diff options
Diffstat (limited to 'epan/dissectors/packet-miop.c')
-rw-r--r-- | epan/dissectors/packet-miop.c | 323 |
1 files changed, 323 insertions, 0 deletions
diff --git a/epan/dissectors/packet-miop.c b/epan/dissectors/packet-miop.c new file mode 100644 index 00000000..8fed8c2b --- /dev/null +++ b/epan/dissectors/packet-miop.c @@ -0,0 +1,323 @@ +/* packet-miop.c + * Routines for CORBA MIOP packet disassembly + * Significantly based on packet-giop.c + * Copyright 2009 Alvaro Vega Garcia <avega at tid dot es> + * + * According with Unreliable Multicast Draft Adopted Specification + * 2001 October (OMG) + * Chapter 29: Unreliable Multicast Inter-ORB Protocol (MIOP) + * http://www.omg.org/technology/documents/specialized_corba.htm + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + + +#include "config.h" + +#include <epan/packet.h> + +#include <epan/expert.h> + +#include "packet-giop.h" + +void proto_register_miop(void); +void proto_reg_handoff_miop(void); + +/* + * Useful visible data/structs + */ + +#define MIOP_MAX_UNIQUE_ID_LENGTH 252 + +#define MIOP_HEADER_SIZE 16 + +/* + * Set to 1 for DEBUG output - TODO make this a runtime option + */ + +#define DEBUG 0 + +/* + * ------------------------------------------------------------------------------------------+ + * Data/Variables/Structs + * ------------------------------------------------------------------------------------------+ + */ + + +static int proto_miop = -1; + +/* + * (sub)Tree declares + */ + + +static gint hf_miop_magic = -1; +static gint hf_miop_hdr_version = -1; +static gint hf_miop_flags = -1; +static gint hf_miop_packet_length = -1; +static gint hf_miop_packet_number = -1; +static gint hf_miop_number_of_packets = -1; +static gint hf_miop_unique_id_len = -1; +static gint hf_miop_unique_id = -1; + +static gint ett_miop = -1; + +static expert_field ei_miop_version_not_supported = EI_INIT; +static expert_field ei_miop_unique_id_len_exceed_max_value = EI_INIT; + +static dissector_handle_t miop_handle; + +#define MIOP_MAGIC 0x4d494f50 /* "MIOP" */ + +static gboolean +dissect_miop_heur_check (tvbuff_t * tvb, packet_info * pinfo _U_, proto_tree * tree _U_, void * data _U_) { + + guint tot_len; + guint32 magic; + + /* check magic number and version */ + + + tot_len = tvb_captured_length(tvb); + + if (tot_len < MIOP_HEADER_SIZE) /* tot_len < 16 */ + { + /* Not enough data captured to hold the GIOP header; don't try + to interpret it as GIOP. */ + return FALSE; + } + + magic = tvb_get_ntohl(tvb,0); + if(magic != MIOP_MAGIC){ + /* Not a MIOP packet. */ + return FALSE; + } + + return TRUE; +} + +/* Main entry point */ +static int dissect_miop (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) { + guint offset = 0; + + proto_tree *miop_tree = NULL; + proto_item *ti; + + guint8 hdr_version; + guint version_major; + guint version_minor; + + guint8 flags; + + guint16 packet_length; + guint packet_number; + guint number_of_packets; + guint byte_order; + + guint32 unique_id_len; + + wmem_strbuf_t *flags_strbuf = wmem_strbuf_create(pinfo->pool); + wmem_strbuf_append(flags_strbuf, "none"); + + if (!dissect_miop_heur_check(tvb, pinfo, tree, data)) + return 0; + + col_set_str (pinfo->cinfo, COL_PROTOCOL, "MIOP"); + /* Clear out stuff in the info column */ + col_clear(pinfo->cinfo, COL_INFO); + + /* Extract major and minor version numbers */ + hdr_version = tvb_get_guint8(tvb, 4); + version_major = ((hdr_version & 0xf0) >> 4); + version_minor = (hdr_version & 0x0f); + + if (hdr_version != 16) + { + col_add_fstr (pinfo->cinfo, COL_INFO, "Version %u.%u", + version_major, version_minor); + + ti = proto_tree_add_item (tree, proto_miop, tvb, 0, -1, ENC_NA); + miop_tree = proto_item_add_subtree (ti, ett_miop); + proto_tree_add_expert_format(miop_tree, pinfo, &ei_miop_version_not_supported, + tvb, 0, -1, + "MIOP version %u.%u not supported", + version_major, version_minor); + return 5; + } + + flags = tvb_get_guint8(tvb, 5); + byte_order = (flags & 0x01) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN; + + if (byte_order == ENC_BIG_ENDIAN) { + packet_length = tvb_get_ntohs(tvb, 6); + packet_number = tvb_get_ntohl(tvb, 8); + number_of_packets = tvb_get_ntohl(tvb, 12); + unique_id_len = tvb_get_ntohl(tvb, 16); + } + else { + packet_length = tvb_get_letohs(tvb, 6); + packet_number = tvb_get_letohl(tvb, 8); + number_of_packets = tvb_get_letohl(tvb, 12); + unique_id_len = tvb_get_letohl(tvb, 16); + } + + col_add_fstr (pinfo->cinfo, COL_INFO, "MIOP %u.%u Packet s=%d (%u of %u)", + version_major, version_minor, packet_length, + packet_number + 1, + number_of_packets); + + if (tree) + { + + ti = proto_tree_add_item (tree, proto_miop, tvb, 0, -1, ENC_NA); + miop_tree = proto_item_add_subtree (ti, ett_miop); + + /* XXX - Should we bail out if we don't have the right magic number? */ + proto_tree_add_item(miop_tree, hf_miop_magic, tvb, offset, 4, ENC_ASCII); + offset += 4; + proto_tree_add_uint_format_value(miop_tree, hf_miop_hdr_version, tvb, offset, 1, hdr_version, + "%u.%u", version_major, version_minor); + offset++; + if (flags & 0x01) { + wmem_strbuf_truncate(flags_strbuf, 0); + wmem_strbuf_append(flags_strbuf, "little-endian"); + } + if (flags & 0x02) { + wmem_strbuf_append_printf(flags_strbuf, "%s%s", + wmem_strbuf_get_len(flags_strbuf) ? ", " : "", "last message"); + } + proto_tree_add_uint_format_value(miop_tree, hf_miop_flags, tvb, offset, 1, + flags, "0x%02x (%s)", flags, wmem_strbuf_get_str(flags_strbuf)); + offset++; + proto_tree_add_item(miop_tree, hf_miop_packet_length, tvb, offset, 2, byte_order); + offset += 2; + proto_tree_add_item(miop_tree, hf_miop_packet_number, tvb, offset, 4, byte_order); + offset += 4; + proto_tree_add_item(miop_tree, hf_miop_number_of_packets, tvb, offset, 4, byte_order); + + offset += 4; + ti = proto_tree_add_item(miop_tree, hf_miop_unique_id_len, tvb, offset, 4, byte_order); + + if (unique_id_len >= MIOP_MAX_UNIQUE_ID_LENGTH) { + expert_add_info_format(pinfo, ti, &ei_miop_unique_id_len_exceed_max_value, + "Unique Id length (%u) exceeds max value (%u)", + unique_id_len, MIOP_MAX_UNIQUE_ID_LENGTH); + return offset; + } + + offset += 4; + proto_tree_add_item(miop_tree, hf_miop_unique_id, tvb, offset, unique_id_len, + byte_order); + + if (packet_number == 0) { + /* It is the first packet of the collection + We can call to GIOP dissector to show more about this first + uncompleted GIOP message + */ + tvbuff_t *payload_tvb; + + offset += unique_id_len; + payload_tvb = tvb_new_subset_remaining (tvb, offset); + dissect_giop(payload_tvb, pinfo, tree); + } + } + + return tvb_captured_length(tvb); +} + +static gboolean +dissect_miop_heur (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void * data _U_) { + + if (!dissect_miop_heur_check(tvb, pinfo, tree, data)) + return FALSE; + + dissect_miop (tvb, pinfo, tree, data); + + /* TODO: make reasembly */ + return TRUE; + +} + +void proto_register_miop (void) { + + + /* A header field is something you can search/filter on. + * + * We create a structure to register our fields. It consists of an + * array of hf_register_info structures, each of which are of the format + * {&(field id), {name, abbrev, type, display, strings, bitmask, blurb, HFILL}}. + */ + static hf_register_info hf[] = { + { &hf_miop_magic, + { "Magic", "miop.magic", FT_STRING, BASE_NONE, NULL, 0x0, + "PacketHeader magic", HFILL }}, + { &hf_miop_hdr_version, + { "Version", "miop.hdr_version", FT_UINT8, BASE_HEX, NULL, 0x0, + "PacketHeader hdr_version", HFILL }}, + { &hf_miop_flags, + { "Flags", "miop.flags", FT_UINT8, BASE_OCT, NULL, 0x0, + "PacketHeader flags", HFILL }}, + { &hf_miop_packet_length, + { "Length", "miop.packet_length", FT_UINT16, BASE_DEC, NULL, 0x0, + "PacketHeader packet_length", HFILL }}, + { &hf_miop_packet_number, + { "PacketNumber", "miop.packet_number", FT_UINT32, BASE_DEC, NULL, 0x0, + "PacketHeader packet_number", HFILL }}, + { &hf_miop_number_of_packets, + { "NumberOfPackets", "miop.number_of_packets", FT_UINT32, BASE_DEC, NULL, 0x0, + "PacketHeader number_of_packets", HFILL }}, + { &hf_miop_unique_id_len, + { "UniqueIdLength", "miop.unique_id_len", FT_UINT32, BASE_DEC, NULL, 0x0, + "UniqueId length", HFILL }}, + { &hf_miop_unique_id, + { "UniqueId", "miop.unique_id", FT_BYTES, BASE_NONE, NULL, 0x0, + "UniqueId id", HFILL }}, + }; + + + static gint *ett[] = { + &ett_miop + }; + + static ei_register_info ei[] = { + { &ei_miop_version_not_supported, { "miop.version.not_supported", PI_UNDECODED, PI_WARN, "MIOP version not supported", EXPFILL }}, + { &ei_miop_unique_id_len_exceed_max_value, { "miop.unique_id_len.exceed_max_value", PI_MALFORMED, PI_WARN, "Unique Id length exceeds max value", EXPFILL }}, + }; + + expert_module_t* expert_miop; + + proto_miop = proto_register_protocol("Unreliable Multicast Inter-ORB Protocol", "MIOP", "miop"); + proto_register_field_array (proto_miop, hf, array_length (hf)); + proto_register_subtree_array (ett, array_length (ett)); + expert_miop = expert_register_protocol(proto_miop); + expert_register_field_array(expert_miop, ei, array_length(ei)); + + miop_handle = register_dissector("miop", dissect_miop, proto_miop); + +} + + +void proto_reg_handoff_miop (void) { + + dissector_add_for_decode_as_with_preference("udp.port", miop_handle); + + heur_dissector_add("udp", dissect_miop_heur, "MIOP over UDP", "miop_udp", proto_miop, HEURISTIC_ENABLE); + +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ |