb, offset, 2,
223 ENC_BIG_ENDIAN);
224 offset += 2;
225
226 while (offset < packet_length) {
227 offset = dissect_tlv(tvb, pinfo, mndp_tree,
228 offset, 0, mndp_body_tlv_vals);
229 }
230
231 return offset;
232 }
233
234 static bool
235 test_mndp(tvbuff_t *tvb)
236 {
237 /* Observed captures of MNDP always seem to have port 5678 as both
238 * the source and destination port, and have a broadcast destination IP
239 * and destination MAC address (if we have those layers.)
240 * The TLVs are also transmitted in increasing type order.
241 * TLV type 1 (MAC-Address) appears to be mandatory (and thus first),
242 * and always has length 6.
243 * We could also step through all the TLVs to see if the types and
244 * lengths are reasonable.
245 * Any of these could be used to strengthen the heuristic further.
246 */
247 int offset = 0;
248 int type, length;
249 /* Minimum of 8 bytes, 4 Bytes header + 1 TLV-header */
250 if ( tvb_captured_length(tvb) < 8) {
251 return false;
252 }
253 offset += 4;
254 type = tvb_get_uint16(tvb, offset, ENC_BIG_ENDIAN);
255 if (type != 1) {
256 return false;
257 }
258 offset += 2;
259 length = tvb_get_uint16(tvb, offset, ENC_BIG_ENDIAN);
260 if (length != 6) {
261 return false;
262 }
263 offset += 2;
264 /* Length does *not* include the type and length fields. */
265 if (tvb_reported_length_remaining(tvb, offset) < length) {
266 return false;
267 }
268 offset += length;
269 /* If there's more data left, it should be another TLV. */
270 if (tvb_reported_length_remaining(tvb, offset) > 0 &&
271 tvb_reported_length_remaining(tvb, offset) < 4) {
272 return false;
273 }
274 return true;
275 }
276
277 static bool
278 dissect_mndp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
279 {
280 if ( !test_mndp(tvb) ) {
281 return false;
282 }
283 dissect_mndp(tvb, pinfo, tree);
284 return true;
285 }
286
287 static int
288 dissect_mndp_static(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
289 {
290 if ( !test_mndp(tvb) ) {
291 return 0;
292 }
293 return dissect_mndp(tvb, pinfo, tree);
294 }
295
296 void
297 proto_register_mndp(void)
298 {
299 static hf_register_info hf[] = {
300
301 /* TLV fields */
302 { &hf_mndp_tlv_type,
303 { "TlvType", "mndp.tlv.type", FT_UINT16, BASE_DEC, NULL,
304 0x0, NULL, HFILL }},
305
306 { &hf_mndp_tlv_length,
307 { "TlvLength", "mndp.tlv.length", FT_UINT16, BASE_DEC, NULL,
308 0x0, NULL, HFILL }},
309
310 { &hf_mndp_tlv_data,
311 { "TlvData", "mndp.tlv.data", FT_BYTES, BASE_NONE, NULL,
312 0x0, NULL, HFILL }},
313
314 /* MNDP tunnel header */
315 { &hf_mndp_header_unknown,
316 { "Header Unknown", "mndp.header.unknown", FT_BYTES, BASE_NONE, NULL,
317 0x0, NULL, HFILL }},
318
319 { &hf_mndp_header_seqno,
320 { "SeqNo", "mndp.header.seqno", FT_UINT16, BASE_DEC, NULL,
321 0x0, NULL, HFILL }},
322
323 /* MNDP tunnel data */
324 { &hf_mndp_mac,
325 { "MAC-Address", "mndp.mac", FT_ETHER, BASE_NONE, NULL,
326 0x0, NULL, HFILL }},
327
328 { &hf_mndp_softwareid,
329 { "Software-ID", "mndp.softwareid", FT_STRING, BASE_NONE, NULL,
330 0x0, NULL, HFILL }},
331
332 { &hf_mndp_version,
333 { "Version", "mndp.version", FT_STRING, BASE_NONE, NULL,
334 0x0, NULL, HFILL }},
335
336 { &hf_mndp_identity,
337 { "Identity", "mndp.identity", FT_STRING, BASE_NONE, NULL,
338 0x0, NULL, HFILL }},
339
340 { &hf_mndp_uptime,
341 { "Uptime", "mndp.uptime", FT_RELATIVE_TIME, BASE_NONE, NULL,
342 0x0, NULL, HFILL }},
343
344 { &hf_mndp_platform,
345 { "Platform", "mndp.platform", FT_STRING, BASE_NONE, NULL,
346 0x0, NULL, HFILL }},
347
348 { &hf_mndp_board,
349 { "Board", "mndp.board", FT_STRING, BASE_NONE, NULL,
350 0x0, NULL, HFILL }},
351
352 { &hf_mndp_unpack,
353 { "Unpack", "mndp.unpack", FT_UINT8, BASE_DEC, VALS(mndp_unpack_vals),
354 0x0, NULL, HFILL }},
355
356 { &hf_mndp_ipv6address,
357 { "IPv6-Address", "mndp.ipv6address", FT_IPv6, BASE_NONE, NULL,
358 0x0, NULL, HFILL }},
359
360 { &hf_mndp_interfacename,
361 { "Interface name", "mndp.interfacename", FT_STRING, BASE_NONE, NULL,
362 0x0, NULL, HFILL }},
363
364 { &hf_mndp_ipv4address,
365 { "IPv4-Address", "mndp.ipv4address", FT_IPv4, BASE_NONE, NULL,
366 0x0, NULL, HFILL }},
367
368 };
369 static int *ett[] = {
370 &ett_mndp,
371 &ett_mndp_tlv_header,
372 };
373
374 proto_mndp = proto_register_protocol(PROTO_LONG_NAME, PROTO_SHORT_NAME, "mndp");
375 proto_register_field_array(proto_mndp, hf, array_length(hf));
376 proto_register_subtree_array(ett, array_length(ett));
377
378 mndp_handle = register_dissector("mndp", dissect_mndp_static, proto_mndp);
379 }
380
381 void
382 proto_reg_handoff_mndp(void)
383 {
384 dissector_add_uint_with_preference("udp.port", PORT_MNDP, mndp_handle);
385 heur_dissector_add("udp", dissect_mndp_heur, "MNDP over UDP", "mndp_udp", proto_mndp, HEURISTIC_DISABLE);
386 }
387
388 /*
389 * Editor modelines - https://www.wireshark.org/tools/modelines.html
390 *
391 * Local variables:
392 * c-basic-offset: 8
393 * tab-width: 8
394 * indent-tabs-mode: t
395 * End:
396 *
397 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
398 * :indentSize=8:tabSize=8:noTabs=false:
399 */
Metzes wireshark repo