diff options
Diffstat (limited to 'epan/dissectors/asn1/goose')
-rw-r--r-- | epan/dissectors/asn1/goose/CMakeLists.txt | 34 | ||||
-rw-r--r-- | epan/dissectors/asn1/goose/goose.asn | 143 | ||||
-rw-r--r-- | epan/dissectors/asn1/goose/goose.cnf | 96 | ||||
-rw-r--r-- | epan/dissectors/asn1/goose/packet-goose-template.c | 623 |
4 files changed, 896 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/goose/CMakeLists.txt b/epan/dissectors/asn1/goose/CMakeLists.txt new file mode 100644 index 00000000..6dd70dc6 --- /dev/null +++ b/epan/dissectors/asn1/goose/CMakeLists.txt @@ -0,0 +1,34 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# SPDX-License-Identifier: GPL-2.0-or-later +# + +set( PROTOCOL_NAME goose ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + ${PROTOCOL_NAME}.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS -b ) + +ASN2WRS() diff --git a/epan/dissectors/asn1/goose/goose.asn b/epan/dissectors/asn1/goose/goose.asn new file mode 100644 index 00000000..2471e403 --- /dev/null +++ b/epan/dissectors/asn1/goose/goose.asn @@ -0,0 +1,143 @@ +IEC61850 DEFINITIONS ::= BEGIN + +GOOSEpdu ::= CHOICE { + gseMngtPdu [APPLICATION 0] IMPLICIT GSEMngtPdu, + goosePdu [APPLICATION 1] IMPLICIT IECGoosePdu, + ... +} + +GSEMngtPdu ::= SEQUENCE { + stateID [0] IMPLICIT INTEGER, +-- security [3] ANY OPTIONAL, + -- reserved for future definition + requestResp RequestResponse +-- CHOICE { +-- requests [1] IMPLICIT GSEMngtRequests, +-- responses [2] IMPLICIT GSEMngtResponses +-- } +} + +RequestResponse ::= CHOICE { + requests [1] IMPLICIT GSEMngtRequests, + responses [2] IMPLICIT GSEMngtResponses +} + +GSEMngtRequests ::= CHOICE { + getGoReference [1] IMPLICIT GetReferenceRequestPdu, + getGOOSEElementNumber [2] IMPLICIT GetElementRequestPdu, + getGsReference [3] IMPLICIT GetReferenceRequestPdu, + getGSSEDataOffset [4] IMPLICIT GetElementRequestPdu, + ... +} + +GSEMngtResponses ::= CHOICE { + gseMngtNotSupported [0] IMPLICIT NULL, + getGoReference [1] IMPLICIT GSEMngtResponsePdu, + getGOOSEElementNumber [2] IMPLICIT GSEMngtResponsePdu, + getGsReference [3] IMPLICIT GSEMngtResponsePdu, + getGSSEDataOffset [4] IMPLICIT GSEMngtResponsePdu, + ... +} + +GetReferenceRequestPdu ::= SEQUENCE { + ident [0] IMPLICIT VisibleString, -- size shall support up to 65 octets + offset [1] IMPLICIT SEQUENCE OF INTEGER, + ... +} + +GetElementRequestPdu ::= SEQUENCE { + ident [0] IMPLICIT VisibleString, -- size shall support up to 65 octets + references [1] IMPLICIT SEQUENCE OF VisibleString, + ... +} + +GSEMngtResponsePdu ::= SEQUENCE { + ident [0] IMPLICIT VisibleString, -- echos the value of the request + confRev [1] IMPLICIT INTEGER OPTIONAL, + posNeg PositiveNegative, +-- CHOICE { +-- responsePositive [2] IMPLICIT SEQUENCE { +-- datSet [0] IMPLICIT VisibleString OPTIONAL, +-- result [1] IMPLICIT SEQUENCE OF RequestResults +-- }, +-- responseNegative [3] IMPLICIT GlbErrors +-- }, + ... +} + +PositiveNegative ::= CHOICE { + responsePositive [2] IMPLICIT SEQUENCE { + datSet [0] IMPLICIT VisibleString OPTIONAL, + result [1] IMPLICIT SEQUENCE OF RequestResults + }, + responseNegative [3] IMPLICIT GlbErrors +} + +RequestResults::= CHOICE { + offset [0] IMPLICIT INTEGER, + reference [1] IMPLICIT IA5String, + error [2] IMPLICIT ErrorReason +} + +GlbErrors ::= INTEGER { + other(0), + unknownControlBlock(1), + responseTooLarge(2), + controlBlockConfigurationError(3) --, +-- ... +} + +ErrorReason ::= INTEGER { + other (0), + notFound (1) --, +-- ... +} + +IECGoosePdu ::= SEQUENCE { + gocbRef [0] IMPLICIT VisibleString, + timeAllowedtoLive [1] IMPLICIT INTEGER, + datSet [2] IMPLICIT VisibleString, + goID [3] IMPLICIT VisibleString OPTIONAL, + t [4] IMPLICIT UtcTime, + stNum [5] IMPLICIT INTEGER, + sqNum [6] IMPLICIT INTEGER, + simulation [7] IMPLICIT BOOLEAN DEFAULT FALSE, + confRev [8] IMPLICIT INTEGER, + ndsCom [9] IMPLICIT BOOLEAN DEFAULT FALSE, + numDatSetEntries [10] IMPLICIT INTEGER, + allData [11] IMPLICIT SEQUENCE OF Data --, +-- security [12] ANY OPTIONAL + -- reserved for digital signature +} + +UtcTime ::= OCTET STRING -- format and size defined in 8.1.3.6. + +TimeOfDay ::= OCTET STRING -- (SIZE (4 | 6)) +FloatingPoint ::= OCTET STRING + + +Data ::= CHOICE + { + -- context tag 0 is reserved for AccessResult + array [1] IMPLICIT SEQUENCE OF Data, + structure [2] IMPLICIT SEQUENCE OF Data, + boolean [3] IMPLICIT BOOLEAN, + bit-string [4] IMPLICIT BIT STRING, + integer [5] IMPLICIT INTEGER, + unsigned [6] IMPLICIT INTEGER, + floating-point [7] IMPLICIT FloatingPoint, + real [8] IMPLICIT REAL, + octet-string [9] IMPLICIT OCTET STRING, + visible-string [10] IMPLICIT VisibleString, + binary-time [12] IMPLICIT TimeOfDay, + bcd [13] IMPLICIT INTEGER, + booleanArray [14] IMPLICIT BIT STRING, + objId [15] IMPLICIT OBJECT IDENTIFIER, + ..., + mMSString [16] IMPLICIT MMSString, + utc-time [17] IMPLICIT UtcTime -- added by IEC61850 8.1 G3 + } + +MMSString ::= UTF8String + +END diff --git a/epan/dissectors/asn1/goose/goose.cnf b/epan/dissectors/asn1/goose/goose.cnf new file mode 100644 index 00000000..b0c84ffe --- /dev/null +++ b/epan/dissectors/asn1/goose/goose.cnf @@ -0,0 +1,96 @@ +# goose.cnf +# goose conformation file + +#.MODULE_IMPORT + +#.EXPORTS + +#.PDU + +#.NO_EMIT ONLY_VALS +GOOSEpdu + +#.FN_BODY IECGoosePdu/simulation VAL_PTR = &value + bool value; + guint32 len = tvb_reported_length_remaining(tvb, offset); + int origin_offset = offset; +%(DEFAULT_BODY)s + if((actx->private_data) && (actx->created_item)){ + goose_chk_data_t *data_chk = (goose_chk_data_t *)actx->private_data; + proto_tree *expert_inf_tree = NULL; + /* S bit set and Simulation attribute clear: reject as invalid GOOSE */ + if((data_chk->s_bit == TRUE) && (value == FALSE)){ + /* It really looks better showed as a new subtree */ + expert_inf_tree = proto_item_add_subtree(actx->created_item, ett_expert_inf_sim); + proto_tree_add_expert(expert_inf_tree, actx->pinfo, &ei_goose_invalid_sim, tvb, origin_offset, len); + } + } +#.END + +#.FN_BODY UtcTime + + guint32 len; + guint32 seconds; + guint32 fraction; + guint32 nanoseconds; + nstime_t ts; + gchar * ptime; + + len = tvb_reported_length_remaining(tvb, offset); + + if(len != 8) + { + proto_tree_add_expert(tree, actx->pinfo, &ei_goose_mal_utctime, tvb, offset, len); + if(hf_index >= 0) + { + proto_tree_add_string(tree, hf_index, tvb, offset, len, "????"); + } + return offset; + } + + seconds = tvb_get_ntohl(tvb, offset); + fraction = tvb_get_ntoh24(tvb, offset+4) * 0x100; /* Only 3 bytes are recommended */ + nanoseconds = (guint32)( ((guint64)fraction * G_GUINT64_CONSTANT(1000000000)) / G_GUINT64_CONSTANT(0x100000000) ) ; + + ts.secs = seconds; + ts.nsecs = nanoseconds; + + ptime = abs_time_to_str(actx->pinfo->pool, &ts, ABSOLUTE_TIME_UTC, TRUE); + + if(hf_index >= 0) + { + proto_tree_add_string(tree, hf_index, tvb, offset, len, ptime); + } + +#.END + +#.FN_BODY FloatingPoint + + int len = tvb_reported_length_remaining(tvb, offset); + + %(DEFAULT_BODY)s + if ((len == FLOAT_ENC_LENGTH) && (tvb_get_guint8(tvb,0) == SINGLE_FLOAT_EXP_BITS) ){ + /* IEEE 754 single precision floating point */ + proto_item_set_hidden(actx->created_item); + proto_tree_add_item(tree, hf_goose_float_value, tvb, 1, (FLOAT_ENC_LENGTH-1), ENC_BIG_ENDIAN); + } + +#.END + +#.TYPE_ATTR +UtcTime TYPE = FT_STRING DISPLAY = BASE_NONE + + +#.FIELD_RENAME +GetReferenceRequestPdu/offset getReferenceRequest_offset +GSEMngtResponses/getGsReference gseMngtResponses_GetGSReference +GSEMngtResponses/getGoReference gseMngtResponses_GetGOReference +GSEMngtResponses/getGSSEDataOffset gseMngtResponses_GetGSSEDataOffset +GSEMngtResponses/getGOOSEElementNumber gseMngtResponses_GetGOOSEElementNumber + +#.FIELD_ATTR +IECGoosePdu/stNum TYPE = FT_UINT32 DISPLAY = BASE_DEC +IECGoosePdu/sqNum TYPE = FT_UINT32 DISPLAY = BASE_DEC +GetReferenceRequestPdu/offset ABBREV=getReferenceRequest.offset +IECGoosePdu/simulation BLURB = "BOOLEAN" +#.END diff --git a/epan/dissectors/asn1/goose/packet-goose-template.c b/epan/dissectors/asn1/goose/packet-goose-template.c new file mode 100644 index 00000000..70a3914f --- /dev/null +++ b/epan/dissectors/asn1/goose/packet-goose-template.c @@ -0,0 +1,623 @@ +/* packet-goose.c + * Routines for IEC 61850 GOOSE packet dissection + * Martin Lutz 2008 + * + * Routines for IEC 61850 R-GOOSE packet dissection + * Dordije Manojlovic 2020 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include <epan/packet.h> +#include <epan/asn1.h> +#include <epan/proto_data.h> +#include <epan/etypes.h> +#include <epan/expert.h> + +#include "packet-ber.h" +#include "packet-acse.h" + +#define GOOSE_PNAME "GOOSE" +#define GOOSE_PSNAME "GOOSE" +#define GOOSE_PFNAME "goose" + +#define R_GOOSE_PNAME "R-GOOSE" +#define R_GOOSE_PSNAME "R-GOOSE" +#define R_GOOSE_PFNAME "r-goose" + +void proto_register_goose(void); +void proto_reg_handoff_goose(void); + +/* Initialize the protocol and registered fields */ +static int proto_goose = -1; +static int proto_r_goose = -1; + +static int hf_goose_session_header = -1; +static int hf_goose_spdu_id = -1; +static int hf_goose_session_hdr_length = -1; +static int hf_goose_hdr_length = -1; +static int hf_goose_content_id = -1; +static int hf_goose_spdu_lenth = -1; +static int hf_goose_spdu_num = -1; +static int hf_goose_version = -1; +static int hf_goose_security_info = -1; +static int hf_goose_current_key_t = -1; +static int hf_goose_next_key_t = -1; +static int hf_goose_key_id = -1; +static int hf_goose_init_vec_length = -1; +static int hf_goose_init_vec = -1; +static int hf_goose_session_user_info = -1; +static int hf_goose_payload = -1; +static int hf_goose_payload_length = -1; +static int hf_goose_apdu_tag = -1; +static int hf_goose_apdu_simulation = -1; +static int hf_goose_apdu_appid = -1; +static int hf_goose_apdu_length = -1; +static int hf_goose_padding_tag = -1; +static int hf_goose_padding_length = -1; +static int hf_goose_padding = -1; +static int hf_goose_hmac = -1; +static int hf_goose_appid = -1; +static int hf_goose_length = -1; +static int hf_goose_reserve1 = -1; +static int hf_goose_reserve1_s_bit = -1; +static int hf_goose_reserve2 = -1; +static int hf_goose_float_value = -1; + + +/* Bit fields in the Reserved fields */ +#define F_RESERVE1_S_BIT 0x8000 + +/* GOOSE stored data for expert info verifications */ +typedef struct _goose_chk_data{ + gboolean s_bit; +}goose_chk_data_t; +#define GOOSE_CHK_DATA_LEN (sizeof(goose_chk_data_t)) + +static expert_field ei_goose_mal_utctime = EI_INIT; +static expert_field ei_goose_zero_pdu = EI_INIT; +static expert_field ei_goose_invalid_sim = EI_INIT; + +#define SINGLE_FLOAT_EXP_BITS 8 +#define FLOAT_ENC_LENGTH 5 + +#include "packet-goose-hf.c" + +/* Initialize the subtree pointers */ +static int ett_r_goose = -1; +static int ett_session_header = -1; +static int ett_security_info = -1; +static int ett_session_user_info = -1; +static int ett_payload = -1; +static int ett_padding = -1; +static int ett_goose = -1; +static int ett_reserve1 = -1; +static int ett_expert_inf_sim = -1; + +#include "packet-goose-ett.c" + +#include "packet-goose-fn.c" + +static dissector_handle_t goose_handle = NULL; +static dissector_handle_t ositp_handle = NULL; + + +#define OSI_SPDU_TUNNELED 0xA0 /* Tunneled */ +#define OSI_SPDU_GOOSE 0xA1 /* GOOSE */ +#define OSI_SPDU_SV 0xA2 /* Sample Value */ +#define OSI_SPDU_MNGT 0xA3 /* Management */ + +static const value_string ositp_spdu_id[] = { + { OSI_SPDU_TUNNELED, "Tunneled" }, + { OSI_SPDU_GOOSE, "GOOSE" }, + { OSI_SPDU_SV, "Sample value" }, + { OSI_SPDU_MNGT, "Management" }, + { 0, NULL } +}; + +#define OSI_PDU_GOOSE 0x81 +#define OSI_PDU_SV 0x82 +#define OSI_PDU_TUNNELED 0x83 +#define OSI_PDU_MNGT 0x84 + +static const value_string ositp_pdu_id[] = { + { OSI_PDU_GOOSE, "GOOSE" }, + { OSI_PDU_SV, "SV" }, + { OSI_PDU_TUNNELED, "Tunnel" }, + { OSI_PDU_MNGT, "MNGT" }, + { 0, NULL } +}; + +#define APDU_HEADER_SIZE 6 + +/* +* Dissect GOOSE PDUs inside a PPDU. +*/ +static int +dissect_goose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void* data _U_) +{ + guint32 offset = 0; + guint32 old_offset; + guint32 length; + guint32 reserve1_val; + proto_item *item = NULL; + proto_tree *tree = NULL; + goose_chk_data_t *data_chk = NULL; + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + static int * const reserve1_flags[] = { + &hf_goose_reserve1_s_bit, + NULL + }; + + asn1_ctx.private_data = wmem_alloc(pinfo->pool, GOOSE_CHK_DATA_LEN); + data_chk = (goose_chk_data_t *)asn1_ctx.private_data; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, GOOSE_PNAME); + col_clear(pinfo->cinfo, COL_INFO); + + item = proto_tree_add_item(parent_tree, proto_goose, tvb, 0, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_goose); + add_ber_encoded_label(tvb, pinfo, parent_tree); + + + /* APPID */ + proto_tree_add_item(tree, hf_goose_appid, tvb, offset, 2, ENC_BIG_ENDIAN); + + /* Length */ + proto_tree_add_item_ret_uint(tree, hf_goose_length, tvb, offset + 2, 2, + ENC_BIG_ENDIAN, &length); + + /* Reserved 1 */ + reserve1_val = tvb_get_guint16(tvb, offset + 4, ENC_BIG_ENDIAN); + proto_tree_add_bitmask_value(tree, tvb, offset + 4, hf_goose_reserve1, ett_reserve1, + reserve1_flags, reserve1_val); + + /* Store the header sim value for later expert info checks */ + if(data_chk){ + if(reserve1_val & F_RESERVE1_S_BIT){ + data_chk->s_bit = TRUE; + }else{ + data_chk->s_bit = FALSE; + } + } + + + /* Reserved 2 */ + proto_tree_add_item(tree, hf_goose_reserve2, tvb, offset + 6, 2, + ENC_BIG_ENDIAN); + + offset = 8; + while (offset < length){ + old_offset = offset; + offset = dissect_goose_GOOSEpdu(FALSE, tvb, offset, &asn1_ctx , tree, -1); + if (offset == old_offset) { + proto_tree_add_expert(tree, pinfo, &ei_goose_zero_pdu, tvb, offset, -1); + break; + } + } + + return tvb_captured_length(tvb); +} + +/* +* Dissect RGOOSE PDUs inside ISO 8602/X.234 CLTP ConnecteionLess +* Transport Protocol. +*/ +static int +dissect_rgoose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void* data _U_) +{ + guint offset = 0, old_offset = 0; + guint32 init_v_length, payload_tag, padding_length, length; + guint32 payload_length, apdu_offset = 0, apdu_length, apdu_simulation; + proto_item *item = NULL; + proto_tree *tree = NULL, *r_goose_tree = NULL, *sess_user_info_tree = NULL; + goose_chk_data_t *data_chk = NULL; + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + asn1_ctx.private_data = wmem_alloc(pinfo->pool, GOOSE_CHK_DATA_LEN); + data_chk = (goose_chk_data_t *)asn1_ctx.private_data; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, R_GOOSE_PNAME); + col_clear(pinfo->cinfo, COL_INFO); + + item = proto_tree_add_item(parent_tree, proto_r_goose, tvb, 0, -1, ENC_NA); + r_goose_tree = proto_item_add_subtree(item, ett_r_goose); + + /* Session header subtree */ + item = proto_tree_add_item(r_goose_tree, hf_goose_session_header, tvb, 0, + -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_session_header); + + /* SPDU ID */ + proto_tree_add_item(tree, hf_goose_spdu_id, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* Session header length */ + proto_tree_add_item_ret_uint(tree, hf_goose_session_hdr_length, tvb, offset++, 1, + ENC_BIG_ENDIAN, &length); + proto_item_set_len(item, length + 2); + + /* Header content indicator */ + proto_tree_add_item(tree, hf_goose_content_id, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* Length */ + proto_tree_add_item(tree, hf_goose_hdr_length, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* SPDU length */ + proto_tree_add_item(tree, hf_goose_spdu_lenth, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* SPDU number */ + proto_tree_add_item(tree, hf_goose_spdu_num, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* Version */ + proto_tree_add_item(tree, hf_goose_version, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + /* Security information subtree */ + item = proto_tree_add_item(tree, hf_goose_security_info, tvb, offset, -1, + ENC_NA); + tree = proto_item_add_subtree(item, ett_security_info); + /* Time of current key */ + proto_tree_add_item(tree, hf_goose_current_key_t, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* Time of next key */ + proto_tree_add_item(tree, hf_goose_next_key_t, tvb, offset, 2, + ENC_BIG_ENDIAN); + offset += 2; + /* Key ID */ + proto_tree_add_item(tree, hf_goose_key_id, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + /* Initialization vector length */ + proto_tree_add_item_ret_uint(tree, hf_goose_init_vec_length, tvb, offset++, 1, + ENC_BIG_ENDIAN, &init_v_length); + proto_item_set_len(item, init_v_length + 11); + + if (init_v_length > 0) { + /* Initialization vector bytes */ + proto_tree_add_item(tree, hf_goose_init_vec, tvb, offset, init_v_length, + ENC_NA); + } + offset += init_v_length; + + /* Session user information subtree */ + item = proto_tree_add_item(r_goose_tree, hf_goose_session_user_info, tvb, + offset, -1, ENC_NA); + sess_user_info_tree = proto_item_add_subtree(item, ett_payload); + + /* Payload subtree */ + item = proto_tree_add_item(sess_user_info_tree, hf_goose_payload, tvb, + offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_payload); + /* Payload length */ + proto_tree_add_item_ret_uint(tree, hf_goose_payload_length, tvb, offset, 4, + ENC_BIG_ENDIAN, &payload_length); + offset += 4; + + while (apdu_offset < payload_length){ + /* APDU tag */ + proto_tree_add_item_ret_uint(tree, hf_goose_apdu_tag, tvb, offset++, 1, + ENC_BIG_ENDIAN, &payload_tag); + /* Simulation flag */ + proto_tree_add_item_ret_uint(tree, hf_goose_apdu_simulation, tvb, offset++, + 1, ENC_BIG_ENDIAN, &apdu_simulation); + /* APPID */ + proto_tree_add_item(tree, hf_goose_apdu_appid, tvb, offset, 2, + ENC_BIG_ENDIAN); + offset += 2; + + if (payload_tag != OSI_PDU_GOOSE) { + return tvb_captured_length(tvb); + } + + /* Store the header sim value for later expert info checks */ + if(data_chk){ + if(apdu_simulation){ + data_chk->s_bit = TRUE; + }else{ + data_chk->s_bit = FALSE; + } + } + + /* APDU length */ + proto_tree_add_item_ret_uint(tree, hf_goose_apdu_length, tvb, offset, 2, + ENC_BIG_ENDIAN, &apdu_length); + + apdu_offset += (APDU_HEADER_SIZE + apdu_length); + offset += 2; + + old_offset = offset; + offset = dissect_goose_GOOSEpdu(FALSE, tvb, offset, &asn1_ctx , tree, -1); + if (offset == old_offset) { + proto_tree_add_expert(tree, pinfo, &ei_goose_zero_pdu, tvb, offset, -1); + break; + } + } + + /* Check do we have padding bytes */ + if ((tvb_captured_length(tvb) > offset) && + (tvb_get_guint8(tvb, offset) == 0xAF)) { + /* Padding subtree */ + item = proto_tree_add_item(sess_user_info_tree, hf_goose_padding, tvb, + offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_padding); + + /* Padding tag */ + proto_tree_add_item(tree, hf_goose_padding_tag, tvb, offset++, 1, + ENC_NA); + /* Padding length */ + proto_tree_add_item_ret_uint(tree, hf_goose_padding_length, tvb, offset++, 1, + ENC_BIG_ENDIAN, &padding_length); + proto_item_set_len(item, padding_length + 1); + + /* Padding bytes */ + proto_tree_add_item(tree, hf_goose_padding, tvb, offset, padding_length, + ENC_NA); + offset += padding_length; + } + + /* Check do we have HMAC bytes */ + if (tvb_captured_length(tvb) > offset) { + /* HMAC bytes */ + proto_tree_add_item(sess_user_info_tree, hf_goose_hmac, tvb, offset, + tvb_captured_length(tvb) - offset, ENC_NA); + } + + return tvb_captured_length(tvb); +} + +static gboolean +dissect_rgoose_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void *data) +{ + guint8 spdu; + + /* Check do we have at least min size of Session header bytes */ + if (tvb_captured_length(tvb) < 27) { + return FALSE; + } + + /* Is it R-GOOSE? */ + spdu = tvb_get_guint8(tvb, 0); + if (spdu != OSI_SPDU_GOOSE) { + return FALSE; + } + + dissect_rgoose(tvb, pinfo, parent_tree, data); + return TRUE; +} + +static gboolean +dissect_cltp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void *data _U_) +{ + guint8 li, tpdu, spdu; + + /* First, check do we have at least 2 bytes (length + tpdu) */ + if (tvb_captured_length(tvb) < 2) { + return FALSE; + } + + li = tvb_get_guint8(tvb, 0); + + /* Is it OSI on top of the UDP? */ + tpdu = (tvb_get_guint8(tvb, 1) & 0xF0) >> 4; + if (tpdu != 0x4) { + return FALSE; + } + + /* Check do we have SPDU ID byte, too */ + if (tvb_captured_length(tvb) < (guint) (li + 2)) { + return FALSE; + } + + /* And let's see if it is GOOSE SPDU */ + spdu = tvb_get_guint8(tvb, li + 1); + if (spdu != OSI_SPDU_GOOSE) { + return FALSE; + } + + call_dissector(ositp_handle, tvb, pinfo, parent_tree); + return TRUE; +} + + +/*--- proto_register_goose -------------------------------------------*/ +void proto_register_goose(void) { + + /* List of fields */ + static hf_register_info hf[] = + { + { &hf_goose_session_header, + { "Session header", "rgoose.session_hdr", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_id, + { "Session identifier", "rgoose.spdu_id", + FT_UINT8, BASE_HEX_DEC, VALS(ositp_spdu_id), 0x0, NULL, HFILL }}, + + { &hf_goose_session_hdr_length, + { "Session header length", "rgoose.session_hdr_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_content_id, + { "Common session header identifier", "rgoose.common_session_id", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_hdr_length, + { "Header length", "rgoose.hdr_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_lenth, + { "SPDU length", "rgoose.spdu_len", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_num, + { "SPDU number", "rgoose.spdu_num", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_version, + { "Version", "rgoose.version", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_security_info, + { "Security information", "rgoose.sec_info", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_current_key_t, + { "Time of current key", "rgoose.curr_key_t", + FT_UINT32, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_next_key_t, + { "Time of next key", "rgoose.next_key_t", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_key_id, + { "Key ID", "rgoose.key_id", + FT_UINT32, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_init_vec_length, + { "Initialization vector length", "rgoose.init_v_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_init_vec, + { "Initialization vector", "rgoose.init_v", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_session_user_info, + { "Session user information", "rgoose.session_user_info", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_payload, + { "Payload", "rgoose.payload", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_payload_length, + { "Payload length", "rgoose.payload_len", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_tag, + { "Payload type tag", "rgoose.pdu_tag", + FT_UINT8, BASE_HEX_DEC, VALS(ositp_pdu_id), 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_simulation, + { "Simulation flag", "rgoose.simulation", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_appid, + { "APPID", "rgoose.appid", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_length, + { "APDU length", "rgoose.apdu_len", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding_tag, + { "Padding", "rgoose.padding_tag", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding_length, + { "Padding length", "rgoose.padding_len", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding, + { "Padding", "rgoose.padding", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_hmac, + { "HMAC", "rgoose.hmac", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_appid, + { "APPID", "goose.appid", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_length, + { "Length", "goose.length", + FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_reserve1, + { "Reserved 1", "goose.reserve1", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_reserve1_s_bit, + { "Simulated", "goose.reserve1.s_bit", + FT_BOOLEAN, 16, NULL, F_RESERVE1_S_BIT, NULL, HFILL } }, + + { &hf_goose_reserve2, + { "Reserved 2", "goose.reserve2", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_float_value, + { "float value", "goose.float_value", + FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + #include "packet-goose-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_r_goose, + &ett_session_header, + &ett_security_info, + &ett_session_user_info, + &ett_payload, + &ett_padding, + &ett_goose, + &ett_reserve1, + &ett_expert_inf_sim, + #include "packet-goose-ettarr.c" + }; + + static ei_register_info ei[] = { + { &ei_goose_mal_utctime, + { "goose.malformed.utctime", PI_MALFORMED, PI_WARN, + "BER Error: malformed UTCTime encoding", EXPFILL }}, + { &ei_goose_zero_pdu, + { "goose.zero_pdu", PI_PROTOCOL, PI_ERROR, + "Internal error, zero-byte GOOSE PDU", EXPFILL }}, + { &ei_goose_invalid_sim, + { "goose.invalid_sim", PI_PROTOCOL, PI_WARN, + "Invalid GOOSE: S bit set and Simulation attribute clear", EXPFILL }}, + }; + + expert_module_t* expert_goose; + + /* Register protocol */ + proto_goose = proto_register_protocol(GOOSE_PNAME, GOOSE_PSNAME, GOOSE_PFNAME); + proto_r_goose = proto_register_protocol(R_GOOSE_PNAME, R_GOOSE_PSNAME, R_GOOSE_PFNAME); + + goose_handle = register_dissector("goose", dissect_goose, proto_goose); + + /* Register fields and subtrees */ + proto_register_field_array(proto_goose, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + expert_goose = expert_register_protocol(proto_goose); + expert_register_field_array(expert_goose, ei, array_length(ei)); + +} + +/*--- proto_reg_handoff_goose --- */ +void proto_reg_handoff_goose(void) { + + dissector_add_uint("ethertype", ETHERTYPE_IEC61850_GOOSE, goose_handle); + + ositp_handle = find_dissector_add_dependency("ositp", proto_goose); + + heur_dissector_add("udp", dissect_cltp_heur, + "CLTP over UDP", "cltp_udp", proto_goose, HEURISTIC_ENABLE); + heur_dissector_add("cltp", dissect_rgoose_heur, + "R-GOOSE (GOOSE over CLTP)", "rgoose_cltp", proto_goose, HEURISTIC_ENABLE); +} |