epan/dissectors/packet-omapi.c

   1 /* packet-omapi.c
   2  * ISC OMAPI (Object Management API) dissector
   3  * Copyright 2006, Jaap Keuter <jaap.keuter@xs4all.nl>
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 /*
  13  * From the description api+protocol.
  14  * All fields are 32 bit unless stated otherwise.
  15  *
  16  * On startup, each side sends a status message indicating what version
  17  * of the protocol they are speaking. The status message looks like this:
  18  * +---------+---------+
  19  * | version | hlength |
  20  * +---------+---------+
  21  *
  22  * The fixed-length header consists of:
  23  * +--------+----+--------+----+-----+---------+------------+------------+-----+
  24  * | authid | op | handle | id | rid | authlen | msg values | obj values | sig |
  25  * +--------+----+--------+----+-----+---------+------v-----+-----v------+--v--+
  26  * NOTE: real life capture shows order to be: authid, authlen, opcode, handle...
  27  *
  28  * The message and object values consists of:
  29  * +---------+------+----------+-------+
  30  * | namelen | name | valuelen | value |
  31  * +---16b---+--v---+----------+---v---+
  32  */
  33
  34 #include "config.h"
  35
  36 #include <epan/packet.h>
  37 #include <epan/ptvcursor.h>
  38
  39 void proto_register_omapi(void);
  40 void proto_reg_handoff_omapi(void);
  41
  42 static dissector_handle_t omapi_handle;
  43
  44 static int proto_omapi;
  45 static int hf_omapi_version;
  46 static int hf_omapi_hlength;
  47 static int hf_omapi_auth_id;
  48 static int hf_omapi_auth_len;
  49 static int hf_omapi_opcode;
  50 static int hf_omapi_handle;
  51 static int hf_omapi_id;
  52 static int hf_omapi_rid;
  53 static int hf_omapi_msg_name_len; /* 16bit */
  54 static int hf_omapi_msg_name;
  55 static int hf_omapi_msg_value_len;
  56 static int hf_omapi_msg_value;
  57 static int hf_omapi_obj_name_len; /* 16bit */
  58 static int hf_omapi_obj_name;
  59 static int hf_omapi_obj_value_len;
  60 static int hf_omapi_obj_value;
  61 static int hf_omapi_signature;
  62
  63 /* Generated from convert_proto_tree_add_text.pl */
  64 static int hf_omapi_empty_string;
  65 static int hf_omapi_object_end_tag;
  66 static int hf_omapi_message_end_tag;
  67 static int hf_omapi_no_value;
  68
  69 static int ett_omapi;
  70
  71 #define OMAPI_PORT 7911 /* Not IANA registered */
  72
  73 #define OP_OPEN             1
  74 #define OP_REFRESH          2
  75 #define OP_UPDATE           3
  76 #define OP_NOTIFY           4
  77 #define OP_ERROR            5
  78 #define OP_DELETE           6
  79 #define OP_NOTIFY_CANCEL    7
  80 #define OP_NOTIFY_CANCELLED 8
  81
  82 static const value_string omapi_opcode_vals[] = {
  83   { OP_OPEN,             "Open" },
  84   { OP_REFRESH,          "Refresh" },
  85   { OP_UPDATE,           "Update" },
  86   { OP_NOTIFY,           "Notify" },
  87   { OP_ERROR,            "Error" },
  88   { OP_DELETE,           "Delete" },
  89   { OP_NOTIFY_CANCEL,    "Notify cancel" },
  90   { OP_NOTIFY_CANCELLED, "Notify cancelled" },
  91   { 0, NULL }
  92 };
  93
  94 static int
  95 dissect_omapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  96 {
  97   proto_item  *ti;
  98   proto_tree  *omapi_tree;
  99   ptvcursor_t *cursor;
 100
 101   uint32_t authlength;
 102   uint32_t msglength;
 103   uint32_t objlength;
 104
 105     /* Payload too small for OMAPI */
 106   if (tvb_reported_length_remaining(tvb, 0) < 8)
 107     return 0;
 108
 109   col_set_str(pinfo->cinfo, COL_PROTOCOL, "OMAPI");
 110
 111   col_clear(pinfo->cinfo, COL_INFO);
 112
 113   ti = proto_tree_add_item(tree, proto_omapi, tvb, 0, -1, ENC_NA);
 114   omapi_tree = proto_item_add_subtree(ti, ett_omapi);
 115   cursor = ptvcursor_new(pinfo->pool, omapi_tree, tvb, 0);
 116
 117   if (tvb_reported_length_remaining(tvb, 0) < 24)
 118   {
 119     /* This is a startup message */
 120     ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
 121     ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
 122
 123     col_set_str(pinfo->cinfo, COL_INFO, "Status message");
 124     proto_item_append_text(ti, ", Status message");
 125
 126     ptvcursor_free(cursor);
 127     return 8;
 128   }
 129   else if ( !(tvb_get_ntohl(tvb, 8) || tvb_get_ntohl(tvb, 12)) )
 130   {
 131     /* This is a startup message, and more */
 132     ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
 133     ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
 134
 135     col_append_str(pinfo->cinfo, COL_INFO, "Status message");
 136
 137     proto_item_append_text(ti, ", Status message");
 138   }
 139
 140   ptvcursor_add(cursor, hf_omapi_auth_id, 4, ENC_BIG_ENDIAN);
 141   authlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
 142   ptvcursor_add(cursor, hf_omapi_auth_len, 4, ENC_BIG_ENDIAN);
 143
 144   col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
 145       val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
 146
 147   proto_item_append_text(ti, ", Opcode: %s",
 148     val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
 149
 150   ptvcursor_add(cursor, hf_omapi_opcode, 4, ENC_BIG_ENDIAN);
 151   ptvcursor_add(cursor, hf_omapi_handle, 4, ENC_BIG_ENDIAN);
 152   ptvcursor_add(cursor, hf_omapi_id, 4, ENC_BIG_ENDIAN);
 153   ptvcursor_add(cursor, hf_omapi_rid, 4, ENC_BIG_ENDIAN);
 154
 155   msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
 156   while (msglength)
 157   {
 158     ptvcursor_add(cursor, hf_omapi_msg_name_len, 2, ENC_BIG_ENDIAN);
 159     ptvcursor_add(cursor, hf_omapi_msg_name, msglength, ENC_ASCII);
 160     msglength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
 161     ptvcursor_add(cursor, hf_omapi_msg_value_len, 4, ENC_BIG_ENDIAN);
 162
 163     if (msglength == 0)
 164     {
 165       proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
 166     }
 167     else if (msglength == (uint32_t)~0)
 168     {
 169       proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
 170     }
 171     else
 172     {
 173       ptvcursor_add(cursor, hf_omapi_msg_value, msglength, ENC_ASCII);
 174     }
 175
 176     msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
 177   }
 178
 179   ptvcursor_add(cursor, hf_omapi_message_end_tag, 2, ENC_NA);
 180
 181   objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
 182   while (objlength)
 183   {
 184     ptvcursor_add(cursor, hf_omapi_obj_name_len, 2, ENC_BIG_ENDIAN);
 185     ptvcursor_add(cursor, hf_omapi_obj_name, objlength, ENC_ASCII);
 186     objlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
 187     ptvcursor_add(cursor, hf_omapi_obj_value_len, 4, ENC_BIG_ENDIAN);
 188
 189     if (objlength == 0)
 190     {
 191       proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
 192     }
 193     else if (objlength == (uint32_t)~0)
 194     {
 195       proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
 196     }
 197     else
 198     {
 199       ptvcursor_add(cursor, hf_omapi_obj_value, objlength, ENC_NA);
 200     }
 201
 202     objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
 203   }
 204
 205   ptvcursor_add(cursor, hf_omapi_object_end_tag, 2, ENC_NA);
 206
 207   if (authlength > 0) {
 208     ptvcursor_add(cursor, hf_omapi_signature, authlength, ENC_NA);
 209   }
 210
 211   ptvcursor_free(cursor);
 212   return tvb_captured_length(tvb);
 213 }
 214
 215 void
 216 proto_register_omapi(void)
 217 {
 218   static hf_register_info hf[] = {
 219     { &hf_omapi_version,
 220       { "Version", "omapi.version",
 221         FT_UINT32, BASE_DEC, NULL, 0x0,
 222         NULL, HFILL }},
 223     { &hf_omapi_hlength,
 224       { "Header length", "omapi.hlength",
 225         FT_UINT32, BASE_DEC, NULL, 0x0,
 226         NULL, HFILL }},
 227     { &hf_omapi_auth_id,
 228       { "Authentication ID", "omapi.authid",
 229         FT_UINT32, BASE_DEC, NULL, 0x0,
 230         NULL, HFILL }},
 231     { &hf_omapi_auth_len,
 232       { "Authentication length", "omapi.authlength",
 233         FT_UINT32, BASE_DEC, NULL, 0x0,
 234         NULL, HFILL }},
 235     { &hf_omapi_opcode,
 236       { "Opcode", "omapi.opcode",
 237         FT_UINT32, BASE_DEC, VALS(omapi_opcode_vals), 0x0,
 238         NULL, HFILL }},
 239     { &hf_omapi_handle,
 240       { "Handle", "omapi.handle",
 241         FT_UINT32, BASE_DEC, NULL, 0x0,
 242         NULL, HFILL }},
 243     { &hf_omapi_id,
 244       { "ID", "omapi.id",
 245         FT_UINT32, BASE_DEC, NULL, 0x0,
 246         NULL, HFILL }},
 247     { &hf_omapi_rid,
 248       { "Response ID", "omapi.rid",
 249         FT_UINT32, BASE_DEC, NULL, 0x0,
 250         NULL, HFILL }},
 251     { &hf_omapi_msg_name_len,
 252       { "Message name length", "omapi.msg_name_length",
 253         FT_UINT16, BASE_DEC, NULL, 0x0,
 254         NULL, HFILL }},
 255     { &hf_omapi_msg_name,
 256       { "Message name", "omapi.msg_name",
 257         FT_STRING, BASE_NONE, NULL, 0x0,
 258         NULL, HFILL }},
 259     { &hf_omapi_msg_value_len,
 260       { "Message value length", "omapi.msg_value_length",
 261         FT_UINT32, BASE_DEC, NULL, 0x0,
 262         NULL, HFILL }},
 263     { &hf_omapi_msg_value,
 264       { "Message value", "omapi.msg_value",
 265         FT_STRING, BASE_NONE, NULL, 0x0,
 266         NULL, HFILL }},
 267     { &hf_omapi_obj_name_len,
 268       { "Object name length", "omapi.obj_name_length",
 269         FT_UINT16, BASE_DEC, NULL, 0x0,
 270         NULL, HFILL }},
 271     { &hf_omapi_obj_name,
 272       { "Object name", "omapi.obj_name",
 273         FT_STRING, BASE_NONE, NULL, 0x0,
 274         NULL, HFILL }},
 275     { &hf_omapi_obj_value_len,
 276       { "Object value length", "omapi.object_value_length",
 277         FT_UINT32, BASE_DEC, NULL, 0x0,
 278         NULL, HFILL }},
 279     { &hf_omapi_obj_value,
 280       { "Object value", "omapi.obj_value",
 281         FT_BYTES, BASE_NONE, NULL, 0x0,
 282         NULL, HFILL }},
 283     { &hf_omapi_signature,
 284       { "Signature", "omapi.signature",
 285         FT_BYTES, BASE_NONE, NULL, 0x0,
 286         NULL, HFILL }},
 287
 288       /* Generated from convert_proto_tree_add_text.pl */
 289       { &hf_omapi_empty_string, { "Empty string", "omapi.empty_string", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 290       { &hf_omapi_no_value, { "No value", "omapi.no_value", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 291       { &hf_omapi_message_end_tag, { "Message end tag", "omapi.message_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 292       { &hf_omapi_object_end_tag, { "Object end tag", "omapi.object_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
 293
 294   };
 295
 296   static int *ett[] = {
 297     &ett_omapi
 298   };
 299
 300   proto_omapi = proto_register_protocol("ISC Object Management API", "OMAPI", "omapi");
 301   proto_register_field_array(proto_omapi, hf, array_length(hf));
 302   proto_register_subtree_array(ett, array_length(ett));
 303
 304   omapi_handle = register_dissector("omapi", dissect_omapi, proto_omapi);
 305 }
 306
 307 void
 308 proto_reg_handoff_omapi(void)
 309 {
 310   dissector_add_uint_with_preference("tcp.port", OMAPI_PORT, omapi_handle);
 311 }
 312
 313 /*
 314  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 315  *
 316  * Local Variables:
 317  * c-basic-offset: 2
 318  * tab-width: 8
 319  * indent-tabs-mode: nil
 320  * End:
 321  *
 322  * ex: set shiftwidth=2 tabstop=8 expandtab:
 323  * :indentSize=2:tabSize=8:noTabs=true:
 324  */