1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
|
/* packet-giop.h
* Declaration of routines for GIOP/IIOP (CDR) dissection
* Copyright 2000, Frank Singleton <frank.singleton@ericsson.com>
*
* Based on CORBAv2.4.2 Chapter 15 GIOP Description.
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef PACKET_GIOP_H
#define PACKET_GIOP_H
#include "ws_symbol_export.h"
/*
* Useful visible data/structs
*/
#define GIOP_HEADER_SIZE 12
#define GIOP_MAGIC_NUMBER 0x47494F50 /* "GIOP" */
typedef struct Version {
guint8 major;
guint8 minor;
} Version;
/*
* Useful data collected from message header. Note, this
* struct encapsulates useful data from GIOP header, as well
* as request_id and reply_status for use by sub dissectors.
*/
typedef struct MessageHeader {
/* Common Data */
guint8 magic[4];
Version GIOP_version;
guint8 flags; /* byte_order in 1.0 */
guint8 message_type;
guint32 message_size;
/* MSG dependent data */
guint32 req_id; /* request id in MSG */
guint32 rep_status; /* reply status in MSG if available */
gchar *exception_id; /* exception string if a USER EXCEPTION occurs */
} MessageHeader;
typedef enum MsgType {
Request = 0,
Reply,
CancelRequest,
LocateRequest,
LocateReply,
CloseConnection,
MessageError,
Fragment /* GIOP 1.1 only */
} MsgType;
/*
* Reply Status
*
*/
typedef enum ReplyStatusType {
NO_EXCEPTION = 0,
USER_EXCEPTION,
SYSTEM_EXCEPTION,
LOCATION_FORWARD,
LOCATION_FORWARD_PERM, /* new for GIOP 1.2 */
NEEDS_ADDRESSING_MODE /* new for GIOP 1.2 */
} ReplyStatusType;
/*
* Prototype for sub dissector function calls.
*/
typedef gboolean (giop_sub_dissector_t)(tvbuff_t *, packet_info *, proto_tree *, int *,
MessageHeader *, const gchar * , gchar *);
/*
* Generic Subdissector handle, wraps user info.
*/
typedef struct giop_sub_handle {
giop_sub_dissector_t *sub_fn; /* ptr to sub dissector function */
const gchar *sub_name; /* subdissector string name */
protocol_t *sub_proto; /* protocol_t for subprotocol */
} giop_sub_handle_t;
/* Main GIOP entry point */
extern gboolean dissect_giop(tvbuff_t *, packet_info *, proto_tree *); /* new interface */
/*
* GIOP Users register interest via this function.
* This is for heuristic dissection
*/
WS_DLL_PUBLIC void register_giop_user(giop_sub_dissector_t *sub, const gchar *name,
int sub_proto);
/*
* GIOP Users remove interest via this function.
* This is for heuristic dissection
*/
extern void delete_giop_user(giop_sub_dissector_t *sub, gchar *name);
/*
* GIOP Users register their module and interface names via this function.
* This is for explicit dissection.
*/
WS_DLL_PUBLIC void register_giop_user_module(giop_sub_dissector_t *sub, const gchar *name,
const gchar *module, int sub_proto);
/*
* GIOP Users remove their module and interface names via this function.
* This is for explicit dissection.
*/
extern void delete_giop_user_module(giop_sub_dissector_t *sub, gchar *name,
gchar *module);
/*
* General CDR accessors start here. They are listed in alphabetical
* order. They may however, belong to 1 of 3 distinct CDR data types.
*
* - Primitive
* - OMG IDL Constructed Types
* - Pseudo Object Types
*
*
* Altough some of these look redundant, I have separated them
* out for all CDR types, to assist in auto generation of
* IDL dissectors later, see idl2wrs -- FS
*
*/
/*
* Gets data of type any. This is encoded as a TypeCode
* followed by the encoded value.
*
* Data is added to tree directly if present.
*/
WS_DLL_PUBLIC void get_CDR_any(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_item *item,
gint *offset, gboolean stream_is_big_endian,
int boundary, MessageHeader * header);
/* Copy a 1 octet sequence from the tvbuff
* which represents a boolean value, and convert
* it to a boolean value.
* Offset is then incremented by 1, to indicate the 1 octet which
* has been processed.
*/
WS_DLL_PUBLIC gboolean get_CDR_boolean(tvbuff_t *tvb, int *offset);
/* Copy a 1 octet sequence from the tvbuff
* which represents a char, and convert
* it to an char value.
* offset is then incremented by 1, to indicate the 1 octet which
* has been processed.
*/
WS_DLL_PUBLIC guint8 get_CDR_char(tvbuff_t *tvb, int *offset);
/*
* Floating Point Data Type double IEEE 754-1985
*
* Copy an 8 octet sequence from the tvbuff
* which represents a double value, and convert
* it to a double value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for double values.
* offset is then incremented by 8, to indicate the 8 octets which
* have been processed.
*/
WS_DLL_PUBLIC gdouble get_CDR_double(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Copy a 4 octet sequence from the tvbuff
* which represents an enum value, and convert
* it to an enum value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for an enum (4)
* offset is then incremented by 4, to indicate the 4 octets which
* have been processed.
*
* Enum values are encoded as unsigned long.
*/
WS_DLL_PUBLIC guint32 get_CDR_enum(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/*
* Copy an octet sequence from the tvbuff
* which represents a Fixed point decimal type, and create a string representing
* a Fixed point decimal type. There are no alignment restrictions.
* Size and scale of fixed decimal type is determined by IDL.
*
* digits - IDL specified number of "digits" for this fixed type
* scale - IDL specified "scale" for this fixed type
*
*
* eg: typedef fixed <5,2> fixed_t;
* could represent numbers like 123.45, 789.12,
*
*
* As the fixed type could be any size, I will not try to fit it into our
* simple types like gdouble or glong etc. I will just create a string buffer holding
* a representation (after scale is applied), and with a decimal point or zero padding
* inserted at the right place if necessary. The string is null terminated
*
* so string may look like
*
*
* "+1.234" or "-3456.78" or "1234567309475760377365465897891" or "-2789000000" etc
*
* According to spec, digits <= 31
* and scale is positive (except for constants eg: 1000 has digit=1 and implied scale = -3)
* or <4,0> ?
*
*/
WS_DLL_PUBLIC void get_CDR_fixed(tvbuff_t *tvb, packet_info *pinfo, proto_item *item,
gchar **seq, gint *offset, guint32 digits, gint32 scale);
/*
* Floating Point Data Type float IEEE 754-1985
*
* Copy a 4 octet sequence from the tvbuff
* which represents a float value, and convert
* it to a float value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for float values.
* offset is then incremented by 4, to indicate the 4 octets which
* have been processed.
*/
WS_DLL_PUBLIC gfloat get_CDR_float(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/*
* Decode an Interface type, and display it on the tree.
*/
WS_DLL_PUBLIC void get_CDR_interface(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int *offset, gboolean stream_is_big_endian, int boundary);
/* Copy a 4 octet sequence from the tvbuff
* which represents a signed long value, and convert
* it to an signed long vaule, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for long values.
* offset is then incremented by 4, to indicate the 4 octets which
* have been processed.
*/
WS_DLL_PUBLIC gint32 get_CDR_long(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Copy a 16 octet sequence from the tvbuff
* which represents a long double value, and convert
* it to a long double value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for long double values.
* offset is then incremented by 16, to indicate the 16 octets which
* have been processed.
*/
#ifdef G_HAVE_GLONG_DOUBLE
WS_DLL_PUBLIC glong_double get_CDR_long_double(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
#else
/* FIX -- Cast long double to gdouble until I figure this out -- FS*/
WS_DLL_PUBLIC gdouble get_CDR_long_double(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
#endif
/* Copy an 8 octet sequence from the tvbuff
* which represents a signed long long value, and convert
* it to a signed long long value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for long long values.
* offset is then incremented by 8, to indicate the 8 octets which
* have been processed.
*/
WS_DLL_PUBLIC gint64 get_CDR_long_long(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/*
* Decode an Object type, and display it on the tree.
*/
WS_DLL_PUBLIC void get_CDR_object(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int *offset, gboolean stream_is_big_endian, int boundary);
/* Copy a 1 octet sequence from the tvbuff
* which represents a octet, and convert
* it to an octet value.
* offset is then incremented by 1, to indicate the 1 octet which
* has been processed.
*/
WS_DLL_PUBLIC guint8 get_CDR_octet(tvbuff_t *tvb, int *offset);
/* Copy a sequence of octets from the tvbuff.
* Memory is allocated in packet pool and will be
* automatically freed once the packet dissection is finished.
* This function also increments offset by len.
*/
WS_DLL_PUBLIC void get_CDR_octet_seq(tvbuff_t *tvb, const guint8 **seq, int *offset, guint32 len);
/* Copy a 2 octet sequence from the tvbuff
* which represents a signed short value, and convert
* it to a signed short value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for short values.
* offset is then incremented by 2, to indicate the 2 octets which
* have been processed.
*/
WS_DLL_PUBLIC gint16 get_CDR_short(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
WS_DLL_PUBLIC void giop_add_CDR_string(proto_tree *tree, tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary,
int hf);
/* Copy an octet sequence from the tvbuff
* which represents a string, and convert
* it to an string value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for string values. (begins with an unsigned long LI)
*
* String sequence is copied to a buffer "seq".
* Memory is allocated in packet pool and will be
* automatically freed once the packet dissection is finished.
* offset is then incremented , to indicate the octets which
* have been processed.
*
* returns number of octets in the sequence
*
* Note: This function only supports single byte encoding at the
* moment until I get a handle on multibyte encoding etc.
*
*/
WS_DLL_PUBLIC guint32 get_CDR_string(tvbuff_t *tvb, const gchar **seq, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Process a sequence of octets that represent the
* Pseudo Object Type "TypeCode". Typecodes are used for example,
* by "Any values".
* This function also increments offset to the correct position.
*
* It will parse the TypeCode and output data to the "tree" provided
* by the user
*
* It returns a guint32 representing a TCKind value.
*/
WS_DLL_PUBLIC guint32 get_CDR_typeCode(tvbuff_t *tvb, packet_info* pinfo, proto_tree *tree, gint *offset,
gboolean stream_is_big_endian, int boundary, MessageHeader * header );
/* Copy a 4 octet sequence from the tvbuff
* which represents an unsigned long value, and convert
* it to an unsigned long value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for unsigned long values.
* offset is then incremented by 4, to indicate the 4 octets which
* have been processed.
*/
WS_DLL_PUBLIC guint32 get_CDR_ulong(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Copy an 8 octet sequence from the tvbuff
* which represents an unsigned long long value, and convert
* it to an unsigned long long value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for unsigned long long values.
* offset is then incremented by 8, to indicate the 8 octets which
* have been processed.
*/
WS_DLL_PUBLIC guint64 get_CDR_ulong_long(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Copy a 2 octet sequence from the tvbuff
* which represents an unsigned short value, and convert
* it to an unsigned short value, taking into account byte order.
* offset is first incremented so that it falls on a proper alignment
* boundary for unsigned short values.
* offset is then incremented by 2, to indicate the 2 octets which
* have been processed.
*/
WS_DLL_PUBLIC guint16 get_CDR_ushort(tvbuff_t *tvb, int *offset,
gboolean stream_is_big_endian, int boundary);
/* Copy a wchar from the tvbuff.
* Memory is allocated in packet pool and will be
* automatically freed once the packet dissection is finished.
* This function also increments offset according to
* the wchar size.
*
* For GIOP 1.1 read 2 octets and return size -2. The
* negation means there is no size element in the packet
* and therefore no size to add to the tree.
*
* For GIOP 1.2 read size of wchar and the size
* octets. size is returned as a gint8.
*
* For both GIOP versions the wchar is returned
* as a printable string.
*
*/
/* NOTE: This is very primitive in that it just reads
* the wchar as a series of octets and returns them
* to the user. No translation is attempted based on
* byte orientation, nor on code set. I.e it only
* really reads past the wchar and increments the offset
* by the length of the octet sequence.
*/
/* The "decoding" is done according to CORBA chapter 15.
* Wchar is not supported for GIOP 1.0.
*/
WS_DLL_PUBLIC gint get_CDR_wchar(tvbuff_t *tvb, const gchar **seq, int *offset,
MessageHeader * header);
/* Copy a wstring from the tvbuff.
* Memory is allocated in packet pool and will be
* automatically freed once the packet dissection is finished.
* This function also increments offset, according to
* wstring length. length is returned as guint32
*/
/* NOTE: This is very primitive in that it just reads
* the wstring as a series of octets and returns them
* to the user. No translation is attempted based on
* byte orientation, nor on code set. I.e it only
* really reads past the wstring and increments the offset
* by the length of the octet sequence.
*/
/* The "decoding" is done according to CORBA chapter 15.
* Wstring is not supported for GIOP 1.0.
*/
WS_DLL_PUBLIC guint32 get_CDR_wstring(tvbuff_t *tvb, const gchar **seq, int *offset,
gboolean stream_is_big_endian, int boundary, MessageHeader * header);
/*
*
* End of get_CDR_xxx accessors.
*
*/
/* Determine the byte order from the GIOP MessageHeader */
WS_DLL_PUBLIC gboolean is_big_endian (MessageHeader * header);
/*
* get_encap_info() for any encapsulation (eg:sequences)
* we come across. updates the new boundary and endianess
* and *offset, and returns the sequence length.
*/
WS_DLL_PUBLIC guint32 get_CDR_encap_info(tvbuff_t *tvb, proto_tree *tree, gint *offset,
gboolean old_stream_is_big_endian, guint32 old_boundary,
gboolean *new_stream_is_big_endian_ptr, guint32 *new_boundary_ptr );
/* Take in an array of guint8 and create a new ephemeral string.
* Replace non-printable characters with periods.
*
* The array may contain \0's so don't use strdup
* The string is \0 terminated, and thus longer than
* the initial sequence.
*/
WS_DLL_PUBLIC gchar * make_printable_string (const guint8 *in, guint32 len);
/*
* Enums for TCkind
*/
enum TCKind {
tk_null = 0,
tk_void,
tk_short,
tk_long,
tk_ushort,
tk_ulong,
tk_float,
tk_double,
tk_boolean,
tk_char,
tk_octet,
tk_any,
tk_TypeCode,
tk_Principal,
tk_objref,
tk_struct,
tk_union,
tk_enum,
tk_string,
tk_sequence,
tk_array,
tk_alias,
tk_except,
tk_longlong,
tk_ulonglong,
tk_longdouble,
tk_wchar,
tk_wstring,
tk_fixed,
tk_value,
tk_value_box,
tk_native,
tk_abstract_interface
/* - none - 0xffffffff TODO */
};
#define tk_none 0xffffffff
typedef enum TCKind TCKind_t;
/*
* ServiceId's for ServiceContextList
*
* Chapter 13 Corba 2.4.2
*/
#define IOP_ServiceId_TransactionService 0
#define IOP_ServiceId_CodeSets 1
#define IOP_ServiceId_ChainBypassCheck 2
#define IOP_ServiceId_ChainBypassInfo 3
#define IOP_ServiceId_LogicalThreadId 4
#define IOP_ServiceId_BI_DIR_IIOP 5
#define IOP_ServiceId_SendingContextRunTime 6
#define IOP_ServiceId_INVOCATION_POLICIES 7
#define IOP_ServiceId_FORWARD_IDENTITY 8
#define IOP_ServiceId_UnknownExceptionInfo 9
/* Used for GIOP statistics */
typedef struct _giop_info_value_t {
guint32 framenum;
address *server_addr;
const gchar *client_host;
const gchar *service_host;
const gchar *giop_op;
const gchar *giop_resp;
time_t time_ticks;
guint time_ms;
gboolean first_pass;
} giop_info_value_t;
#define GIOP_TAP_NAME "giop"
#endif /* PACKET_GIOP_H */
|