3 * Routine to check for RFC 1006 TPKT header and to dissect TPKT header
4 * Copyright 2000, Philips Electronics N.V.
5 * Andreas Sikkema <andreas.sikkema@philips.com>
7 * Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU
8 * Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com>
10 * $Id: packet-tpkt.c,v 1.22 2002/08/28 21:00:36 jmayer Exp $
12 * Ethereal - Network traffic analyzer
13 * By Gerald Combs <gerald@ethereal.com>
14 * Copyright 1998 Gerald Combs
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * as published by the Free Software Foundation; either version 2
19 * of the License, or (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #include <epan/packet.h>
41 #include "packet-tpkt.h"
42 #include "packet-frame.h"
45 /* TPKT header fields */
46 static int proto_tpkt = -1;
47 static int hf_tpkt_version = -1;
48 static int hf_tpkt_reserved = -1;
49 static int hf_tpkt_length = -1;
51 /* TPKT fields defining a sub tree */
52 static gint ett_tpkt = -1;
54 /* desegmentation of OSI over TPKT over TCP */
55 static gboolean tpkt_desegment = TRUE;
57 #define TCP_PORT_TPKT 102
59 /* find the dissector for OSI TP (aka COTP) */
60 static dissector_handle_t osi_tp_handle;
63 * Check whether this could be a TPKT-encapsulated PDU.
64 * Returns -1 if it's not, and the PDU length from the TPKT header
67 * "min_len" is the minimum length of the PDU; the length field in the
68 * TPKT header must be at least "4+min_len" in order for this to be a
69 * valid TPKT PDU for the protocol in question.
72 is_tpkt(tvbuff_t *tvb, int min_len)
77 * If TPKT is disabled, don't dissect it, just return -1, meaning
80 if (!proto_is_protocol_enabled(proto_tpkt))
83 /* There should at least be 4 bytes left in the frame */
84 if (!tvb_bytes_exist(tvb, 0, 4))
85 return -1; /* there aren't */
88 * The first octet should be 3 and the second one should be 0
89 * The H.323 implementers guide suggests that this might not
90 * always be the case....
92 if (!(tvb_get_guint8(tvb, 0) == 3 && tvb_get_guint8(tvb, 1) == 0))
93 return -1; /* they're not */
96 * Get the length from the TPKT header. Make sure it's large
99 pkt_len = tvb_get_ntohs(tvb, 2);
100 if (pkt_len < 4 + min_len)
101 return -1; /* it's not */
104 * Return the length from the header.
110 * Dissect TPKT-encapsulated data in a TCP stream.
113 dissect_tpkt_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
114 gboolean desegment, dissector_handle_t subdissector_handle)
116 proto_item *ti = NULL;
117 proto_tree *tpkt_tree = NULL;
118 volatile int offset = 0;
119 int length_remaining;
123 const char *saved_proto;
126 * If we're reassembling segmented TPKT PDUs, empty the COL_INFO
127 * column, so subdissectors can append information
128 * without having to worry about emptying the column.
130 * We use "col_add_str()" because the subdissector
131 * might be appending information to the column, in
132 * which case we'd have to zero the buffer out explicitly
135 if (tpkt_desegment && check_col(pinfo->cinfo, COL_INFO))
136 col_add_str(pinfo->cinfo, COL_INFO, "");
138 while (tvb_reported_length_remaining(tvb, offset) != 0) {
140 * Is the first byte of this putative TPKT header
141 * a valid TPKT version number, i.e. 3?
143 if (tvb_get_guint8(tvb, offset) != 3) {
145 * No, so don't assume this is a TPKT header;
146 * we might be in the middle of TPKT data,
147 * so don't get the length and don't try to
150 if (check_col(pinfo->cinfo, COL_PROTOCOL))
151 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
152 if (check_col(pinfo->cinfo, COL_INFO))
153 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
155 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
157 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
159 proto_tree_add_text(tpkt_tree, tvb, offset, -1,
160 "Continuation data");
165 length_remaining = tvb_length_remaining(tvb, offset);
168 * Can we do reassembly?
170 if (desegment && pinfo->can_desegment) {
172 * Yes - is the TPKT header split across segment
175 if (length_remaining < 4) {
177 * Yes. Tell the TCP dissector where
178 * the data for this message starts in
179 * the data it handed us, and how many
180 * more bytes we need, and return.
182 pinfo->desegment_offset = offset;
183 pinfo->desegment_len = 4 - length_remaining;
189 * Get the length from the TPKT header.
191 data_len = tvb_get_ntohs(tvb, offset + 2);
194 * Can we do reassembly?
196 if (desegment && pinfo->can_desegment) {
198 * Yes - is the payload split across segment
201 if (length_remaining < data_len) {
203 * Yes. Tell the TCP dissector where
204 * the data for this message starts in
205 * the data it handed us, and how many
206 * more bytes we need, and return.
208 pinfo->desegment_offset = offset;
209 pinfo->desegment_len =
210 data_len - length_remaining;
216 * Dissect the TPKT header.
217 * Save and restore "pinfo->current_proto".
219 saved_proto = pinfo->current_proto;
220 pinfo->current_proto = "TPKT";
222 if (check_col(pinfo->cinfo, COL_PROTOCOL))
223 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
225 * Don't add the TPKT header information if we're
226 * reassembling segmented TPKT PDUs or if this
227 * PDU isn't reassembled.
229 * XXX - the first is so that subdissectors can append
230 * information without getting TPKT stuff in the middle;
233 if (!tpkt_desegment && !pinfo->fragmented
234 && check_col(pinfo->cinfo, COL_INFO)) {
235 col_add_fstr(pinfo->cinfo, COL_INFO,
236 "TPKT Data length = %u", data_len);
240 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
242 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
245 proto_tree_add_item(tpkt_tree, hf_tpkt_version, tvb,
249 proto_tree_add_item(tpkt_tree, hf_tpkt_reserved, tvb,
250 offset + 1, 1, FALSE);
253 proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
254 offset + 2, 2, data_len);
256 pinfo->current_proto = saved_proto;
258 /* Skip the TPKT header. */
263 * Construct a tvbuff containing the amount of the payload
264 * we have available. Make its reported length the
265 * amount of data in this TPKT packet.
267 * XXX - if reassembly isn't enabled. the subdissector
268 * will throw a BoundsError exception, rather than a
269 * ReportedBoundsError exception. We really want
270 * a tvbuff where the length is "length", the reported
271 * length is "plen + 2", and the "if the snapshot length
272 * were infinite" length were the minimum of the
273 * reported length of the tvbuff handed to us and "plen+2",
274 * with a new type of exception thrown if the offset is
275 * within the reported length but beyond that third length,
276 * with that exception getting the "Unreassembled Packet"
279 length = length_remaining - 4;
280 if (length > data_len)
282 next_tvb = tvb_new_subset(tvb, offset, length, data_len);
285 * Call the subdissector.
287 * Catch the ReportedBoundsError exception; if this
288 * particular message happens to get a ReportedBoundsError
289 * exception, that doesn't mean that we should stop
290 * dissecting TPKT messages within this frame or chunk
291 * of reassembled data.
293 * If it gets a BoundsError, we can stop, as there's nothing
294 * more to see, so we just re-throw it.
297 call_dissector(subdissector_handle, next_tvb, pinfo,
303 CATCH(ReportedBoundsError) {
304 show_reported_bounds_error(tvb, pinfo, tree);
316 * Dissect RFC 1006 TPKT, which wraps a TPKT header around an OSI TP
320 dissect_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
322 dissect_tpkt_encap(tvb, pinfo, tree, tpkt_desegment, osi_tp_handle);
326 proto_register_tpkt(void)
328 static hf_register_info hf[] =
372 module_t *tpkt_module;
374 proto_tpkt = proto_register_protocol("TPKT", "TPKT", "tpkt");
375 proto_register_field_array(proto_tpkt, hf, array_length(hf));
376 proto_register_subtree_array(ett, array_length(ett));
378 tpkt_module = prefs_register_protocol(proto_tpkt, NULL);
379 prefs_register_bool_preference(tpkt_module, "desegment",
380 "Desegment all TPKT messages spanning multiple TCP segments",
381 "Whether the TPKT dissector should desegment all messages spanning multiple TCP segments",
386 proto_reg_handoff_tpkt(void)
388 dissector_handle_t tpkt_handle;
390 osi_tp_handle = find_dissector("ositp");
391 tpkt_handle = create_dissector_handle(dissect_tpkt, proto_tpkt);
392 dissector_add("tcp.port", TCP_PORT_TPKT, tpkt_handle);