search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-sapni.c
bloba88c7a443277f3dcc78a06df0c09b79be36e7039
1 /* packet-sapni.c
2 * Routines for SAP NI (Network Interface) dissection
3 * Copyright 2022, Martin Gallo <martin.gallo [AT] gmail.com>
4 * Code contributed by SecureAuth Corp.
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 /*
14 * This is a simple dissector for the SAP NI protocol, mainly responsible for reassembly and calling the right registered dissector
15 * based on the port number.
16 *
17 * Some details and example requests can be found in pysap's documentation: https://pysap.readthedocs.io/en/latest/protocols/SAPNI.html.
18 */
19
20 #include <config.h>
21
22 #include <epan/packet.h>
23 #include <epan/prefs.h>
24 #include <epan/expert.h>
25 #include "packet-tcp.h"
26 #include <epan/next_tvb.h>
27 #include <epan/conversation.h>
28 #include <wsutil/wmem/wmem.h>
29
30 #include "packet-sapni.h"
31
32
33 /*
34 * Define default ports. The right range should be 32NN and 4NNNN, but as port numbers are proprietary and not
35 * IANA assigned, we leave only the ones corresponding to the instance 00.
36 */
37 #define SAP_PROTOCOL_PORT_RANGE "3200,40000"
38
39 /*
40 * Length of the frame header
41 */
42 #define SAP_PROTOCOL_HEADER_LEN 4
43
44 static int proto_sap_protocol;
45
46 static int hf_sap_protocol_length;
47 static int hf_sap_protocol_payload;
48
49 static int hf_sap_protocol_ping;
50 static int hf_sap_protocol_pong;
51
52 static int ett_sap_protocol;
53
54 /* Expert info */
55 static expert_field ei_sap_invalid_length;
56
57 /* Global port preference */
58 static range_t *global_sap_protocol_port_range;
59
60 /* Global reassemble preference */
61 static bool global_sap_protocol_desegment = true;
62
63 /* Protocol handle */
64 static dissector_handle_t sap_protocol_handle;
65 static dissector_handle_t sap_router_handle;
66
67 /* Sub-dissectors table */
68 static dissector_table_t sub_dissectors_table;
69 static heur_dissector_list_t heur_subdissector_list;
70
71 /*
72 *
73 */
74 void proto_reg_handoff_sap_protocol(void);
75 void proto_register_sap_protocol(void);
76
77
78 /*
79 * Get the SAPNI pdu length
80 */
81 static unsigned
82 get_sap_protocol_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_, void *dissector_data _U_)
83 {
84 return ((unsigned)tvb_get_ntohl(tvb, 0) + 4);
85 }
86
87
88 /*
89 * Dissect the payload of a packet using a registered SAP protocol. It uses
90 * heuristics as a first try as some protocols uses the same TCP ports
91 * (e.g. 3200/tcp for Enqueue Server and Diag).
92 */
93 void
94 dissect_sap_protocol_payload(tvbuff_t *tvb, uint32_t offset, packet_info *pinfo, proto_tree *tree, uint16_t sport, uint16_t dport){
95 uint16_t low_port = 0, high_port = 0;
96 tvbuff_t *next_tvb = NULL;
97 heur_dtbl_entry_t *hdtbl_entry = NULL;
98
99 /* Set the new tvb for further dissection of the payload */
100 next_tvb = tvb_new_subset_remaining(tvb, offset);
101
102 /* Determine if this packet is part of a conversation and call dissector
103 * for the conversation if available.
104 */
105 if (try_conversation_dissector(&pinfo->dst, &pinfo->src, CONVERSATION_TCP,
106 dport, sport, next_tvb, pinfo, tree, NULL, 0)) {
107 return;
108 }
109
110 /* Try with the heuristic dissectors first */
111 /* TODO: When the protocol is guessed via heuristic dissector (Enqueue
112 * Server), the NI Protocol tree is missed. */
113 if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
114 return;
115 }
116
117 /* Call the dissector in the subdissectors table according to the port number */
118 if (sport > dport) {
119 low_port = dport; high_port = sport;
120 } else {
121 low_port = sport; high_port = dport;
122 }
123 if ((low_port != 0 && dissector_try_uint(sub_dissectors_table, low_port, next_tvb, pinfo, tree)) ||
124 (high_port != 0 && dissector_try_uint(sub_dissectors_table, high_port, next_tvb, pinfo, tree))){
125 return;
126 }
127 }
128
129
130 /*
131 * Dissect a SAPNI packet, adding the length field to the protocol tree and
132 * calling the sub-dissector according to the port number. It also identifies
133 * PING/PONG packets at the SAPNI layer.
134 */
135 static int
136 dissect_sap_protocol_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
137 {
138 uint32_t length = 0;
139 proto_item *ti = NULL, *sap_protocol_length = NULL;
140 proto_tree *sap_protocol_tree = NULL;
141 conversation_t *conversation = NULL;
142 tvbuff_t *next_tvb = NULL;
143
144 /* Add the protocol to the column */
145 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAPNI");
146 /* Clear out stuff in the info column */
147 col_clear(pinfo->cinfo,COL_INFO);
148
149 /* Get the length field */
150 length = tvb_get_ntohl(tvb, 0);
151
152 /* Add the payload length to the info column */
153 col_add_fstr(pinfo->cinfo, COL_INFO, "Length=%d ", length);
154
155 /* Add the main SAP Protocol subtree */
156 ti = proto_tree_add_item(tree, proto_sap_protocol, tvb, 0, -1, ENC_NA);
157 sap_protocol_tree = proto_item_add_subtree(ti, ett_sap_protocol);
158
159 /* Add the length item */
160 proto_item_append_text(ti, ", Len: %u", length);
161 sap_protocol_length = proto_tree_add_item(sap_protocol_tree, hf_sap_protocol_length, tvb, 0, 4, ENC_BIG_ENDIAN);
162
163 /* Add expert info in case of no match between the given length and the actual one */
164 if (tvb_reported_length(tvb) != length + 4) {
165 expert_add_info(pinfo, sap_protocol_length, &ei_sap_invalid_length);
166 }
167
168 /* Add the payload subtree */
169 if (length > 0){
170 proto_tree_add_item(sap_protocol_tree, hf_sap_protocol_payload, tvb, 4, -1, ENC_NA);
171 }
172
173 /* Check for NI_PING */
174 if ((length == 8)&&(tvb_strneql(tvb, 4, "NI_PING\00", 8) == 0)){
175 col_set_str(pinfo->cinfo, COL_INFO, "Ping message");
176
177 proto_item_append_text(ti, ", Ping message (keep-alive request)");
178 proto_tree_add_item(sap_protocol_tree, hf_sap_protocol_ping, tvb, 4, -1, ENC_NA);
179
180 /* Chek for NI_PONG */
181 } else if ((length == 8)&&(tvb_strneql(tvb, 4, "NI_PONG\00", 8) == 0)){
182 col_set_str(pinfo->cinfo, COL_INFO, "Pong message");
183 proto_item_append_text(ti, ", Pong message");
184
185 /* We need to check if this is a keep-alive response, or it's part of
186 * a SAP Router conversation and thus a route accepted message.
187 */
188 conversation = find_conversation_pinfo(pinfo, 0);
189 if (conversation == NULL){
190 col_append_str(pinfo->cinfo, COL_INFO, " (keep-alive response)");
191 proto_item_append_text(ti, " (keep-alive response)");
192 proto_tree_add_item(sap_protocol_tree, hf_sap_protocol_pong, tvb, 4, -1, ENC_NA);
193
194 } else {
195 col_append_str(pinfo->cinfo, COL_INFO, " (route accepted)");
196 proto_item_append_text(ti, " (route accepted)");
197
198 /* Call the SAP Router dissector */
199 if (sap_router_handle){
200 /* Create a new tvb buffer and call the dissector */
201 next_tvb = tvb_new_subset_remaining(tvb, 4);
202 call_dissector_only(sap_router_handle, next_tvb, pinfo, tree, NULL);
203 }
204 }
205
206 /* Dissect the payload */
207 } else if (length > 0){
208 dissect_sap_protocol_payload(tvb, 4, pinfo, tree, pinfo->srcport, pinfo->destport);
209 }
210
211 /* TODO: We need to return the *actual* length processed */
212 return (length);
213 }
214
215 /*
216 * Performs the TCP reassembling and dissects the packet.
217 */
218 static int
219 dissect_sap_protocol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
220 {
221 tcp_dissect_pdus(tvb, pinfo, tree, global_sap_protocol_desegment, SAP_PROTOCOL_HEADER_LEN,
222 get_sap_protocol_pdu_len, dissect_sap_protocol_message, data);
223 return tvb_reported_length(tvb);
224 }
225
226 void
227 proto_register_sap_protocol(void)
228 {
229 static hf_register_info hf[] = {
230 { &hf_sap_protocol_length,
231 { "Length", "sapni.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
232 { &hf_sap_protocol_payload,
233 { "Payload", "sapni.payload", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
234 { &hf_sap_protocol_ping,
235 { "Ping", "sapni.ping", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
236 { &hf_sap_protocol_pong,
237 { "Pong", "sapni.pong", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
238 };
239
240 /* Setup protocol subtree array */
241 static int *ett[] = {
242 &ett_sap_protocol
243 };
244
245 /* Register the expert info */
246 static ei_register_info ei[] = {
247 { &ei_sap_invalid_length, { "sapni.length.invalid", PI_MALFORMED, PI_WARN, "The reported length is incorrect", EXPFILL }},
248 };
249
250 module_t *sap_protocol_module;
251 expert_module_t* sap_protocol_expert;
252
253 /* Register the protocol */
254 proto_sap_protocol = proto_register_protocol("SAP NI Protocol", "SAPNI", "sapni");
255
256 proto_register_field_array(proto_sap_protocol, hf, array_length(hf));
257 proto_register_subtree_array(ett, array_length(ett));
258
259 sap_protocol_expert = expert_register_protocol(proto_sap_protocol);
260 expert_register_field_array(sap_protocol_expert, ei, array_length(ei));
261
262 register_dissector("sapni", dissect_sap_protocol, proto_sap_protocol);
263
264 /* Sub dissector code */
265 sub_dissectors_table = register_dissector_table("sapni.port", "SAP Protocol Port", proto_sap_protocol, FT_UINT16, BASE_DEC);
266 heur_subdissector_list = register_heur_dissector_list_with_description("sapni", "SAP NI payload", proto_sap_protocol);
267
268 /* Register the preferences */
269 sap_protocol_module = prefs_register_protocol(proto_sap_protocol, proto_reg_handoff_sap_protocol);
270
271 range_convert_str(wmem_epan_scope(), &global_sap_protocol_port_range, SAP_PROTOCOL_PORT_RANGE, MAX_TCP_PORT);
272 prefs_register_range_preference(sap_protocol_module, "tcp_ports", "SAP NI Protocol TCP port numbers", "Port numbers used for SAP NI Protocol (default " SAP_PROTOCOL_PORT_RANGE ")", &global_sap_protocol_port_range, MAX_TCP_PORT);
273
274 prefs_register_bool_preference(sap_protocol_module, "desegment", "Reassemble SAP NI Protocol messages spanning multiple TCP segments", "Whether the SAP NI Protocol dissector should reassemble messages spanning multiple TCP segments.", &global_sap_protocol_desegment);
275 }
276
277 /**
278 * Helpers for dealing with the port range
279 */
280 static void range_delete_callback (uint32_t port, void *ptr _U_)
281 {
282 dissector_delete_uint("tcp.port", port, sap_protocol_handle);
283 }
284
285 static void range_add_callback (uint32_t port, void *ptr _U_)
286 {
287 dissector_add_uint("tcp.port", port, sap_protocol_handle);
288 }
289
290 /**
291 * Register Hand off for the SAP NI Protocol
292 */
293 void
294 proto_reg_handoff_sap_protocol(void)
295 {
296 static range_t *sap_protocol_port_range;
297 static bool initialized = false;
298
299 if (!initialized) {
300 sap_protocol_handle = find_dissector("sapni");
301 initialized = true;
302 } else {
303 range_foreach(sap_protocol_port_range, range_delete_callback, NULL);
304 wmem_free(wmem_epan_scope(), sap_protocol_port_range);
305 }
306
307 sap_protocol_port_range = range_copy(wmem_epan_scope(), global_sap_protocol_port_range);
308 range_foreach(sap_protocol_port_range, range_add_callback, NULL);
309
310 sap_router_handle = find_dissector("saprouter");
311
312 }
313
314 /*
315 * Editor modelines - https://www.wireshark.org/tools/modelines.html
316 *
317 * Local variables:
318 * c-basic-offset: 8
319 * tab-width: 8
320 * indent-tabs-mode: t
321 * End:
322 *
323 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
324 * :indentSize=8:tabSize=8:noTabs=false:
325 */
Metzes wireshark repo