epan/dissectors/packet-sametime.c

   1 /* packet-sametime.c
   2  * Routines for SAMETIME dissection
   3  * Copyright 2010, Toralf Foerster <toralf.foerster [AT] gmx.de>
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 #include "config.h"
  13
  14 #include <epan/packet.h>
  15 #include <epan/prefs.h>
  16 #include <epan/stats_tree.h>
  17 #include "packet-tcp.h"
  18
  19 #define DEFAULT_SAMETIME_PORT 1533 /* Not IANA registered */
  20
  21 void proto_register_sametime(void);
  22 void proto_reg_handoff_sametime(void);
  23
  24 static int proto_sametime = -1;
  25 static dissector_handle_t sametime_handle;
  26
  27 /*preferences*/
  28 static gboolean global_sametime_show_length = FALSE;
  29 static gboolean global_sametime_reassemble_packets = TRUE;
  30
  31 /*heart beat*/
  32 static int hf_sametime_heartbeat = -1;
  33
  34 /*sametime message header*/
  35 static int hf_sametime_message_length = -1;
  36 static int hf_sametime_message_type = -1;
  37 static int hf_sametime_message_options = -1;
  38 static int hf_sametime_message_options_attribute = -1;
  39 static int hf_sametime_message_options_encrypted = -1;
  40 static int hf_sametime_message_channel = -1;
  41
  42 /*common types*/
  43 static int hf_sametime_field_length = -1;
  44 static int hf_sametime_field_text = -1;
  45 static int hf_sametime_code = -1;
  46 static int hf_sametime_login_type = -1;
  47 static int hf_sametime_time = -1;
  48
  49 /*handshake*/
  50 static int hf_sametime_handshake_major = -1;
  51 static int hf_sametime_handshake_minor = -1;
  52 static int hf_sametime_handshake_srvrcalc_addr = -1;
  53 static int hf_sametime_handshake_loclcalc_addr = -1;
  54
  55 /*channel*/
  56 static int hf_sametime_channel_service = -1;
  57 static int hf_sametime_channel_id = -1;
  58 static int hf_sametime_channel_send_type = -1;
  59 static int hf_sametime_channel_awareness = -1;
  60
  61 /*user status*/
  62 static int hf_sametime_user_status = -1;
  63
  64 /*location*/
  65 static int hf_sametime_location_country = -1;
  66 static int hf_sametime_location_postalcode = -1;
  67 static int hf_sametime_location_province = -1;
  68 static int hf_sametime_location_city = -1;
  69 static int hf_sametime_location_phone = -1;
  70 static int hf_sametime_location_name = -1;
  71 static int hf_sametime_location_timezone = -1;
  72
  73 /*packet detail tree*/
  74 static gint ett_sametime = -1;
  75 static gint ett_sametime_options = -1;
  76
  77 /*statistics*/
  78 static int sametime_tap = -1;
  79 static const guint8* st_str_packet = "Sametime Message Count";
  80 static const guint8* st_str_message_type = "Message Type";
  81 static const guint8* st_str_send_type = "Send Type";
  82 static const guint8* st_str_user_status = "User Status";
  83 static int st_node_packet = -1;
  84 static int st_node_message_type = -1;
  85 static int st_node_send_type = -1;
  86 static int st_node_user_status = -1;
  87
  88 typedef struct SametimeTap {
  89    gint message_type;
  90    gint send_type;
  91    gint user_status;
  92 } SametimeTap;
  93
  94 #define SAMETIME_MESSAGETYPE_HEARTBEAT        0x80
  95 #define SAMETIME_MESSAGETYPE_HANDSHAKE        0x0000
  96
  97 #define SAMETIME_MESSAGETYPE_HANDSHAKE_ACK    0x8000
  98 #define SAMETIME_MESSAGETYPE_HANDSHAKE_SYN    0x0025
  99 #define SAMETIME_MESSAGETYPE_LOGIN            0x0001
 100 #define SAMETIME_MESSAGETYPE_LOGIN_ACK        0x8001
 101 #define SAMETIME_MESSAGETYPE_LOGIN_REDIRECT   0x0018
 102 #define SAMETIME_MESSAGETYPE_LOGIN_CONTINUE   0x0016
 103
 104 #define SAMETIME_MESSAGETYPE_CHANNEL_CREATE   0x0002
 105 #define SAMETIME_MESSAGETYPE_CHANNEL_DESTROY  0x0003
 106 #define SAMETIME_MESSAGETYPE_CHANNEL_SEND     0x0004
 107 #define SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT   0x0006
 108
 109 #define SAMETIME_MESSAGETYPE_SET_USER_STATUS  0x0009
 110 #define SAMETIME_MESSAGETYPE_SET_PRIVACY_LIST 0x000b
 111 #define SAMETIME_MESSAGETYPE_SENSE_SERVICE    0x0011
 112 #define SAMETIME_MESSAGETYPE_ADMIN            0x0019
 113 #define SAMETIME_MESSAGETYPE_ANNOUNCE         0x0022
 114
 115
 116 static const value_string messagetypenames[] = {
 117    {  SAMETIME_MESSAGETYPE_HEARTBEAT,        "HEARTBEAT" },
 118
 119    {  SAMETIME_MESSAGETYPE_HANDSHAKE,        "HANDSHAKE" },
 120    {  SAMETIME_MESSAGETYPE_HANDSHAKE_SYN,    "HANDSHAKE_SYN" },
 121    {  SAMETIME_MESSAGETYPE_HANDSHAKE_ACK,    "HANDSHAKE_ACK" },
 122    {  SAMETIME_MESSAGETYPE_LOGIN,            "LOGIN" },
 123    {  SAMETIME_MESSAGETYPE_LOGIN_ACK,        "LOGIN_ACK" },
 124    {  SAMETIME_MESSAGETYPE_LOGIN_REDIRECT,   "LOGIN_REDIRECT" },
 125    {  SAMETIME_MESSAGETYPE_LOGIN_CONTINUE,   "LOGIN_CONTINUE" },
 126
 127    {  SAMETIME_MESSAGETYPE_CHANNEL_CREATE,   "CHANNEL_CREATE" },
 128    {  SAMETIME_MESSAGETYPE_CHANNEL_DESTROY,  "CHANNEL_DESTROY" },
 129    {  SAMETIME_MESSAGETYPE_CHANNEL_SEND,     "CHANNEL_SEND" },
 130    {  SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT,   "CHANNEL_ACCEPT" },
 131
 132    {  SAMETIME_MESSAGETYPE_SET_USER_STATUS,  "SET_USER_STATUS" },
 133    {  SAMETIME_MESSAGETYPE_SET_PRIVACY_LIST, "SET_PRIVACY_LIST" },
 134    {  SAMETIME_MESSAGETYPE_SENSE_SERVICE,    "SENSE_SERVICE" },
 135    {  SAMETIME_MESSAGETYPE_ADMIN,            "ADMIN" },
 136    {  SAMETIME_MESSAGETYPE_ANNOUNCE,         "ANNOUNCE" },
 137
 138    { 0, NULL }
 139 };
 140
 141 #define SAMETIME_MESSAGEOPTION_ENCRYPT     0x4000
 142 #define SAMETIME_MESSAGEOPTION_HAS_ATTRIBS 0x8000
 143
 144 static const value_string optionnames[] = {
 145    {  0x0,                                "" },
 146    {  SAMETIME_MESSAGEOPTION_ENCRYPT,     "ENCRYPT" },
 147    {  SAMETIME_MESSAGEOPTION_HAS_ATTRIBS, "HAS_ATTRIBS" },
 148
 149    { 0, NULL }
 150 };
 151
 152 static const value_string userstatusnames[] = {
 153    { 0x0020, "ACTIVE" },  /* "I am available" */
 154    { 0x0040, "IDLE" },    /* never seen in the wild, maybe non-pc :-) ? */
 155    { 0x0060, "AWAY" },    /* "I am away from my computer now" */
 156    { 0x0080, "BUSY" },    /* "Please do not disturb me" */
 157    { 0x0008, "MEETING" }, /* "I am in a meeting" */
 158
 159    { 0, NULL }
 160 };
 161
 162 #define SAMETIME_SENDTYPE_AWARE_ADD      0x0068
 163 #define SAMETIME_SENDTYPE_OPT_DO_SET     0x00c9
 164 #define SAMETIME_SENDTYPE_AWARE_SNAPSHOT 0x01f4
 165 #define SAMETIME_SENDTYPE_AWARE_UPDATE   0x01f5
 166 #define SAMETIME_SENDTYPE_OPT_GOT_SET    0x0259
 167
 168 static const value_string sendtypenames[] = {
 169    { SAMETIME_SENDTYPE_AWARE_ADD,      "AWARE_ADD" },
 170    { 0x0069,                           "AWARE_REMOVE" },
 171    { SAMETIME_SENDTYPE_OPT_DO_SET,     "OPT_DO_SET" },
 172    { 0x00cb,                           "OPT_WATCH" },
 173    { SAMETIME_SENDTYPE_AWARE_SNAPSHOT, "AWARE_SNAPSHOT" },
 174    { SAMETIME_SENDTYPE_AWARE_UPDATE,   "AWARE_UPDATE" },
 175    { SAMETIME_SENDTYPE_OPT_GOT_SET,    "OPT_GOT_SET" },
 176    { 0x025a,                           "?" },
 177    { 0x025d,                           "OPT_DID_SET" },
 178
 179    { 0, NULL }
 180 };
 181
 182 static const value_string awarenessnames[] = {
 183    { 0x0002, "USER" },
 184    { 0x0003, "GROUP" },
 185    { 0x0008, "SERVER" },
 186    { 0, NULL }
 187 };
 188
 189 static const value_string codenames[] = {
 190    { 0x00000011, "SERVICE_AWARE" },
 191    { 0x00000015, "SERVICE_RESOLVE" },
 192    { 0x00000018, "SERVICE_STORAGE" },
 193    { 0x0000001a, "SERVICE_DIRECTORY" },
 194
 195    { 0x80000011, "ERR_USER_SKETCHY" },
 196    { 0x80000015, "ERR_TOKEN_INVALID" },
 197    { 0x80000018, "ERR_PORT_IN_USE" },
 198    { 0x80000022, "ERR_CHANNEL_DESTROYED" },
 199
 200    { 0, NULL }
 201 };
 202
 203
 204 static int
 205 add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
 206 {
 207    guint16 length;
 208
 209    /* heuristic rule, string should start w/ valid character(s) */
 210    if (! tvb_get_guint8(tvb, offset + 2))
 211       return 0;
 212
 213    length = tvb_get_ntohs(tvb, offset);
 214    if (length)        {
 215       /* the string length must not exceed the packet length */
 216       if (length > tvb_reported_length_remaining(tvb, offset + 2))
 217          return 0;
 218
 219       /* add string length only if preferences is set */
 220       if (global_sametime_show_length)
 221          proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);
 222
 223       /* add string */
 224       proto_tree_add_item(tree, hf, tvb, offset + 2, length, ENC_ASCII|ENC_NA);
 225    }
 226
 227    return 2 + length;
 228 }
 229
 230
 231 static guint16
 232 dissect_set_user_status(tvbuff_t *tvb, proto_tree *tree, int offset)
 233 {
 234    guint16 user_status;
 235
 236    user_status = tvb_get_ntohs(tvb, offset);
 237    proto_item_append_text(tree, ", %s", val_to_str(user_status, userstatusnames, "0x%04x"));
 238    proto_tree_add_item(tree, hf_sametime_user_status, tvb, offset, 2, ENC_BIG_ENDIAN);
 239    offset += 2;
 240    proto_tree_add_item(tree, hf_sametime_time, tvb, offset, 4, ENC_BIG_ENDIAN);
 241    offset += 4;
 242    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 243
 244    return user_status;
 245 }
 246
 247
 248 static int
 249 dissect_handshake(tvbuff_t *tvb, proto_tree *tree, int offset)
 250 {
 251    proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, ENC_BIG_ENDIAN);
 252    offset += 2;
 253    proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, ENC_BIG_ENDIAN);
 254    offset += 2;
 255    offset += 4;
 256    proto_tree_add_item(tree, hf_sametime_handshake_srvrcalc_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
 257    offset += 4;
 258    proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 259    offset += 2;
 260    proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
 261    offset += 4;
 262    offset += 6;
 263    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 264    offset += 8;
 265    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 266
 267    return offset;
 268 }
 269
 270
 271 static void
 272 dissect_handshake_ack(tvbuff_t *tvb, proto_tree *tree, int offset)
 273 {
 274    proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, ENC_BIG_ENDIAN);
 275    offset += 2;
 276    proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, ENC_BIG_ENDIAN);
 277    offset += 2;
 278    proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
 279    offset += 4;
 280    offset += 4;
 281    offset += 4;
 282    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 283 }
 284
 285
 286 static void
 287 dissect_login(tvbuff_t *tvb, proto_tree *tree, int offset)
 288 {
 289    offset += 2;
 290    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 291 }
 292
 293
 294 static void
 295 dissect_login_redirect(tvbuff_t *tvb, proto_tree *tree, int offset)
 296 {
 297    offset += 2;
 298    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 299 }
 300
 301
 302 static void
 303 dissect_login_ack(tvbuff_t *tvb, proto_tree *tree, int offset)
 304 {
 305    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 306    proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 307    offset += 2;
 308    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 309    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 310    offset += 3;
 311    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 312    proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
 313    offset += 4;
 314    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 315    offset += 21;
 316    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 317    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 318 }
 319
 320
 321 static void
 322 dissect_channel_create(tvbuff_t *tvb, proto_tree *tree, int offset)
 323 {
 324    offset += 4;
 325    proto_tree_add_item(tree, hf_sametime_channel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
 326    offset += 4;
 327    offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 328    proto_tree_add_item(tree, hf_sametime_channel_service, tvb, offset, 4, ENC_BIG_ENDIAN);
 329    offset += 4;
 330    offset += 8;
 331    add_text_item(tvb, tree, offset, hf_sametime_field_text);
 332 }
 333
 334
 335 static guint16
 336 dissect_channel_send(tvbuff_t *tvb, proto_tree *tree, int offset)
 337 {
 338    guint16 send_type, awareness;
 339    guint na;
 340
 341    send_type = tvb_get_ntohs(tvb, offset);
 342    proto_item_append_text(tree, ", %s", val_to_str(send_type, sendtypenames, "0x%04x"));
 343    proto_tree_add_item(tree, hf_sametime_channel_send_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 344    offset += 2;
 345
 346    switch (send_type)        {
 347       case SAMETIME_SENDTYPE_AWARE_ADD:
 348          offset += 8;
 349          awareness = tvb_get_ntohs(tvb, offset);
 350          proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%04x"));
 351          proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, ENC_BIG_ENDIAN);
 352          offset += 2;
 353          add_text_item(tvb, tree, offset, hf_sametime_field_text);
 354
 355          break;
 356
 357       case SAMETIME_SENDTYPE_OPT_DO_SET:
 358          offset += 20;
 359          na = tvb_get_ntohl(tvb, offset);
 360          offset += 4;
 361          if (na == 0x33)        {
 362             offset += add_text_item(tvb, tree, offset, hf_sametime_location_country);
 363             offset += add_text_item(tvb, tree, offset, hf_sametime_location_postalcode);
 364             offset += add_text_item(tvb, tree, offset, hf_sametime_location_province);
 365             offset += add_text_item(tvb, tree, offset, hf_sametime_location_city);
 366             offset += add_text_item(tvb, tree, offset, hf_sametime_location_phone);
 367             offset += 1;
 368             offset += add_text_item(tvb, tree, offset, hf_sametime_location_name);
 369             add_text_item(tvb, tree, offset, hf_sametime_location_timezone);
 370          } else        {
 371             add_text_item(tvb, tree, offset, hf_sametime_field_text);
 372          }
 373
 374          break;
 375
 376       case SAMETIME_SENDTYPE_OPT_GOT_SET:
 377          offset += 8;
 378          awareness = tvb_get_ntohs(tvb, offset);
 379          proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%04x"));
 380          proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, ENC_BIG_ENDIAN);
 381          offset += 2;
 382          while (tvb_reported_length_remaining(tvb, offset) > 2)        {
 383             int n = add_text_item(tvb, tree, offset, hf_sametime_field_text);
 384             offset += (n) ? n : 1;
 385          }
 386
 387          break;
 388
 389       case SAMETIME_SENDTYPE_AWARE_SNAPSHOT:
 390          offset += 12;
 391          awareness = tvb_get_ntohs(tvb, offset);
 392          proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%04x"));
 393          proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, ENC_BIG_ENDIAN);
 394          offset += 2;
 395          add_text_item(tvb, tree, offset, hf_sametime_field_text);
 396
 397          break;
 398
 399       case SAMETIME_SENDTYPE_AWARE_UPDATE:
 400          offset += 4;
 401          offset += 4;
 402          awareness = tvb_get_ntohs(tvb, offset);
 403          proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%04x"));
 404          proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, ENC_BIG_ENDIAN);
 405          offset += 2;
 406          offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 407          offset += 4;
 408          if (tvb_get_guint8(tvb, offset))        {
 409             offset += 1;
 410             offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 411             dissect_set_user_status(tvb, tree, offset);
 412          }
 413
 414          break;
 415
 416       case 0x0000:
 417          offset += 14;
 418          add_text_item(tvb, tree, offset, hf_sametime_field_text);
 419
 420          break;
 421
 422       case 0x0002:
 423          offset += 8;
 424          offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 425          offset += 3;
 426          add_text_item(tvb, tree, offset, hf_sametime_field_text);
 427
 428          break;
 429
 430       case 0x0005:        /* XML */
 431          if (26 <= tvb_reported_length_remaining(tvb, offset + 2))        {
 432             offset += 26;
 433             add_text_item(tvb, tree, offset, hf_sametime_field_text);
 434          }
 435
 436          break;
 437
 438       case 0x0007:
 439          offset += 8;
 440          if (4 <= tvb_reported_length_remaining(tvb, offset + 2))        {
 441             offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 442             offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 443             offset += 3;
 444             offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 445             add_text_item(tvb, tree, offset, hf_sametime_field_text);
 446          }
 447
 448          break;
 449
 450       case 0x025a:
 451          offset += 10;
 452          add_text_item(tvb, tree, offset, hf_sametime_field_text);
 453
 454          break;
 455
 456       default:
 457          break;
 458    }
 459
 460    return send_type;
 461 }
 462
 463
 464 static void
 465 dissect_channel_accept(tvbuff_t *tvb, proto_tree *tree, int offset)
 466 {
 467    offset += 34;
 468    if (tvb_reported_length_remaining(tvb, offset + 2))        {
 469       offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 470       if (tvb_get_guint8(tvb, offset))        {
 471          offset += 1;
 472          offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
 473          dissect_set_user_status(tvb, tree, offset);
 474       }
 475    }
 476 }
 477
 478
 479 static void
 480 dissect_sense_service(tvbuff_t *tvb, proto_tree *tree, int offset)
 481 {
 482    guint32 code;
 483
 484    code = tvb_get_ntohl(tvb, offset);
 485    proto_item_append_text(tree, ", %s", val_to_str(code, codenames, "0x%04x"));
 486    proto_tree_add_item(tree, hf_sametime_code, tvb, offset, 4, ENC_BIG_ENDIAN);
 487 }
 488
 489
 490 /*
 491         here we really dissect the message(s)
 492 */
 493 static int
 494 dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
 495 {
 496    proto_tree *sametime_tree;
 497    proto_item *ti;
 498    static SametimeTap *sinfo;
 499    gint message_type;
 500    int packet_length, offset = 0;
 501
 502    /* we expect either 1 heartbeat byte (0x80) or a sametime message */
 503    packet_length = tvb_reported_length_remaining(tvb, offset);
 504    if (packet_length == 1)        {
 505       message_type = tvb_get_guint8(tvb, 0);
 506
 507    } else if (packet_length < 12)        {
 508       message_type = -1;
 509
 510    } else        {
 511       message_type = tvb_get_ntohs(tvb, 4);
 512    }
 513
 514    /* add message type */
 515    col_append_str(pinfo->cinfo, COL_INFO, val_to_str(message_type, messagetypenames, "0x%04x"));
 516    col_append_str(pinfo->cinfo, COL_INFO, " ");
 517
 518    /* message type statistic */
 519    sinfo = wmem_new(wmem_packet_scope(), struct SametimeTap);
 520    sinfo->message_type = message_type;
 521    sinfo->send_type = -1;
 522    sinfo->user_status = -1;
 523
 524    /* packet detail tree */
 525    ti = proto_tree_add_item(tree, proto_sametime, tvb, offset, -1, ENC_NA);
 526    sametime_tree = proto_item_add_subtree(ti, ett_sametime);
 527    proto_item_append_text(sametime_tree, ", %s", val_to_str(message_type, messagetypenames, "0x%04x"));
 528
 529    /* dissect message */
 530    if (message_type == SAMETIME_MESSAGETYPE_HEARTBEAT)        {
 531       proto_tree_add_item(sametime_tree, hf_sametime_heartbeat, tvb, offset, 1, ENC_BIG_ENDIAN);
 532
 533    } else if (message_type != -1) {
 534       proto_tree *options_tree;
 535       proto_item *op;
 536
 537       /* first 4 bytes gives the length of the sametime message */
 538       if (global_sametime_show_length)        {
 539          proto_tree_add_item(sametime_tree, hf_sametime_message_length, tvb, offset, 4, ENC_BIG_ENDIAN);
 540       }
 541       offset += 4;
 542
 543       /* next 2 bytes gives the message type */
 544       proto_tree_add_item(sametime_tree, hf_sametime_message_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 545       offset += 2;
 546
 547       /* next 2 bytes are the message options */
 548       op = proto_tree_add_item(sametime_tree, hf_sametime_message_options, tvb, offset, 2, ENC_BIG_ENDIAN);
 549       options_tree = proto_item_add_subtree(op, ett_sametime_options);
 550       proto_tree_add_item(options_tree, hf_sametime_message_options_attribute, tvb, offset, 2, ENC_BIG_ENDIAN);
 551       proto_tree_add_item(options_tree, hf_sametime_message_options_encrypted, tvb, offset, 2, ENC_BIG_ENDIAN);
 552       offset += 2;
 553
 554       /* next 4 bytes contains the channel id */
 555       proto_tree_add_item(sametime_tree, hf_sametime_message_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
 556       offset += 4;
 557
 558       switch (message_type)
 559       {
 560          case SAMETIME_MESSAGETYPE_HANDSHAKE:
 561             dissect_handshake(tvb, sametime_tree, offset);
 562             break;
 563
 564          case SAMETIME_MESSAGETYPE_HANDSHAKE_ACK:
 565             dissect_handshake_ack(tvb, sametime_tree, offset);
 566             break;
 567
 568          case SAMETIME_MESSAGETYPE_HANDSHAKE_SYN:
 569             break;
 570
 571          case SAMETIME_MESSAGETYPE_LOGIN:
 572             dissect_login(tvb, sametime_tree, offset);
 573             break;
 574
 575          case SAMETIME_MESSAGETYPE_LOGIN_REDIRECT:
 576             dissect_login_redirect(tvb, sametime_tree, offset);
 577             break;
 578
 579          case SAMETIME_MESSAGETYPE_LOGIN_ACK:
 580             dissect_login_ack(tvb, sametime_tree, offset);
 581             break;
 582
 583          case SAMETIME_MESSAGETYPE_CHANNEL_CREATE:
 584             dissect_channel_create(tvb, sametime_tree, offset);
 585             break;
 586
 587          case SAMETIME_MESSAGETYPE_CHANNEL_SEND:
 588             sinfo->send_type = dissect_channel_send(tvb, sametime_tree, offset);
 589             break;
 590
 591          case SAMETIME_MESSAGETYPE_CHANNEL_ACCEPT:
 592             dissect_channel_accept(tvb, sametime_tree, offset);
 593             break;
 594
 595          case SAMETIME_MESSAGETYPE_SET_USER_STATUS:
 596             sinfo->user_status = dissect_set_user_status(tvb, sametime_tree, offset);
 597             break;
 598
 599          case SAMETIME_MESSAGETYPE_SENSE_SERVICE:
 600             dissect_sense_service(tvb, sametime_tree, offset);
 601             break;
 602
 603          default:
 604             /* do not fill the statistics with useless data from encrypted packages */
 605             sinfo->message_type = -1;
 606             break;
 607       }
 608    }
 609
 610    tap_queue_packet(sametime_tap, pinfo, sinfo);
 611    return tvb_captured_length(tvb);
 612 }
 613
 614
 615 /*
 616         tick statistics
 617 */
 618 static tap_packet_status
 619 sametime_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
 620 {
 621    const struct SametimeTap *pi = (const struct SametimeTap *)p;
 622
 623    tick_stat_node(st, st_str_packet, 0, FALSE);
 624    if (pi->message_type != -1)
 625       stats_tree_tick_pivot(st, st_node_message_type, val_to_str(pi->message_type, messagetypenames, "Unknown (0x%04x)"));
 626
 627    if (pi->send_type != -1)
 628       stats_tree_tick_pivot(st, st_node_send_type, val_to_str(pi->send_type, sendtypenames, "Unknown (0x%04x)"));
 629
 630    if (pi->user_status != -1)
 631       stats_tree_tick_pivot(st, st_node_user_status, val_to_str(pi->user_status, userstatusnames, "Unknown (0x%04x)"));
 632
 633    return TAP_PACKET_REDRAW;
 634 }
 635
 636
 637 /*
 638         init statistic
 639 */
 640 static void
 641 sametime_stats_tree_init(stats_tree* st)
 642 {
 643    st_node_packet = stats_tree_create_node(st, st_str_packet, 0, STAT_DT_INT, TRUE);
 644    st_node_message_type = stats_tree_create_pivot(st, st_str_message_type, st_node_packet);
 645    st_node_send_type = stats_tree_create_pivot(st, st_str_send_type, st_node_packet);
 646    st_node_user_status = stats_tree_create_pivot(st, st_str_user_status, st_node_packet);
 647 }
 648
 649
 650 /*
 651         length of the sametime message
 652 */
 653 static guint
 654 get_sametime_message_len(packet_info *pinfo _U_, tvbuff_t *tvb,
 655                          int offset, void *data _U_)
 656 {
 657    /* XXX: Actually: the length of the tvb will always be 4 or greater at this point */
 658    /*      because tcp_dissect_pdus was called with 4 as a required "fixed length".  */
 659    /*        But newer variants of this protocol with a full encrypted network stream  */
 660    /*        may require a more sophisticated dissection logic here                    */
 661    guint32 N = tvb_captured_length_remaining(tvb, offset);
 662
 663    return (N < 4) ? N : tvb_get_ntohl(tvb, offset) + 4;
 664 }
 665
 666
 667 /*
 668         the dissector itself
 669 */
 670 static int
 671 dissect_sametime(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
 672 {
 673    col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAMETIME");
 674    col_clear(pinfo->cinfo,COL_INFO);
 675
 676    tcp_dissect_pdus(tvb, pinfo, tree, global_sametime_reassemble_packets, 4,
 677          get_sametime_message_len, dissect_sametime_content, data);
 678    return tvb_captured_length(tvb);
 679 }
 680
 681
 682 void
 683 proto_register_sametime(void)
 684 {
 685    static hf_register_info hf[] = {
 686       /*tcp payload is one byte : SAMETIME_MESSAGETYPE_HEARTBEAT*/
 687       { &hf_sametime_heartbeat,
 688          { "heartbeat", "sametime.heartbeat",
 689             FT_UINT8, BASE_HEX,
 690             NULL, 0x0,
 691             NULL, HFILL }
 692       },
 693
 694       /*sametime message header*/
 695       { &hf_sametime_message_length,
 696          { "msg length", "sametime.message_length",
 697             FT_UINT32, BASE_DEC,
 698             NULL, 0,
 699             NULL, HFILL }
 700       },
 701       { &hf_sametime_message_type,
 702          { "msg type", "sametime.message_type",
 703             FT_UINT16, BASE_HEX,
 704             VALS(messagetypenames), 0x0,
 705             NULL, HFILL }
 706       },
 707       { &hf_sametime_message_options,
 708          { "msg options", "sametime.message_options",
 709             FT_UINT16, BASE_HEX,
 710             VALS(optionnames), 0x0,
 711             NULL, HFILL }
 712       },
 713       { &hf_sametime_message_options_encrypted,
 714          { "ENCRYPT", "sametime.message_options.encrypted",
 715             FT_BOOLEAN, 16,
 716             NULL, SAMETIME_MESSAGEOPTION_ENCRYPT,
 717             NULL, HFILL }
 718       },
 719       { &hf_sametime_message_options_attribute,
 720          { "HAS_ATTRIBS", "sametime.message_options.attribute",
 721             FT_BOOLEAN, 16,
 722             NULL, SAMETIME_MESSAGEOPTION_HAS_ATTRIBS,
 723             NULL, HFILL }
 724       },
 725       { &hf_sametime_message_channel,
 726          { "msg channel", "sametime.message_channel",
 727             FT_UINT32, BASE_DEC,
 728             NULL, 0,
 729             NULL, HFILL }
 730       },
 731
 732       /*common fields within various message types*/
 733       { &hf_sametime_field_length,
 734          { "length", "sametime.field_length",
 735             FT_UINT16, BASE_DEC,
 736             NULL, 0,
 737             NULL, HFILL }
 738       },
 739       { &hf_sametime_field_text,
 740          { "text", "sametime.field_text",
 741             FT_STRING, STR_ASCII,
 742             NULL, 0x0,
 743             NULL, HFILL }
 744       },
 745       { &hf_sametime_code,
 746          { "code", "sametime.code",
 747             FT_UINT32, BASE_HEX,
 748             VALS(codenames), 0x0,
 749             NULL, HFILL }
 750       },
 751       { &hf_sametime_login_type,
 752          { "login type", "sametime.login_type",
 753             FT_UINT16, BASE_HEX,
 754             NULL, 0x0,
 755             NULL, HFILL }
 756       },
 757       { &hf_sametime_time,
 758          { "time", "sametime.time",
 759             FT_UINT32, BASE_DEC,
 760             NULL, 0,
 761             NULL, HFILL }
 762       },
 763
 764       /*type handshake*/
 765       { &hf_sametime_handshake_major,
 766          { "major", "sametime.handshake.major",
 767             FT_UINT16, BASE_HEX,
 768             NULL, 0x0,
 769             NULL, HFILL }
 770       },
 771       { &hf_sametime_handshake_minor,
 772          { "minor", "sametime.handshake.minor",
 773             FT_UINT16, BASE_HEX,
 774             NULL, 0x0,
 775             NULL, HFILL }
 776       },
 777       { &hf_sametime_handshake_srvrcalc_addr,
 778          { "srvr", "sametime.handshake.srvrcalc_addr",
 779             FT_IPv4, BASE_NONE,
 780             NULL, 0x0,
 781             NULL, HFILL }
 782       },
 783       { &hf_sametime_handshake_loclcalc_addr,
 784          { "locl", "sametime.handshake.loclcalc_addr",
 785             FT_IPv4, BASE_NONE,
 786             NULL, 0x0,
 787             NULL, HFILL }
 788       },
 789
 790       /*type channel*/
 791       { &hf_sametime_channel_service,
 792          { "service id", "sametime.channel.service",
 793             FT_UINT32, BASE_DEC,
 794             NULL, 0,
 795             NULL, HFILL }
 796       },
 797       { &hf_sametime_channel_id,
 798          { "channel id", "sametime.channel.id",
 799             FT_UINT32, BASE_DEC,
 800             NULL, 0,
 801             NULL, HFILL }
 802       },
 803       { &hf_sametime_channel_send_type,
 804          { "send type", "sametime.channel.send_type",
 805             FT_UINT16, BASE_HEX,
 806             VALS(sendtypenames), 0,
 807             NULL, HFILL }
 808       },
 809       { &hf_sametime_channel_awareness,
 810          { "awareness", "sametime.channel.awareness",
 811             FT_UINT16, BASE_HEX,
 812             VALS(awarenessnames), 0x0,
 813             NULL, HFILL }
 814       },
 815
 816       /*type user status*/
 817       { &hf_sametime_user_status,
 818          { "user status", "sametime.user_status_type",
 819             FT_UINT16, BASE_HEX,
 820             VALS(userstatusnames), 0x0,
 821             NULL, HFILL }
 822       },
 823
 824       /*type location*/
 825       { &hf_sametime_location_name,
 826          { "name", "sametime.location.name",
 827             FT_STRING, STR_ASCII,
 828             NULL, 0x0,
 829             NULL, HFILL }
 830       },
 831       { &hf_sametime_location_city,
 832          { "city", "sametime.location.city",
 833             FT_STRING, STR_ASCII,
 834             NULL, 0x0,
 835             NULL, HFILL }
 836       },
 837       { &hf_sametime_location_province,
 838          { "province", "sametime.location.province",
 839             FT_STRING, STR_ASCII,
 840             NULL, 0x0,
 841             NULL, HFILL }
 842       },
 843       { &hf_sametime_location_postalcode,
 844          { "postal code", "sametime.location.postalcode",
 845             FT_STRING, STR_ASCII,
 846             NULL, 0x0,
 847             NULL, HFILL }
 848       },
 849       { &hf_sametime_location_country,
 850          { "country", "sametime.location.country",
 851             FT_STRING, STR_ASCII,
 852             NULL, 0x0,
 853             NULL, HFILL }
 854       },
 855       { &hf_sametime_location_phone,
 856          { "phone", "sametime.location.phone",
 857             FT_STRING, STR_ASCII,
 858             NULL, 0x0,
 859             NULL, HFILL }
 860       },
 861       { &hf_sametime_location_timezone,
 862          { "time zone", "sametime.location.timezone",
 863             FT_STRING, STR_ASCII,
 864             NULL, 0x0,
 865             NULL, HFILL }
 866       },
 867    };
 868
 869    static gint *ett[] = {
 870       &ett_sametime,
 871       &ett_sametime_options
 872    };
 873
 874    module_t *sametime_module;
 875
 876    proto_sametime = proto_register_protocol ("Sametime Protocol", "SAMETIME", "sametime");
 877    proto_register_field_array(proto_sametime, hf, array_length(hf));
 878    proto_register_subtree_array(ett, array_length(ett));
 879
 880    sametime_tap = register_tap("sametime");
 881
 882    /* Preference setting */
 883    sametime_module = prefs_register_protocol(proto_sametime, NULL);
 884    prefs_register_bool_preference(sametime_module, "show_length",
 885          "Show length",
 886          "Show length of text field",
 887          &global_sametime_show_length);
 888    prefs_register_bool_preference(sametime_module, "reassemble",
 889          "Reassemble","reassemble packets",
 890          &global_sametime_reassemble_packets);
 891 }
 892
 893
 894 /*
 895         create / register
 896 */
 897 void
 898 proto_reg_handoff_sametime(void)
 899 {
 900    sametime_handle = create_dissector_handle(dissect_sametime, proto_sametime);
 901    dissector_add_uint_with_preference("tcp.port", DEFAULT_SAMETIME_PORT, sametime_handle);
 902
 903    stats_tree_register("sametime", "sametime", "Sametime/Messages", 0,
 904         sametime_stats_tree_packet,
 905         sametime_stats_tree_init, NULL );
 906
 907 }
 908
 909
 910 /*
 911  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 912  *
 913  * Local variables:
 914  * c-basic-offset: 4
 915  * tab-width: 8
 916  * indent-tabs-mode: nil
 917  * End:
 918  *
 919  * vi: set shiftwidth=4 tabstop=8 expandtab:
 920  * :indentSize=4:tabSize=8:noTabs=true:
 921  */