epan/dissectors/packet-pmproxy.c

   1 /* packet-pmproxy.c
   2  *
   3  * Routines for dissecting Performance Co-Pilot Proxy
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11 #include "config.h"
  12
  13 #include <epan/packet.h>
  14 #include <epan/conversation.h>
  15 #include <epan/strutil.h>
  16
  17 #define PMPROXY_PORT 44322
  18 /* length of "pmproxy-server 1\n" and also "pmproxy-client 1\n" */
  19 #define PMPROXY_CLIENT_SERVER_VERSION_LENGTH 17
  20 #define PMPROXY_START_OF_PACKET 0
  21 #define PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH 1
  22
  23 static dissector_handle_t pmproxy_handle;
  24 static dissector_handle_t pcp_handle;
  25
  26 static int proto_pmproxy;
  27
  28 static int hf_pmproxy_host;
  29 static int hf_pmproxy_port;
  30 static int hf_pmproxy_client_version;
  31 static int hf_pmproxy_server_version;
  32
  33 static int ett_pmproxy;
  34
  35 typedef struct pmproxy_conversation_info_t {
  36     uint32_t last_proxy_frame;
  37 } pmproxy_conversation_info_t;
  38
  39 void proto_register_pmproxy(void);
  40 void proto_reg_handoff_pmproxy(void);
  41
  42 static int is_ascii(const unsigned char *data, int size)
  43 {
  44     const unsigned char *str = data;
  45     const unsigned char *end = str + size;
  46     for (; str != end; str++) {
  47         if (*str & 0x80)
  48             return false;
  49     }
  50     return true;
  51 }
  52
  53 static int looks_like_proxy_exchange(tvbuff_t *tvb) {
  54     int packet_length;
  55     const unsigned char *packet_data;
  56
  57     packet_length = tvb_ensure_captured_length_remaining(tvb, PMPROXY_START_OF_PACKET);
  58     packet_data = tvb_get_ptr(tvb, PMPROXY_START_OF_PACKET, packet_length);
  59
  60     /* A proxy exchange packet only contains ascii characters (eg "localhost 44321") and terminated with \n */
  61     return is_ascii(packet_data, packet_length) && packet_data[packet_length-1] == '\n';
  62 }
  63
  64 static int dissect_proxy_to_host(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
  65     int offset = 0;
  66     int next_offset;
  67     int proxy_to_length;
  68     char *pmproxy_host_and_port_string;
  69     char **host_and_port;
  70     char *host;
  71     char *port;
  72
  73     col_set_str(pinfo->cinfo, COL_INFO, "Proxy");
  74
  75     proxy_to_length = tvb_find_line_end(tvb, offset, tvb_ensure_captured_length_remaining(tvb, offset), &next_offset, false);
  76     if(proxy_to_length != -1) {
  77         pmproxy_host_and_port_string = (char *) tvb_get_string_enc(pinfo->pool, tvb, offset, proxy_to_length, ENC_ASCII);
  78         host_and_port = wmem_strsplit(pinfo->pool, pmproxy_host_and_port_string, " ", -1);
  79         if(host_and_port != NULL) {
  80             host = host_and_port[0];
  81             if (host) {
  82                 proto_tree_add_string(tree, hf_pmproxy_host, tvb, offset, (uint32_t)strlen(host), host);
  83                 offset += (int)strlen(host) + PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH;
  84                 port = host_and_port[1];
  85                 if (port) {
  86                     proto_tree_add_string(tree, hf_pmproxy_port, tvb, offset, (uint32_t)strlen(port), port);
  87                 }
  88             } else {
  89                 port = NULL;
  90             }
  91             col_append_fstr(pinfo->cinfo, COL_INFO, " Host=%s, Port=%s", host ? host : "", port ? port : "");
  92         }
  93     }
  94     return proxy_to_length;
  95
  96 }
  97
  98 static int is_banner_exchange_for(const char *type, tvbuff_t *tvb, packet_info *pinfo) {
  99     char *pmproxy_exchange_string;
 100
 101     /* Exchange packets have to be this length */
 102     if(tvb_ensure_captured_length_remaining(tvb, PMPROXY_START_OF_PACKET) != PMPROXY_CLIENT_SERVER_VERSION_LENGTH) {
 103         return 0;
 104     }
 105
 106     pmproxy_exchange_string = (char *) tvb_get_string_enc(pinfo->pool, tvb, PMPROXY_START_OF_PACKET,
 107                                                            PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII);
 108     return g_strcmp0(pmproxy_exchange_string, wmem_strdup_printf(pinfo->pool, "pmproxy-%s 1\n", type)) == 0;
 109 }
 110
 111 static int is_server_exchange(tvbuff_t *tvb, packet_info *pinfo) {
 112     return is_banner_exchange_for("server", tvb, pinfo);
 113 }
 114
 115 static int is_client_exchange(tvbuff_t *tvb, packet_info *pinfo) {
 116     return is_banner_exchange_for("client", tvb, pinfo);
 117 }
 118
 119 static int dissect_server_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pmproxy_tree) {
 120     int offset = PMPROXY_START_OF_PACKET;
 121     col_set_str(pinfo->cinfo, COL_INFO, "Server exchange");
 122     proto_tree_add_item(pmproxy_tree, hf_pmproxy_server_version, tvb, offset, PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII);
 123     offset += PMPROXY_CLIENT_SERVER_VERSION_LENGTH;
 124     return offset;
 125 }
 126
 127 static int dissect_client_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pmproxy_tree) {
 128     int offset = PMPROXY_START_OF_PACKET;
 129     col_set_str(pinfo->cinfo, COL_INFO, "Client exchange");
 130     proto_tree_add_item(pmproxy_tree, hf_pmproxy_client_version, tvb, offset, PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII);
 131     offset += PMPROXY_CLIENT_SERVER_VERSION_LENGTH;
 132     return offset;
 133 }
 134
 135 static void mark_pmproxy_exchange_complete(packet_info *pinfo) {
 136     conversation_t *conversation;
 137     pmproxy_conversation_info_t *pmproxy_conversation;
 138
 139     conversation = find_or_create_conversation(pinfo);
 140     pmproxy_conversation = (pmproxy_conversation_info_t *)conversation_get_proto_data(conversation, proto_pmproxy);
 141
 142     if(pmproxy_conversation == NULL) {
 143         pmproxy_conversation = wmem_new(wmem_file_scope(), pmproxy_conversation_info_t);
 144     }
 145     pmproxy_conversation->last_proxy_frame = pinfo->num;
 146     conversation_add_proto_data(conversation, proto_pmproxy, pmproxy_conversation);
 147 }
 148
 149 static int is_pmproxy_exchange_complete(packet_info *pinfo) {
 150     conversation_t *conversation;
 151     pmproxy_conversation_info_t *pmproxy_conversation;
 152
 153     conversation = find_or_create_conversation(pinfo);
 154     pmproxy_conversation = (pmproxy_conversation_info_t *)conversation_get_proto_data(conversation, proto_pmproxy);
 155
 156     if(pmproxy_conversation == NULL) {
 157         return false;
 158     }
 159
 160     return pinfo->num >= pmproxy_conversation->last_proxy_frame;
 161 }
 162
 163 static int dissect_through_pcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
 164     pinfo->can_desegment = pinfo->saved_can_desegment;
 165     return call_dissector(pcp_handle, tvb, pinfo, tree);
 166 }
 167
 168 static int dissect_pmproxy_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
 169     proto_item *root_pmproxy_item;
 170     proto_tree *pmproxy_tree;
 171
 172     root_pmproxy_item = proto_tree_add_item(tree, proto_pmproxy, tvb, 0, -1, ENC_NA);
 173     pmproxy_tree = proto_item_add_subtree(root_pmproxy_item, ett_pmproxy);
 174
 175     if (is_server_exchange(tvb, pinfo)) {
 176         return dissect_server_exchange(tvb, pinfo, pmproxy_tree);
 177     } else if (is_client_exchange(tvb, pinfo)) {
 178         return dissect_client_exchange(tvb, pinfo, pmproxy_tree);
 179     } else if (looks_like_proxy_exchange(tvb)) {
 180         return dissect_proxy_to_host(tvb, pinfo, pmproxy_tree);
 181     } else {
 182         /* If its none of these, it is going to be vanilla PCP traffic */
 183         mark_pmproxy_exchange_complete(pinfo);
 184     }
 185     return tvb_reported_length_remaining(tvb, 0);
 186 }
 187
 188 static int dissect_pmproxy(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
 189
 190     col_set_str(pinfo->cinfo, COL_PROTOCOL, "PMPROXY");
 191     col_clear(pinfo->cinfo, COL_INFO);
 192
 193     if(is_pmproxy_exchange_complete(pinfo)) {
 194         return dissect_through_pcp(tvb, pinfo, tree);
 195     }
 196     else {
 197         return dissect_pmproxy_exchange(tvb, pinfo, tree);
 198     }
 199 }
 200
 201 void proto_register_pmproxy(void) {
 202
 203     static hf_register_info hf[] = {
 204         { &hf_pmproxy_host,
 205           { "Host", "pmproxy.host",
 206             FT_STRING, BASE_NONE,
 207             NULL, 0x0,
 208             NULL, HFILL
 209           }
 210         },
 211         { &hf_pmproxy_port,
 212           { "Port", "pmproxy.port",
 213             FT_STRING, BASE_NONE,
 214             NULL, 0x0,
 215             NULL, HFILL
 216           }
 217         },
 218         { &hf_pmproxy_client_version,
 219           { "Client Version", "pmproxy.client_version",
 220             FT_STRING, BASE_NONE,
 221             NULL, 0x0,
 222             NULL, HFILL
 223           }
 224         },
 225         { &hf_pmproxy_server_version,
 226           { "Server Version", "pmproxy.server_version",
 227             FT_STRING, BASE_NONE,
 228             NULL, 0x0,
 229            NULL, HFILL
 230           }
 231         },
 232     };
 233
 234     static int *ett[] = {
 235             &ett_pmproxy,
 236     };
 237
 238     proto_pmproxy = proto_register_protocol("Performance Co-Pilot Proxy", "PMPROXY", "pmproxy");
 239
 240     proto_register_field_array(proto_pmproxy, hf, array_length(hf));
 241     proto_register_subtree_array(ett, array_length(ett));
 242
 243     pmproxy_handle = register_dissector("pmproxy", dissect_pmproxy, proto_pmproxy);
 244 }
 245
 246
 247 void proto_reg_handoff_pmproxy(void) {
 248
 249     pcp_handle = find_dissector_add_dependency("pcp", proto_pmproxy);
 250
 251     dissector_add_uint_with_preference("tcp.port", PMPROXY_PORT, pmproxy_handle);
 252
 253 }
 254
 255 /*
 256  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 257  *
 258  * Local variables:
 259  * c-basic-offset: 4
 260  * tab-width: 8
 261  * indent-tabs-mode: nil
 262  * End:
 263  *
 264  * vi: set shiftwidth=4 tabstop=8 expandtab:
 265  * :indentSize=4:tabSize=8:noTabs=true:
 266  */