1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
/* packet-nntp.c
* Routines for nntp packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include <epan/packet.h>
#include "packet-tls-utils.h"
void proto_register_nntp(void);
void proto_reg_handoff_nntp(void);
static int proto_nntp = -1;
static int hf_nntp_response = -1;
static int hf_nntp_request = -1;
static gint ett_nntp = -1;
static dissector_handle_t nntp_handle;
static dissector_handle_t tls_handle;
#define TCP_PORT_NNTP 119
/* State of NNTP conversation */
typedef struct nntp_conversation_t {
gboolean tls_requested;
} nntp_conversation_t;
static int
dissect_nntp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
const gchar *type;
proto_tree *nntp_tree;
proto_item *ti;
gint offset = 0;
gint next_offset;
const guchar *line;
int linelen;
conversation_t *conversation;
nntp_conversation_t *session_state;
conversation = find_or_create_conversation(pinfo);
session_state = (nntp_conversation_t *)conversation_get_proto_data(conversation, proto_nntp);
if (!session_state) {
session_state = wmem_new0(wmem_file_scope(), nntp_conversation_t);
session_state->tls_requested = FALSE;
conversation_add_proto_data(conversation, proto_nntp, session_state);
}
if (pinfo->match_uint == pinfo->destport)
type = "Request";
else
type = "Response";
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NNTP");
/*
* Put the first line from the buffer into the summary
* (but leave out the line terminator).
*
* Note that "tvb_find_line_end()" will return a value that
* is not longer than what's in the buffer, so the
* "tvb_get_ptr()" call won't throw an exception.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
line = tvb_get_ptr(tvb, offset, linelen);
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", type,
tvb_format_text(pinfo->pool, tvb, offset, linelen));
ti = proto_tree_add_item(tree, proto_nntp, tvb, offset, -1, ENC_NA);
nntp_tree = proto_item_add_subtree(ti, ett_nntp);
if (pinfo->match_uint == pinfo->destport) {
ti = proto_tree_add_boolean(nntp_tree, hf_nntp_request, tvb, 0, 0, TRUE);
if (line && g_ascii_strncasecmp(line, "STARTTLS", 8) == 0) {
session_state->tls_requested = TRUE;
}
} else {
ti = proto_tree_add_boolean(nntp_tree, hf_nntp_response, tvb, 0, 0, TRUE);
if (session_state->tls_requested) {
if (line && g_ascii_strncasecmp(line, "382", 3) == 0) {
/* STARTTLS command accepted */
ssl_starttls_ack(tls_handle, pinfo, nntp_handle);
}
session_state->tls_requested = FALSE;
}
}
proto_item_set_hidden(ti);
/*
* Show the request or response as text, a line at a time.
* XXX - for requests, we could display the stuff after the
* first line, if any, based on what the request was, and
* for responses, we could display it based on what the
* matching request was, although the latter requires us to
* know what the matching request was....
*/
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
/*
* Put this line.
*/
proto_tree_add_format_text(nntp_tree, tvb, offset, next_offset - offset);
offset = next_offset;
}
return tvb_captured_length(tvb);
}
void
proto_register_nntp(void)
{
static hf_register_info hf[] = {
{ &hf_nntp_response,
{ "Response", "nntp.response",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if NNTP response", HFILL }},
{ &hf_nntp_request,
{ "Request", "nntp.request",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if NNTP request", HFILL }}
};
static gint *ett[] = {
&ett_nntp,
};
proto_nntp = proto_register_protocol("Network News Transfer Protocol",
"NNTP", "nntp");
proto_register_field_array(proto_nntp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_nntp(void)
{
nntp_handle = register_dissector("nntp", dissect_nntp, proto_nntp);
dissector_add_uint_with_preference("tcp.port", TCP_PORT_NNTP, nntp_handle);
tls_handle = find_dissector("tls");
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t
* End:
*
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/
|