epan/dissectors/packet-paltalk.c

   1 /* packet-paltalk.c
   2  * Routines for Paltalk dissection
   3  * Copyright 2005, Tim Hentenaar < tim at hentenaar dot com >
   4  * Copyright 2008, Mohammad Ebrahim Mohammadi Panah < mebrahim at gmail dot com >
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * SPDX-License-Identifier: GPL-2.0-or-later
  11  */
  12
  13 #include "config.h"
  14
  15
  16 #include <epan/packet.h>
  17
  18 #include "packet-tcp.h"
  19
  20 void proto_register_paltalk(void);
  21 void proto_reg_handoff_paltalk(void);
  22
  23 #define INET_IPV4_ADDRESS_FROM_BYTES(a,b,c,d) g_htonl((((uint32_t)a)<<24) | ((b)<<16) | ((c)<<8) | (d)) /* *network* order */
  24
  25 #define PALTALK_SERVERS_ADDRESS INET_IPV4_ADDRESS_FROM_BYTES(199,106,0,0)      /* 199.106.0.0 in *network* order */
  26 #define PALTALK_SERVERS_NETMASK INET_IPV4_ADDRESS_FROM_BYTES(0xFF, 0xFE, 0x00, 0x00)  /* /15  in *network* order */
  27
  28 #define PALTALK_HEADER_LENGTH 6
  29
  30 static int proto_paltalk;
  31
  32 static int hf_paltalk_pdu_type;
  33 static int hf_paltalk_version;
  34 static int hf_paltalk_length;
  35 static int hf_paltalk_content;
  36
  37 static int ett_paltalk;
  38
  39 static unsigned
  40 dissect_paltalk_get_len(packet_info *pinfo _U_, tvbuff_t *tvb,
  41                         int offset, void *data _U_)
  42 {
  43     return tvb_get_ntohs(tvb, offset + 4) + PALTALK_HEADER_LENGTH;
  44 }
  45
  46 static int
  47 dissect_paltalk_desegmented(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
  48 {
  49     proto_item *ti = NULL;
  50     proto_tree *pt_tree = NULL;
  51
  52     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Paltalk");
  53     col_clear(pinfo->cinfo, COL_INFO);
  54
  55     if (tree)       /* we are being asked for details */
  56     {
  57         ti = proto_tree_add_item(tree, proto_paltalk, tvb, 0, -1, ENC_NA);
  58         pt_tree = proto_item_add_subtree(ti, ett_paltalk);
  59         proto_tree_add_item(pt_tree, hf_paltalk_pdu_type, tvb, 0, 2, ENC_BIG_ENDIAN);
  60         proto_tree_add_item(pt_tree, hf_paltalk_version, tvb, 2, 2, ENC_BIG_ENDIAN);
  61         proto_tree_add_item(pt_tree, hf_paltalk_length, tvb, 4, 2, ENC_BIG_ENDIAN);
  62         proto_tree_add_item(pt_tree, hf_paltalk_content, tvb, 6, tvb_get_ntohs(tvb, 4), ENC_NA);
  63     }
  64
  65     return tvb_captured_length(tvb);
  66 }
  67
  68 static bool
  69 dissect_paltalk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
  70 {
  71     uint32_t src32, dst32;
  72
  73     /* Detect if this TCP session is a Paltalk one */
  74     /* TODO: Optimize detection logic if possible */
  75
  76     if ((pinfo->net_src.type != AT_IPv4)
  77         || (pinfo->net_dst.type != AT_IPv4)
  78         || (pinfo->net_src.len != 4)
  79         || (pinfo->net_dst.len != 4)
  80         || !pinfo->net_src.data
  81         || !pinfo->net_dst.data)
  82         return false;
  83
  84     memcpy((uint8_t *)&src32, pinfo->net_src.data, 4); /* *Network* order */
  85     memcpy((uint8_t *)&dst32, pinfo->net_dst.data, 4); /* *Network* order */
  86
  87     if ( ((src32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS)
  88          &&
  89          ((dst32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS))
  90         return false;
  91
  92     /* Dissect result of desegmented TCP data */
  93     tcp_dissect_pdus(tvb, pinfo, tree, true, PALTALK_HEADER_LENGTH,
  94             dissect_paltalk_get_len, dissect_paltalk_desegmented, data);
  95     return true;
  96 }
  97
  98 void
  99 proto_register_paltalk(void)
 100 {
 101     static hf_register_info hf[] = {
 102         { &hf_paltalk_pdu_type, { "Packet Type", "paltalk.type",
 103                       FT_UINT16, BASE_HEX, NULL, 0x00, NULL, HFILL }},
 104         { &hf_paltalk_version,  { "Protocol Version", "paltalk.version",
 105                       FT_INT16, BASE_DEC, NULL, 0x00, NULL, HFILL }},
 106         { &hf_paltalk_length,   { "Payload Length", "paltalk.length",
 107                       FT_INT16, BASE_DEC, NULL, 0x00, NULL, HFILL }},
 108         { &hf_paltalk_content,  { "Payload Content", "paltalk.content",
 109                       FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }}
 110     };
 111
 112     static int *ett[] = { &ett_paltalk };
 113
 114     proto_paltalk = proto_register_protocol("Paltalk Messenger Protocol", "Paltalk", "paltalk");
 115     proto_register_field_array(proto_paltalk, hf, array_length(hf));
 116     proto_register_subtree_array(ett, array_length(ett));
 117 }
 118
 119 void
 120 proto_reg_handoff_paltalk(void)
 121 {
 122     heur_dissector_add("tcp", dissect_paltalk, "Paltalk over TCP", "paltalk_tcp", proto_paltalk, HEURISTIC_ENABLE);
 123 }
 124
 125 /*
 126  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 127  *
 128  * Local variables:
 129  * c-basic-offset: 4
 130  * tab-width: 8
 131  * indent-tabs-mode: nil
 132  * End:
 133  *
 134  * vi: set shiftwidth=4 tabstop=8 expandtab:
 135  * :indentSize=4:tabSize=8:noTabs=true:
 136  */