/* packet-turnchannel.c * Routines for TURN channel dissection (TURN negotiation is handled * in the STUN2 dissector * Copyright 2008, 8x8 Inc. * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * SPDX-License-Identifier: GPL-2.0-or-later * * Please refer to the following specs for protocol detail: * - draft-ietf-behave-rfc3489bis-15 * - draft-ietf-mmusic-ice-19 * - draft-ietf-behave-nat-behavior-discovery-03 * - draft-ietf-behave-turn-07 * - draft-ietf-behave-turn-ipv6-03 * * XXX - these are now: * - RFC 5389 * - RFC 5245 * - RFC 5780 * - RFC 5766 * - RFC 6156 * - RFC 8656 * * Update as necessary. */ #include "config.h" #include #include "packet-tcp.h" void proto_register_turnchannel(void); void proto_reg_handoff_turnchannel(void); /* heuristic subdissectors */ static heur_dissector_list_t heur_subdissector_list; /* Initialize the protocol and registered fields */ static int proto_turnchannel; static int hf_turnchannel_id; static int hf_turnchannel_len; #define TURNCHANNEL_HDR_LEN ((unsigned)4) #define MS_MULTIPLEX_TURN 0xFF10 /* Initialize the subtree pointers */ static int ett_turnchannel; static dissector_handle_t turnchannel_tcp_handle; static dissector_handle_t turnchannel_udp_handle; /* * RFC 5764 defined a demultiplexing scheme to allow TURN is co-exist * on the same 5-tuple as STUN, DTLS, RTP/RTCP, and ZTLS by rejecting * previous reserved channel numbers, restricting the channel numbers * to 0x4000-0x7FFF. RFC 5766 (TURN) did not incorporate the restriction, * but RFC 8656 did, further restricting the channel numbers to the * range 0x4000-0x4FFF. * * Reject channel numbers outside 0x4000-0x7FFF (except for the special * MS-TURN multiplex channel number), since no implementation has used * any value outside that range, and the 0x5000-0x7FFF range is reserved * in the multiplexing scheme. */ static bool test_turnchannel_id(uint16_t channel_id) { if ((channel_id & 0x4000) == 0x4000 || channel_id == MS_MULTIPLEX_TURN) return true; return false; } static int dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { unsigned len; uint16_t channel_id; uint16_t data_len; proto_item *ti; proto_tree *turnchannel_tree; heur_dtbl_entry_t *hdtbl_entry; len = tvb_captured_length(tvb); /* First, make sure we have enough data to do the check. */ if (len < TURNCHANNEL_HDR_LEN) { return 0; } channel_id = tvb_get_ntohs(tvb, 0); data_len = tvb_get_ntohs(tvb, 2); if (!test_turnchannel_id(channel_id)) { return 0; } if (len != TURNCHANNEL_HDR_LEN + data_len) { return 0; } /* Seems to be a decent TURN channel message */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "TURN CHANNEL"); col_add_fstr(pinfo->cinfo, COL_INFO, "Channel Id 0x%x", channel_id); ti = proto_tree_add_item(tree, proto_turnchannel, tvb, 0, -1, ENC_NA); turnchannel_tree = proto_item_add_subtree(ti, ett_turnchannel); proto_tree_add_uint(turnchannel_tree, hf_turnchannel_id, tvb, 0, 2, channel_id); proto_tree_add_uint(turnchannel_tree, hf_turnchannel_len, tvb, 2, 2, data_len); if (len > TURNCHANNEL_HDR_LEN) { tvbuff_t *next_tvb; unsigned reported_len, new_len; new_len = tvb_captured_length_remaining(tvb, TURNCHANNEL_HDR_LEN); reported_len = tvb_reported_length_remaining(tvb, TURNCHANNEL_HDR_LEN); if (data_len < reported_len) { reported_len = data_len; } next_tvb = tvb_new_subset_length_caplen(tvb, TURNCHANNEL_HDR_LEN, new_len, reported_len); if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { call_data_dissector(next_tvb, pinfo, tree); } } return tvb_captured_length(tvb); } static unsigned get_turnchannel_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) { uint16_t channel_id; channel_id = tvb_get_ntohs(tvb, 0); /* If the channel number is outside the range, either we missed * a TCP segment or this is STUN, DTLS, RTP, etc. multiplexed on * the same 5-tuple. Report the length as the rest of the packet * and dissect_turnchannel_message will reject it, rather than * using a bogus PDU length and messing up the dissection of * future TURN packets. */ if (!test_turnchannel_id(channel_id)) { return tvb_reported_length(tvb); } return (unsigned)tvb_get_ntohs(tvb, offset+2) + TURNCHANNEL_HDR_LEN; } static int dissect_turnchannel_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) { tcp_dissect_pdus(tvb, pinfo, tree, true, TURNCHANNEL_HDR_LEN, get_turnchannel_message_len, dissect_turnchannel_message, data); return tvb_captured_length(tvb); } void proto_register_turnchannel(void) { static hf_register_info hf[] = { { &hf_turnchannel_id, { "TURN Channel ID", "turnchannel.id", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_turnchannel_len, { "Data Length", "turnchannel.length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, }; /* Setup protocol subtree array */ static int *ett[] = { &ett_turnchannel, }; /* Register the protocol name and description */ proto_turnchannel = proto_register_protocol("TURN Channel", "TURNCHANNEL", "turnchannel"); turnchannel_tcp_handle = register_dissector("turnchannel-tcp", dissect_turnchannel_tcp, proto_turnchannel); turnchannel_udp_handle = register_dissector("turnchannel", dissect_turnchannel_message, proto_turnchannel); /* subdissectors */ /* XXX: Nothing actually registers to this list. All dissectors register * to the heuristic subdissector list for STUN, since the STUN dissector * doesn't actually call this dissector but uses its own implementation * of TURN Channel messages. */ heur_subdissector_list = register_heur_dissector_list_with_description("turnchannel", "TURN Channel message", proto_turnchannel); /* Required function calls to register the header fields and subtrees used */ proto_register_field_array(proto_turnchannel, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } void proto_reg_handoff_turnchannel(void) { /* Register for "Decode As" in case STUN negotiation isn't captured */ dissector_add_for_decode_as_with_preference("tcp.port", turnchannel_tcp_handle); dissector_add_for_decode_as_with_preference("udp.port", turnchannel_udp_handle); /* * SSL/TLS and DTLS Application-Layer Protocol Negotiation (ALPN) * protocol ID. */ dissector_add_string("tls.alpn", "stun.turn", turnchannel_tcp_handle); dissector_add_string("dtls.alpn", "stun.turn", turnchannel_udp_handle); } /* * Editor modelines - https://www.wireshark.org/tools/modelines.html * * Local variables: * c-basic-offset: 8 * tab-width: 8 * indent-tabs-mode: t * End: * * vi: set shiftwidth=8 tabstop=8 noexpandtab: * :indentSize=8:tabSize=8:noTabs=false: */