search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags
[wireshark-sm.git] / epan / dissectors / packet-banana.c
blob5bbd9b7ff3ffb8e87b7b1d83d0da099a9d0d1acb
1 /* packet-bananna.c
2 * Routines for the Twisted Banana serialization protocol dissection
3 * Copyright 2009, Gerald Combs <gerald@wireshark.org>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /*
13 * Based on "Banana Protocol Specifications"
14 * https://twisted.org/documents/16.1.1/core/specifications/banana.html
15 */
16
17 #include "config.h"
18
19 #include <epan/packet.h>
20 #include <epan/expert.h>
21
22 void proto_register_banana(void);
23 void proto_reg_handoff_banana(void);
24
25 /* Initialize the protocol and registered fields */
26 static int proto_banana;
27 static int hf_banana_list;
28 static int hf_banana_int;
29 static int hf_banana_string;
30 static int hf_banana_neg_int;
31 static int hf_banana_float;
32 static int hf_banana_lg_int;
33 static int hf_banana_lg_neg_int;
34 static int hf_banana_pb;
35
36 /* Initialize the subtree pointers */
37 static int ett_banana;
38 static int ett_list;
39
40 static expert_field ei_banana_unknown_type;
41 static expert_field ei_banana_too_many_value_bytes;
42 static expert_field ei_banana_length_too_long;
43 static expert_field ei_banana_value_too_large;
44 static expert_field ei_banana_pb_error;
45
46 static dissector_handle_t banana_handle;
47
48 #define BE_LIST 0x80
49 #define BE_INT 0x81
50 #define BE_STRING 0x82
51 #define BE_NEG_INT 0x83
52 #define BE_FLOAT 0x84
53 #define BE_LG_INT 0x85
54 #define BE_LG_NEG_INT 0x86
55 #define BE_PB 0x87
56
57 #define is_element(b) (b >= BE_LIST && b <= BE_PB)
58
59 static const value_string type_vals[] = {
60 { BE_LIST, "List" },
61 { BE_INT, "Integer" },
62 { BE_STRING, "String" },
63 { BE_NEG_INT, "Negative Integer" },
64 { BE_FLOAT, "Float" },
65 { BE_LG_INT, "Large Integer" },
66 { BE_LG_NEG_INT, "Large Negative Integer" },
67 { BE_PB, "pb Profile"},
68 { 0, NULL }
69 };
70
71 static const value_string pb_vals[] = {
72 { 0x01, "None" },
73 { 0x02, "class" },
74 { 0x03, "dereference" },
75 { 0x04, "reference" },
76 { 0x05, "dictionary" },
77 { 0x06, "function" },
78 { 0x07, "instance" },
79 { 0x08, "list" },
80 { 0x09, "module" },
81 { 0x0a, "persistent" },
82 { 0x0b, "tuple" },
83 { 0x0c, "unpersistable" },
84 { 0x0d, "copy" },
85 { 0x0e, "cache" },
86 { 0x0f, "cached" },
87 { 0x10, "remote" },
88 { 0x11, "local" },
89 { 0x12, "lcache" },
90 { 0x13, "version" },
91 { 0x14, "login" },
92 { 0x15, "password" },
93 { 0x16, "challenge" },
94 { 0x17, "logged_in" },
95 { 0x18, "not_logged_in" },
96 { 0x19, "cachemessage" },
97 { 0x1a, "message" },
98 { 0x1b, "answer" },
99 { 0x1c, "error" },
100 { 0x1d, "decref" },
101 { 0x1e, "decache" },
102 { 0x1f, "uncache" },
103 { 0, NULL }
104 };
105
106 #define MAX_ELEMENT_VAL 2147483647 /* Max TE value */
107 #define MAX_ELEMENT_INT_LEN 4
108 #define MAX_ELEMENT_VAL_LEN 8
109
110 /* Dissect the packets */
111
112 static int
113 // NOLINTNEXTLINE(misc-no-recursion)
114 dissect_banana_element(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
115 proto_item *ti;
116 proto_tree *list_tree;
117 uint8_t byte = 0;
118 int64_t val = 0;
119 int val_len = 0;
120 int start_offset = offset;
121 int old_offset;
122 int i;
123
124 /* Accumulate our value/length 'til we hit a valid type */
125 while (tvb_reported_length_remaining(tvb, offset) > 0) {
126 byte = tvb_get_uint8(tvb, offset);
127 offset++;
128
129 if (byte & 0x80) {
130 if (is_element(byte)) {
131 break;
132 } else {
133 expert_add_info_format(pinfo, NULL, &ei_banana_unknown_type, "Unknown type %u", byte);
134 }
135 } else {
136 val_len++;
137 if (val_len > MAX_ELEMENT_VAL_LEN) {
138 expert_add_info(pinfo, NULL, &ei_banana_too_many_value_bytes);
139 }
140 val += byte + (val << 7);
141 }
142 }
143
144 /* Type */
145 switch (byte) {
146 case BE_LIST:
147 if (val > MAX_ELEMENT_VAL) {
148 expert_add_info_format(pinfo, NULL, &ei_banana_length_too_long, "List length %" PRId64 " longer than we can handle", val);
149 }
150 ti = proto_tree_add_uint_format_value(tree, hf_banana_list, tvb, start_offset, offset - start_offset - 1, (uint32_t) val, "(%d items)", (int) val);
151 list_tree = proto_item_add_subtree(ti, ett_list);
152 for (i = 0; i < val; i++) {
153 old_offset = offset;
154 increment_dissection_depth(pinfo);
155 offset += dissect_banana_element(tvb, pinfo, list_tree, offset);
156 decrement_dissection_depth(pinfo);
157 if (offset <= old_offset) {
158 return offset - start_offset;
159 }
160 }
161 break;
162 case BE_INT:
163 if (val > MAX_ELEMENT_VAL) {
164 expert_add_info_format(pinfo, NULL, &ei_banana_value_too_large, "Integer value %" PRId64 " too large", val);
165 }
166 proto_tree_add_uint(tree, hf_banana_int, tvb, start_offset, offset - start_offset, (uint32_t) val);
167 break;
168 case BE_STRING:
169 if (val > MAX_ELEMENT_VAL) {
170 expert_add_info_format(pinfo, NULL, &ei_banana_length_too_long, "String length %" PRId64 " longer than we can handle", val);
171 }
172 proto_tree_add_item(tree, hf_banana_string, tvb, offset, (uint32_t) val, ENC_ASCII);
173 offset += (int) val;
174 break;
175 case BE_NEG_INT:
176 if (val > MAX_ELEMENT_VAL) {
177 expert_add_info_format(pinfo, NULL, &ei_banana_value_too_large, "Integer value -%" PRId64 " too large", val);
178 }
179 proto_tree_add_int(tree, hf_banana_neg_int, tvb, start_offset, offset - start_offset, (int32_t) val * -1);
180 break;
181 case BE_FLOAT:
182 proto_tree_add_item(tree, hf_banana_float, tvb, offset, 8, ENC_BIG_ENDIAN);
183 offset += 8;
184 break;
185 case BE_LG_INT:
186 proto_tree_add_item(tree, hf_banana_lg_int, tvb, start_offset, offset - start_offset, ENC_NA);
187 break;
188 case BE_LG_NEG_INT:
189 proto_tree_add_item(tree, hf_banana_lg_neg_int, tvb, start_offset, offset - start_offset, ENC_NA);
190 break;
191 case BE_PB:
192 if (val_len > 1) {
193 expert_add_info(pinfo, NULL, &ei_banana_pb_error);
194 }
195 /*
196 * The spec says the pb dictionary value comes after the tag.
197 * In real-world captures it comes before.
198 */
199 proto_tree_add_item(tree, hf_banana_pb, tvb, offset - 2, 1, ENC_BIG_ENDIAN);
200 break;
201 default:
202 return 0;
203 }
204 return offset - start_offset;
205 }
206
207 static int
208 dissect_banana(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) {
209 uint8_t byte = 0;
210 int offset = 0, old_offset;
211 proto_item *ti;
212 proto_tree *banana_tree;
213
214 /* Check that there's enough data */
215 if (tvb_reported_length(tvb) < 2)
216 return 0;
217
218 /* Fill in our protocol and info columns */
219 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Banana");
220
221 while (tvb_reported_length_remaining(tvb, offset) > 0 && offset < MAX_ELEMENT_VAL_LEN) {
222 byte = tvb_get_uint8(tvb, offset);
223 if (is_element(byte))
224 break;
225 offset++;
226 }
227 col_add_fstr(pinfo->cinfo, COL_INFO, "First element: %s",
228 val_to_str(byte, type_vals, "Unknown type: %u"));
229
230 /* Create display subtree for the protocol */
231 ti = proto_tree_add_item(tree, proto_banana, tvb, 0, -1, ENC_NA);
232 banana_tree = proto_item_add_subtree(ti, ett_banana);
233
234 offset = 0;
235 old_offset = -1;
236 while (offset > old_offset) {
237 old_offset = offset;
238 offset += dissect_banana_element(tvb, pinfo, banana_tree, offset);
239 }
240
241 /* Return the amount of data this dissector was able to dissect */
242 return tvb_reported_length(tvb);
243 }
244
245 /* Register the protocol with Wireshark */
246
247 void
248 proto_register_banana(void)
249 {
250 static hf_register_info hf[] = {
251 { &hf_banana_list,
252 { "List Length", "banana.list",
253 FT_UINT32, BASE_DEC, NULL, 0,
254 "Banana list", HFILL }
255 },
256 { &hf_banana_int,
257 { "Integer", "banana.int",
258 FT_UINT32, BASE_DEC, NULL, 0,
259 "Banana integer", HFILL }
260 },
261 { &hf_banana_string,
262 { "String", "banana.string",
263 FT_STRING, BASE_NONE, NULL, 0,
264 "Banana string", HFILL }
265 },
266 { &hf_banana_neg_int,
267 { "Negative Integer", "banana.neg_int",
268 FT_INT32, BASE_DEC, NULL, 0,
269 "Banana negative integer", HFILL }
270 },
271 { &hf_banana_float,
272 { "Float", "banana.float",
273 FT_DOUBLE, BASE_NONE, NULL, 0,
274 "Banana float", HFILL }
275 },
276 { &hf_banana_lg_int,
277 { "Float", "banana.lg_int",
278 FT_BYTES, BASE_NONE, NULL, 0,
279 "Banana large integer", HFILL }
280 },
281 { &hf_banana_lg_neg_int,
282 { "Float", "banana.lg_neg_int",
283 FT_BYTES, BASE_NONE, NULL, 0,
284 "Banana large negative integer", HFILL }
285 },
286 { &hf_banana_pb,
287 { "pb Profile Value", "banana.pb",
288 FT_UINT8, BASE_HEX, VALS(pb_vals), 0,
289 "Banana Perspective Broker Profile Value", HFILL }
290 }
291 };
292
293 expert_module_t* expert_banana;
294
295 /* Setup protocol subtree array */
296 static int *ett[] = {
297 &ett_banana,
298 &ett_list
299 };
300
301 static ei_register_info ei[] = {
302 { &ei_banana_unknown_type, { "banana.unknown_type", PI_UNDECODED, PI_ERROR, "Unknown type", EXPFILL }},
303 { &ei_banana_too_many_value_bytes, { "banana.too_many_value_bytes", PI_UNDECODED, PI_ERROR, "Too many value/length bytes", EXPFILL }},
304 { &ei_banana_length_too_long, { "banana.length_too_long", PI_UNDECODED, PI_ERROR, "Length too long", EXPFILL }},
305 { &ei_banana_value_too_large, { "banana.value_too_large", PI_MALFORMED, PI_ERROR, "Value too large", EXPFILL }},
306 { &ei_banana_pb_error, { "banana.pb_error", PI_MALFORMED, PI_ERROR, "More than 1 byte before pb", EXPFILL }},
307 };
308
309 /* Register the protocol name and description */
310 proto_banana = proto_register_protocol("Twisted Banana", "Banana", "banana");
311
312 /* Required function calls to register the header fields and subtrees used */
313 proto_register_field_array(proto_banana, hf, array_length(hf));
314 proto_register_subtree_array(ett, array_length(ett));
315 expert_banana = expert_register_protocol(proto_banana);
316 expert_register_field_array(expert_banana, ei, array_length(ei));
317
318 banana_handle = register_dissector("banana", dissect_banana, proto_banana);
319 }
320
321 void
322 proto_reg_handoff_banana(void)
323 {
324 dissector_add_uint_range_with_preference("tcp.port", "", banana_handle);
325 }
326
327 /*
328 * Editor modelines - https://www.wireshark.org/tools/modelines.html
329 *
330 * Local variables:
331 * c-basic-offset: 4
332 * tab-width: 8
333 * indent-tabs-mode: nil
334 * End:
335 *
336 * ex: set shiftwidth=4 tabstop=8 expandtab:
337 * :indentSize=4:tabSize=8:noTabs=true:
338 */
339
340
Metzes wireshark repo