1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
/* packet-turnchannel.c
* Routines for TURN channel dissection (TURN negotiation is handled
* in the STUN2 dissector
* Copyright 2008, 8x8 Inc. <petithug@8x8.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*
* Please refer to the following specs for protocol detail:
* - draft-ietf-behave-rfc3489bis-15
* - draft-ietf-mmusic-ice-19
* - draft-ietf-behave-nat-behavior-discovery-03
* - draft-ietf-behave-turn-07
* - draft-ietf-behave-turn-ipv6-03
*
* XXX - these are now:
* - RFC 5389
* - RFC 5245
* - RFC 5780
* - RFC 5766
* - RFC 6156
* - RFC 8656
*
* Update as necessary.
*/
#include "config.h"
#include <epan/packet.h>
#include "packet-tcp.h"
void proto_register_turnchannel(void);
void proto_reg_handoff_turnchannel(void);
/* heuristic subdissectors */
static heur_dissector_list_t heur_subdissector_list;
/* Initialize the protocol and registered fields */
static int proto_turnchannel;
static int hf_turnchannel_id;
static int hf_turnchannel_len;
#define TURNCHANNEL_HDR_LEN ((unsigned)4)
#define MS_MULTIPLEX_TURN 0xFF10
/* Initialize the subtree pointers */
static int ett_turnchannel;
static dissector_handle_t turnchannel_tcp_handle;
static dissector_handle_t turnchannel_udp_handle;
/*
* RFC 5764 defined a demultiplexing scheme to allow TURN is co-exist
* on the same 5-tuple as STUN, DTLS, RTP/RTCP, and ZTLS by rejecting
* previous reserved channel numbers, restricting the channel numbers
* to 0x4000-0x7FFF. RFC 5766 (TURN) did not incorporate the restriction,
* but RFC 8656 did, further restricting the channel numbers to the
* range 0x4000-0x4FFF.
*
* Reject channel numbers outside 0x4000-0x7FFF (except for the special
* MS-TURN multiplex channel number), since no implementation has used
* any value outside that range, and the 0x5000-0x7FFF range is reserved
* in the multiplexing scheme.
*/
static bool
test_turnchannel_id(uint16_t channel_id)
{
if ((channel_id & 0x4000) == 0x4000 || channel_id == MS_MULTIPLEX_TURN)
return true;
return false;
}
static int
dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, void *data _U_)
{
unsigned len;
uint16_t channel_id;
uint16_t data_len;
proto_item *ti;
proto_tree *turnchannel_tree;
heur_dtbl_entry_t *hdtbl_entry;
len = tvb_captured_length(tvb);
/* First, make sure we have enough data to do the check. */
if (len < TURNCHANNEL_HDR_LEN) {
return 0;
}
channel_id = tvb_get_ntohs(tvb, 0);
data_len = tvb_get_ntohs(tvb, 2);
if (!test_turnchannel_id(channel_id)) {
return 0;
}
if (len != TURNCHANNEL_HDR_LEN + data_len) {
return 0;
}
/* Seems to be a decent TURN channel message */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TURN CHANNEL");
col_add_fstr(pinfo->cinfo, COL_INFO, "Channel Id 0x%x", channel_id);
ti = proto_tree_add_item(tree, proto_turnchannel, tvb, 0, -1, ENC_NA);
turnchannel_tree = proto_item_add_subtree(ti, ett_turnchannel);
proto_tree_add_uint(turnchannel_tree, hf_turnchannel_id, tvb, 0, 2, channel_id);
proto_tree_add_uint(turnchannel_tree, hf_turnchannel_len, tvb, 2, 2, data_len);
if (len > TURNCHANNEL_HDR_LEN) {
tvbuff_t *next_tvb;
unsigned reported_len, new_len;
new_len = tvb_captured_length_remaining(tvb, TURNCHANNEL_HDR_LEN);
reported_len = tvb_reported_length_remaining(tvb,
TURNCHANNEL_HDR_LEN);
if (data_len < reported_len) {
reported_len = data_len;
}
next_tvb = tvb_new_subset_length_caplen(tvb, TURNCHANNEL_HDR_LEN, new_len,
reported_len);
if (!dissector_try_heuristic(heur_subdissector_list,
next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
call_data_dissector(next_tvb, pinfo, tree);
}
}
return tvb_captured_length(tvb);
}
static unsigned
get_turnchannel_message_len(packet_info *pinfo _U_, tvbuff_t *tvb,
int offset, void *data _U_)
{
uint16_t channel_id;
channel_id = tvb_get_ntohs(tvb, 0);
/* If the channel number is outside the range, either we missed
* a TCP segment or this is STUN, DTLS, RTP, etc. multiplexed on
* the same 5-tuple. Report the length as the rest of the packet
* and dissect_turnchannel_message will reject it, rather than
* using a bogus PDU length and messing up the dissection of
* future TURN packets.
*/
if (!test_turnchannel_id(channel_id)) {
return tvb_reported_length(tvb);
}
return (unsigned)tvb_get_ntohs(tvb, offset+2) + TURNCHANNEL_HDR_LEN;
}
static int
dissect_turnchannel_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
{
tcp_dissect_pdus(tvb, pinfo, tree, true, TURNCHANNEL_HDR_LEN,
get_turnchannel_message_len, dissect_turnchannel_message, data);
return tvb_captured_length(tvb);
}
void
proto_register_turnchannel(void)
{
static hf_register_info hf[] = {
{ &hf_turnchannel_id,
{ "TURN Channel ID", "turnchannel.id", FT_UINT16,
BASE_HEX, NULL, 0x0, NULL, HFILL }
},
{ &hf_turnchannel_len,
{ "Data Length", "turnchannel.length", FT_UINT16,
BASE_DEC, NULL, 0x0, NULL, HFILL }
},
};
/* Setup protocol subtree array */
static int *ett[] = {
&ett_turnchannel,
};
/* Register the protocol name and description */
proto_turnchannel = proto_register_protocol("TURN Channel", "TURNCHANNEL", "turnchannel");
turnchannel_tcp_handle = register_dissector("turnchannel-tcp", dissect_turnchannel_tcp, proto_turnchannel);
turnchannel_udp_handle = register_dissector("turnchannel", dissect_turnchannel_message, proto_turnchannel);
/* subdissectors */
/* XXX: Nothing actually registers to this list. All dissectors register
* to the heuristic subdissector list for STUN, since the STUN dissector
* doesn't actually call this dissector but uses its own implementation
* of TURN Channel messages.
*/
heur_subdissector_list = register_heur_dissector_list_with_description("turnchannel", "TURN Channel message", proto_turnchannel);
/* Required function calls to register the header fields and subtrees used */
proto_register_field_array(proto_turnchannel, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_turnchannel(void)
{
/* Register for "Decode As" in case STUN negotiation isn't captured */
dissector_add_for_decode_as_with_preference("tcp.port", turnchannel_tcp_handle);
dissector_add_for_decode_as_with_preference("udp.port", turnchannel_udp_handle);
/*
* SSL/TLS and DTLS Application-Layer Protocol Negotiation (ALPN)
* protocol ID.
*/
dissector_add_string("tls.alpn", "stun.turn", turnchannel_tcp_handle);
dissector_add_string("dtls.alpn", "stun.turn", turnchannel_udp_handle);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t
* End:
*
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/
|