search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MSWSP: fix dissect_mswsp_smb()
[wireshark-wip.git] / epan / dissectors / packet-pop.c
blobf0b74a4033c02228b882e669de62a03e560373cc
1 /* packet-pop.c
2 * Routines for pop packet dissection
3 * RFC 1939
4 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 *
6 * $Id$
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * Copied from packet-tftp.c
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 */
28
29 #include "config.h"
30
31 #include <stdlib.h>
32
33 #include <string.h>
34 #include <glib.h>
35 #include <epan/packet.h>
36 #include <epan/strutil.h>
37 #include <epan/conversation.h>
38 #include <epan/prefs.h>
39 #include <epan/reassemble.h>
40 #include <epan/wmem/wmem.h>
41 #include "packet-ssl.h"
42
43 static int proto_pop = -1;
44
45 static int hf_pop_response = -1;
46 static int hf_pop_response_indicator = -1;
47 static int hf_pop_response_description = -1;
48 static int hf_pop_response_data = -1;
49
50 static int hf_pop_request = -1;
51 static int hf_pop_request_command = -1;
52 static int hf_pop_request_parameter = -1;
53 static int hf_pop_request_data = -1;
54
55 static int hf_pop_data_fragments = -1;
56 static int hf_pop_data_fragment = -1;
57 static int hf_pop_data_fragment_overlap = -1;
58 static int hf_pop_data_fragment_overlap_conflicts = -1;
59 static int hf_pop_data_fragment_multiple_tails = -1;
60 static int hf_pop_data_fragment_too_long_fragment = -1;
61 static int hf_pop_data_fragment_error = -1;
62 static int hf_pop_data_fragment_count = -1;
63 static int hf_pop_data_reassembled_in = -1;
64 static int hf_pop_data_reassembled_length = -1;
65
66 static gint ett_pop = -1;
67 static gint ett_pop_reqresp = -1;
68
69 static gint ett_pop_data_fragment = -1;
70 static gint ett_pop_data_fragments = -1;
71
72 static dissector_handle_t data_handle;
73 static dissector_handle_t imf_handle = NULL;
74 static dissector_handle_t ssl_handle = NULL;
75
76 #define TCP_PORT_POP 110
77 #define TCP_PORT_SSL_POP 995
78
79 /* desegmentation of POP command and response lines */
80 static gboolean pop_data_desegment = TRUE;
81
82 static reassembly_table pop_data_reassembly_table;
83
84 static const fragment_items pop_data_frag_items = {
85 /* Fragment subtrees */
86 &ett_pop_data_fragment,
87 &ett_pop_data_fragments,
88 /* Fragment fields */
89 &hf_pop_data_fragments,
90 &hf_pop_data_fragment,
91 &hf_pop_data_fragment_overlap,
92 &hf_pop_data_fragment_overlap_conflicts,
93 &hf_pop_data_fragment_multiple_tails,
94 &hf_pop_data_fragment_too_long_fragment,
95 &hf_pop_data_fragment_error,
96 &hf_pop_data_fragment_count,
97 /* Reassembled in field */
98 &hf_pop_data_reassembled_in,
99 /* Reassembled length field */
100 &hf_pop_data_reassembled_length,
101 /* Reassembled data field */
102 NULL,
103 /* Tag */
104 "DATA fragments"
105 };
106
107 struct pop_proto_data {
108 guint16 conversation_id;
109 gboolean more_frags;
110 };
111
112 struct pop_data_val {
113 gboolean msg_request;
114 guint32 msg_read_len; /* Length of RETR message read so far */
115 guint32 msg_tot_len; /* Total length of RETR message */
116 gboolean stls_request; /* Received STLS request */
117 guint32 last_nontls_frame; /* last non-TLS frame; 0 if not known or no TLS */
118 };
119
120
121
122 static gboolean response_is_continuation(const guchar *data);
123
124 static void
125 dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
126 {
127 struct pop_proto_data *frame_data_p;
128 gboolean is_request;
129 gboolean is_continuation;
130 proto_tree *pop_tree, *reqresp_tree;
131 proto_item *ti;
132 gint offset = 0;
133 const guchar *line;
134 gint next_offset;
135 int linelen;
136 int tokenlen;
137 const guchar *next_token;
138 fragment_head *frag_msg = NULL;
139 tvbuff_t *next_tvb = NULL;
140 conversation_t *conversation = NULL;
141 struct pop_data_val *data_val = NULL;
142 gint length_remaining;
143
144 col_set_str(pinfo->cinfo, COL_PROTOCOL, "POP");
145
146 frame_data_p = (struct pop_proto_data *)p_get_proto_data(pinfo->fd, proto_pop, 0);
147
148 conversation = find_or_create_conversation(pinfo);
149 data_val = (struct pop_data_val *)conversation_get_proto_data(conversation, proto_pop);
150 if (!data_val) {
151
152 /*
153 * No conversation - create one and attach it.
154 */
155 data_val = wmem_new0(wmem_file_scope(), struct pop_data_val);
156
157 conversation_add_proto_data(conversation, proto_pop, data_val);
158 }
159
160 /* Are we doing TLS? */
161 if (data_val->last_nontls_frame != 0 && pinfo->fd->num > data_val->last_nontls_frame) {
162 guint16 save_can_desegment;
163 guint32 save_last_nontls_frame;
164
165 /* This is TLS, not raw POP/IMF. TLS can desegment */
166 save_can_desegment = pinfo->can_desegment;
167 pinfo->can_desegment = pinfo->saved_can_desegment;
168
169 /* Make sure the SSL dissector will not be called again after decryption */
170 save_last_nontls_frame = data_val->last_nontls_frame;
171 data_val->last_nontls_frame = 0;
172
173 call_dissector(ssl_handle, tvb, pinfo, tree);
174
175 pinfo->can_desegment = save_can_desegment;
176 data_val->last_nontls_frame = save_last_nontls_frame;
177 return;
178 }
179
180 /*
181 * Find the end of the first line.
182 *
183 * Note that "tvb_find_line_end()" will return a value that is
184 * not longer than what's in the buffer, so the "tvb_get_ptr()"
185 * call won't throw an exception.
186 */
187 linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
188 line = tvb_get_ptr(tvb, offset, linelen);
189
190 if (pinfo->match_uint == pinfo->destport) {
191 is_request = TRUE;
192 is_continuation = FALSE;
193 } else {
194 is_request = FALSE;
195 is_continuation = response_is_continuation(line);
196 }
197
198 /*
199 * Put the first line from the buffer into the summary
200 * if it's a POP request or reply (but leave out the
201 * line terminator).
202 * Otherwise, just call it a continuation.
203 */
204 if (is_continuation) {
205 length_remaining = tvb_length_remaining(tvb, offset);
206 col_add_fstr(pinfo->cinfo, COL_INFO, "S: DATA fragment, %d byte%s",
207 length_remaining, plurality (length_remaining, "", "s"));
208 }
209 else
210 col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "C" : "S",
211 format_text(line, linelen));
212
213 ti = proto_tree_add_item(tree, proto_pop, tvb, offset, -1, ENC_NA);
214 pop_tree = proto_item_add_subtree(ti, ett_pop);
215
216 if (is_continuation) {
217
218 if (pop_data_desegment) {
219
220 if (!frame_data_p) {
221
222 data_val->msg_read_len += tvb_length(tvb);
223
224 frame_data_p = wmem_new(wmem_file_scope(), struct pop_proto_data);
225
226 frame_data_p->conversation_id = conversation->index;
227 frame_data_p->more_frags = data_val->msg_read_len < data_val->msg_tot_len;
228
229 p_add_proto_data(pinfo->fd, proto_pop, 0, frame_data_p);
230 }
231
232 frag_msg = fragment_add_seq_next(&pop_data_reassembly_table, tvb, 0,
233 pinfo,
234 frame_data_p->conversation_id,
235 NULL,
236 tvb_length(tvb),
237 frame_data_p->more_frags);
238
239 next_tvb = process_reassembled_data(tvb, offset, pinfo,
240 "Reassembled DATA",
241 frag_msg, &pop_data_frag_items,
242 NULL, pop_tree);
243
244 if (next_tvb) {
245
246 if (imf_handle)
247 call_dissector(imf_handle, next_tvb, pinfo, tree);
248
249 if (data_val) {
250 /* we have read everything - reset */
251
252 data_val->msg_read_len = 0;
253 data_val->msg_tot_len = 0;
254 }
255 pinfo->fragmented = FALSE;
256 } else {
257 pinfo->fragmented = TRUE;
258 }
259
260 } else {
261
262 /*
263 * Put the whole packet into the tree as data.
264 */
265 call_dissector(data_handle,tvb, pinfo, pop_tree);
266
267 }
268 return;
269 }
270
271 /*
272 * Put the line into the protocol tree.
273 */
274 ti = proto_tree_add_string_format(pop_tree,
275 (is_request) ?
276 hf_pop_request :
277 hf_pop_response,
278 tvb, offset,
279 next_offset - offset,
280 "", "%s",
281 tvb_format_text(tvb, offset, next_offset - offset));
282 reqresp_tree = proto_item_add_subtree(ti, ett_pop_reqresp);
283
284 /*
285 * Extract the first token, and, if there is a first
286 * token, add it as the request or reply code.
287 */
288 tokenlen = get_token_len(line, line + linelen, &next_token);
289 if (tokenlen != 0) {
290 proto_tree_add_item(reqresp_tree,
291 (is_request) ?
292 hf_pop_request_command :
293 hf_pop_response_indicator,
294 tvb, offset, tokenlen, ENC_ASCII|ENC_NA);
295
296 if (data_val) {
297 if (is_request) {
298 /* see if this is RETR or TOP command */
299 if (g_ascii_strncasecmp(line, "RETR", 4) == 0 ||
300 g_ascii_strncasecmp(line, "TOP", 3) == 0)
301 /* the next response will tell us how many bytes */
302 data_val->msg_request = TRUE;
303
304 if (g_ascii_strncasecmp(line, "STLS", 4) == 0) {
305 data_val->stls_request = TRUE;
306 }
307 } else {
308 if (data_val->msg_request) {
309 /* this is a response to a RETR or TOP command */
310
311 if (g_ascii_strncasecmp(line, "+OK ", 4) == 0) {
312 /* the message will be sent - work out how many bytes */
313 data_val->msg_read_len = 0;
314 data_val->msg_tot_len = atoi(line + 4);
315 }
316 data_val->msg_request = FALSE;
317 }
318
319 if (data_val->stls_request) {
320 if (g_ascii_strncasecmp(line, "+OK ", 4) == 0) {
321 /* This is the last non-TLS frame. */
322 data_val->last_nontls_frame = pinfo->fd->num;
323 }
324 data_val->stls_request = FALSE;
325 }
326 }
327 }
328
329 offset += (gint) (next_token - line);
330 linelen -= (int) (next_token - line);
331 }
332
333
334 if (tree) {
335 /*
336 * Add the rest of the first line as request or
337 * reply param/description.
338 */
339 if (linelen != 0) {
340 proto_tree_add_item(reqresp_tree,
341 (is_request) ?
342 hf_pop_request_parameter :
343 hf_pop_response_description,
344 tvb, offset, linelen, ENC_ASCII|ENC_NA);
345 }
346 offset = next_offset;
347
348 /*
349 * Show the rest of the request or response as text,
350 * a line at a time.
351 */
352 while (tvb_offset_exists(tvb, offset)) {
353 /*
354 * Find the end of the line.
355 */
356 tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
357
358 /*
359 * Put this line.
360 */
361 proto_tree_add_string_format(pop_tree,
362 (is_request) ?
363 hf_pop_request_data :
364 hf_pop_response_data,
365 tvb, offset,
366 next_offset - offset,
367 "", "%s",
368 tvb_format_text(tvb, offset, next_offset - offset));
369 offset = next_offset;
370 }
371 }
372 }
373
374 static gboolean response_is_continuation(const guchar *data)
375 {
376 if (strncmp(data, "+OK", strlen("+OK")) == 0)
377 return FALSE;
378
379 if (strncmp(data, "-ERR", strlen("-ERR")) == 0)
380 return FALSE;
381
382 return TRUE;
383 }
384
385 static void pop_data_reassemble_init (void)
386 {
387 reassembly_table_init (&pop_data_reassembly_table,
388 &addresses_ports_reassembly_table_functions);
389 }
390
391 void
392 proto_register_pop(void)
393 {
394 static hf_register_info hf[] = {
395 { &hf_pop_response,
396 { "Response", "pop.response",
397 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
398 { &hf_pop_response_indicator,
399 { "Response indicator", "pop.response.indicator",
400 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
401 { &hf_pop_response_description,
402 { "Response description", "pop.response.description",
403 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
404 { &hf_pop_response_data,
405 { "Data", "pop.response.data",
406 FT_STRING, BASE_NONE, NULL, 0x0, "Response Data", HFILL }},
407 { &hf_pop_request,
408 { "Request", "pop.request",
409 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
410 { &hf_pop_request_command,
411 { "Request command", "pop.request.command",
412 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
413 { &hf_pop_request_parameter,
414 { "Request parameter", "pop.request.parameter",
415 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
416 { &hf_pop_request_data,
417 { "Data", "pop.request.data",
418 FT_STRING, BASE_NONE, NULL, 0x0, "Request data", HFILL }},
419 /* Fragment entries */
420 { &hf_pop_data_fragments,
421 { "DATA fragments", "pop.data.fragments", FT_NONE, BASE_NONE,
422 NULL, 0x00, "Message fragments", HFILL } },
423 { &hf_pop_data_fragment,
424 { "DATA fragment", "pop.data.fragment", FT_FRAMENUM, BASE_NONE,
425 NULL, 0x00, "Message fragment", HFILL } },
426 { &hf_pop_data_fragment_overlap,
427 { "DATA fragment overlap", "pop.data.fragment.overlap", FT_BOOLEAN,
428 BASE_NONE, NULL, 0x0, "Message fragment overlap", HFILL } },
429 { &hf_pop_data_fragment_overlap_conflicts,
430 { "DATA fragment overlapping with conflicting data",
431 "pop.data.fragment.overlap.conflicts", FT_BOOLEAN, BASE_NONE, NULL,
432 0x0, "Message fragment overlapping with conflicting data", HFILL } },
433 { &hf_pop_data_fragment_multiple_tails,
434 { "DATA has multiple tail fragments",
435 "pop.data.fragment.multiple_tails", FT_BOOLEAN, BASE_NONE,
436 NULL, 0x0, "Message has multiple tail fragments", HFILL } },
437 { &hf_pop_data_fragment_too_long_fragment,
438 { "DATA fragment too long", "pop.data.fragment.too_long_fragment",
439 FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Message fragment too long",
440 HFILL } },
441 { &hf_pop_data_fragment_error,
442 { "DATA defragmentation error", "pop.data.fragment.error", FT_FRAMENUM,
443 BASE_NONE, NULL, 0x00, "Message defragmentation error", HFILL } },
444 { &hf_pop_data_fragment_count,
445 { "DATA fragment count", "pop.data.fragment.count", FT_UINT32, BASE_DEC,
446 NULL, 0x00, NULL, HFILL } },
447 { &hf_pop_data_reassembled_in,
448 { "Reassembled DATA in frame", "pop.data.reassembled.in", FT_FRAMENUM, BASE_NONE,
449 NULL, 0x00, "This DATA fragment is reassembled in this frame", HFILL } },
450 { &hf_pop_data_reassembled_length,
451 { "Reassembled DATA length", "pop.data.reassembled.length", FT_UINT32, BASE_DEC,
452 NULL, 0x00, "The total length of the reassembled payload", HFILL } },
453 };
454
455 static gint *ett[] = {
456 &ett_pop,
457 &ett_pop_reqresp,
458 &ett_pop_data_fragment,
459 &ett_pop_data_fragments
460 };
461 module_t *pop_module;
462
463
464 proto_pop = proto_register_protocol("Post Office Protocol", "POP", "pop");
465 register_dissector("pop", dissect_pop, proto_pop);
466 proto_register_field_array(proto_pop, hf, array_length(hf));
467 proto_register_subtree_array(ett, array_length(ett));
468 register_init_routine (&pop_data_reassemble_init);
469
470 /* Preferences */
471 pop_module = prefs_register_protocol(proto_pop, NULL);
472
473 prefs_register_bool_preference(pop_module, "desegment_data",
474 "Reassemble POP RETR and TOP responses spanning multiple TCP segments",
475 "Whether the POP dissector should reassemble RETR and TOP responses and spanning multiple TCP segments."
476 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
477 &pop_data_desegment);
478 }
479
480 void
481 proto_reg_handoff_pop(void)
482 {
483 dissector_handle_t pop_handle;
484
485 pop_handle = find_dissector("pop");
486 dissector_add_uint("tcp.port", TCP_PORT_POP, pop_handle);
487 ssl_dissector_add(TCP_PORT_SSL_POP, "pop", TRUE);
488 data_handle = find_dissector("data");
489
490 /* find the IMF dissector */
491 imf_handle = find_dissector("imf");
492
493 /* find the SSL dissector */
494 ssl_handle = find_dissector("ssl");
495 }