2 * Routines for AIM Instant Messenger (OSCAR) dissection
3 * Copyright 2000, Ralf Hoelzer <ralf@well.com>
4 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
5 * Copyright 2004, Devin Heitmueller <dheitmueller@netilla.com>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 #include <epan/packet.h>
30 #include <epan/strutil.h>
31 #include <epan/to_str.h>
33 #include "packet-tcp.h"
34 #include "packet-aim.h"
35 #include "packet-ssl.h"
36 #include <epan/prefs.h>
37 #include <epan/expert.h>
39 void proto_register_aim(void);
40 void proto_reg_handoff_aim(void);
42 #define TCP_PORT_AIM 5190
47 #define CHANNEL_NEW_CONN 0x01
48 #define CHANNEL_SNAC_DATA 0x02
49 #define CHANNEL_FLAP_ERR 0x03
50 #define CHANNEL_CLOSE_CONN 0x04
51 #define CHANNEL_KEEP_ALIVE 0x05
53 #define FAMILY_ALL_ERROR_INVALID_HEADER 0x0001
54 #define FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED 0x0002
55 #define FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED 0x0003
56 #define FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN 0x0004
57 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE 0x0005
58 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED 0x0006
59 #define FAMILY_ALL_ERROR_OBSOLETE_SNAC 0x0007
60 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER 0x0008
61 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT 0x0009
62 #define FAMILY_ALL_ERROR_REFUSED_BY_CLIENT 0x000a
63 #define FAMILY_ALL_ERROR_REPLY_TOO_BIG 0x000b
64 #define FAMILY_ALL_ERROR_RESPONSES_LOST 0x000c
65 #define FAMILY_ALL_ERROR_REQUEST_DENIED 0x000d
66 #define FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT 0x000e
67 #define FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS 0x000f
68 #define FAMILY_ALL_ERROR_RECIPIENT_BLOCKED 0x0010
69 #define FAMILY_ALL_ERROR_SENDER_TOO_EVIL 0x0011
70 #define FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL 0x0012
71 #define FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE 0x0013
72 #define FAMILY_ALL_ERROR_NO_MATCH 0x0014
73 #define FAMILY_ALL_ERROR_LIST_OVERFLOW 0x0015
74 #define FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS 0x0016
75 #define FAMILY_ALL_ERROR_SERVER_QUEUE_FULL 0x0017
76 #define FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL 0x0018
78 static const value_string aim_flap_channels[] = {
79 { CHANNEL_NEW_CONN, "New Connection" },
80 { CHANNEL_SNAC_DATA, "SNAC Data" },
81 { CHANNEL_FLAP_ERR, "FLAP-Level Error" },
82 { CHANNEL_CLOSE_CONN, "Close Connection" },
83 { CHANNEL_KEEP_ALIVE, "Keep Alive" },
87 static const value_string aim_snac_errors[] = {
88 { FAMILY_ALL_ERROR_INVALID_HEADER, "Invalid SNAC Header" },
89 { FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED, "Server rate limit exceeded" },
90 { FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED, "Client rate limit exceeded" },
91 { FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN, "Recipient not logged in" },
92 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE, "Requested service unavailable" },
93 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED, "Requested service not defined" },
94 { FAMILY_ALL_ERROR_OBSOLETE_SNAC, "Obsolete SNAC issued" },
95 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER, "Not supported by server" },
96 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT, "Not supported by client" },
97 { FAMILY_ALL_ERROR_REFUSED_BY_CLIENT, "Refused by client" },
98 { FAMILY_ALL_ERROR_REPLY_TOO_BIG, "Reply too big" },
99 { FAMILY_ALL_ERROR_RESPONSES_LOST, "Responses lost" },
100 { FAMILY_ALL_ERROR_REQUEST_DENIED, "Request denied" },
101 { FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT, "Incorrect SNAC format" },
102 { FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS, "Insufficient rights" },
103 { FAMILY_ALL_ERROR_RECIPIENT_BLOCKED, "Recipient blocked" },
104 { FAMILY_ALL_ERROR_SENDER_TOO_EVIL, "Sender too evil" },
105 { FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL, "Receiver too evil" },
106 { FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE, "User temporarily unavailable" },
107 { FAMILY_ALL_ERROR_NO_MATCH, "No match" },
108 { FAMILY_ALL_ERROR_LIST_OVERFLOW, "List overflow" },
109 { FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS, "Request ambiguous" },
110 { FAMILY_ALL_ERROR_SERVER_QUEUE_FULL, "Server queue full" },
111 { FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL, "Not while on AOL" },
115 #define AIM_CLIENT_TLV_SCREEN_NAME 0x0001
116 #define AIM_CLIENT_TLV_NEW_ROASTED_PASSWORD 0x0002
117 #define AIM_CLIENT_TLV_CLIENT_ID_STRING 0x0003
118 #define AIM_CLIENT_TLV_ERRORURL 0x0004
119 #define AIM_CLIENT_TLV_BOS_SERVER_STRING 0x0005
120 #define AIM_CLIENT_TLV_AUTH_COOKIE 0x0006
121 #define AIM_CLIENT_TLV_ERRORCODE 0x0008
122 #define AIM_CLIENT_TLV_DISCONNECT_REASON 0x0009
123 #define AIM_CLIENT_TLV_RECONNECT_HOST 0x000a
124 #define AIM_CLIENT_TLV_URL 0x000b
125 #define AIM_CLIENT_TLV_DEBUG_DATA 0x000c
126 #define AIM_CLIENT_TLV_FAMILY_ID 0x000d
127 #define AIM_CLIENT_TLV_CLIENT_COUNTRY 0x000e
128 #define AIM_CLIENT_TLV_CLIENT_LANGUAGE 0x000f
129 #define AIM_CLIENT_TLV_EMAILADDR 0x0011
130 #define AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD 0x0012
131 #define AIM_CLIENT_TLV_REGSTATUS 0x0013
132 #define AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM 0x0014
133 #define AIM_CLIENT_TLV_INVITEMESSAGE 0x0015
134 #define AIM_CLIENT_TLV_CLIENT_ID 0x0016
135 #define AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION 0x0017
136 #define AIM_CLIENT_TLV_CLIENT_MINOR_VERSION 0x0018
137 #define AIM_CLIENT_TLV_CLIENT_LESSER_VERSION 0x0019
138 #define AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER 0x001a
139 #define AIM_CLIENT_TLV_PASSWORD_MD5 0x0025
140 #define AIM_CLIENT_TLV_LATESTBETABUILD 0x0040
141 #define AIM_CLIENT_TLV_LATESTBETAURL 0x0041
142 #define AIM_CLIENT_TLV_LATESTBETAINFO 0x0042
143 #define AIM_CLIENT_TLV_LATESTBETANAME 0x0043
144 #define AIM_CLIENT_TLV_LATESTRELEASEBUILD 0x0044
145 #define AIM_CLIENT_TLV_LATESTRELEASEURL 0x0045
146 #define AIM_CLIENT_TLV_LATESTRELEASEINFO 0x0046
147 #define AIM_CLIENT_TLV_LATESTRELEASENAME 0x0047
148 #define AIM_CLIENT_TLV_BETA_DIGEST_SIG 0x0048
149 #define AIM_CLIENT_TLV_RELEASE_DIGEST_SIG 0x0049
150 #define AIM_CLIENT_TLV_CLIENTUSESSI 0x004a
151 #define AIM_CLIENT_TLV_CHANGE_PASSWORD_URL 0x0054
152 #define AIM_CLIENT_TLV_AWAITING_AUTH 0x0066
153 #define AIM_CLIENT_TLV_MEMBERS 0x00c8
154 #define AIM_CLIENT_TLV_VISIBILITY_BITS 0x00c9
155 #define AIM_CLIENT_TLV_PRIVACY 0x00ca
156 #define AIM_CLIENT_TLV_VISIBLE_CLASS 0x00cb
157 #define AIM_CLIENT_TLV_VISIBLE_MISC 0x00cc
158 #define AIM_CLIENT_TLV_ICQ2K_SHORTCUT 0x00cd
159 #define AIM_CLIENT_TLV_FIRST_LOADED_TIME 0x00d4
160 #define AIM_CLIENT_TLV_BUDDY_ICON_MD5SUM 0x00d5
161 #define AIM_CLIENT_TLV_GIVEN_NAME 0x0131
162 #define AIM_CLIENT_TLV_LOCAL_EMAIL 0x0137
163 #define AIM_CLIENT_TLV_LOCAL_SMS 0x013a
164 #define AIM_CLIENT_TLV_LOCAL_COMMENT 0x013c
165 #define AIM_CLIENT_TLV_LOCAL_PERSONAL_ALERT 0x013d
166 #define AIM_CLIENT_TLV_LOCAL_PERSONAL_SOUND 0x013e
167 #define AIM_CLIENT_TLV_FIRST_MESSAGE_SENT 0x0145
169 const aim_tlv aim_client_tlvs[] = {
170 { AIM_CLIENT_TLV_SCREEN_NAME, "Screen name", dissect_aim_tlv_value_string },
171 { AIM_CLIENT_TLV_NEW_ROASTED_PASSWORD, "Roasted password array", dissect_aim_tlv_value_bytes },
172 { AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD, "Old roasted password array", dissect_aim_tlv_value_bytes },
173 { AIM_CLIENT_TLV_CLIENT_ID_STRING, "Client id string (name, version)", dissect_aim_tlv_value_string },
174 { AIM_CLIENT_TLV_CLIENT_ID, "Client id number", dissect_aim_tlv_value_uint16 },
175 { AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION, "Client major version", dissect_aim_tlv_value_uint16 },
176 { AIM_CLIENT_TLV_CLIENT_MINOR_VERSION, "Client minor version", dissect_aim_tlv_value_uint16 },
177 { AIM_CLIENT_TLV_CLIENT_LESSER_VERSION, "Client lesser version", dissect_aim_tlv_value_uint16 },
178 { AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER, "Client build number", dissect_aim_tlv_value_uint16 },
179 { AIM_CLIENT_TLV_PASSWORD_MD5, "Password Hash (MD5)", dissect_aim_tlv_value_bytes },
180 { AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM, "Client distribution number", dissect_aim_tlv_value_uint32 },
181 { AIM_CLIENT_TLV_CLIENT_LANGUAGE, "Client language", dissect_aim_tlv_value_string },
182 { AIM_CLIENT_TLV_CLIENT_COUNTRY, "Client country", dissect_aim_tlv_value_string },
183 { AIM_CLIENT_TLV_BOS_SERVER_STRING, "BOS server string", dissect_aim_tlv_value_string },
184 { AIM_CLIENT_TLV_AUTH_COOKIE, "Authorization cookie", dissect_aim_tlv_value_bytes },
185 { AIM_CLIENT_TLV_ERRORURL, "Error URL", dissect_aim_tlv_value_string },
186 { AIM_CLIENT_TLV_ERRORCODE, "Error Code", dissect_aim_tlv_value_uint16 },
187 { AIM_CLIENT_TLV_DISCONNECT_REASON, "Disconnect Reason", dissect_aim_tlv_value_uint16 },
188 { AIM_CLIENT_TLV_RECONNECT_HOST, "Reconnect Hostname", dissect_aim_tlv_value_string },
189 { AIM_CLIENT_TLV_URL, "URL", dissect_aim_tlv_value_string },
190 { AIM_CLIENT_TLV_DEBUG_DATA, "Debug Data", dissect_aim_tlv_value_uint16 },
191 { AIM_CLIENT_TLV_EMAILADDR, "Account Email address", dissect_aim_tlv_value_string },
192 { AIM_CLIENT_TLV_REGSTATUS, "Registration Status", dissect_aim_tlv_value_uint16 },
193 { AIM_CLIENT_TLV_LATESTBETABUILD, "Latest Beta Build", dissect_aim_tlv_value_uint32 },
194 { AIM_CLIENT_TLV_LATESTBETAURL, "Latest Beta URL", dissect_aim_tlv_value_string },
195 { AIM_CLIENT_TLV_LATESTBETAINFO, "Latest Beta Info", dissect_aim_tlv_value_string },
196 { AIM_CLIENT_TLV_LATESTBETANAME, "Latest Beta Name", dissect_aim_tlv_value_string },
197 { AIM_CLIENT_TLV_LATESTRELEASEBUILD, "Latest Release Build", dissect_aim_tlv_value_uint32 },
198 { AIM_CLIENT_TLV_LATESTRELEASEURL, "Latest Release URL", dissect_aim_tlv_value_string },
199 { AIM_CLIENT_TLV_LATESTRELEASEINFO, "Latest Release Info", dissect_aim_tlv_value_string },
200 { AIM_CLIENT_TLV_LATESTRELEASENAME, "Latest Release Name", dissect_aim_tlv_value_string },
201 { AIM_CLIENT_TLV_BETA_DIGEST_SIG, "Beta Digest Signature (MD5)" , dissect_aim_tlv_value_bytes },
202 { AIM_CLIENT_TLV_RELEASE_DIGEST_SIG, "Release Digest Signature (MD5)", dissect_aim_tlv_value_bytes },
203 { AIM_CLIENT_TLV_CLIENTUSESSI, "Use SSI", dissect_aim_tlv_value_uint8 },
204 { AIM_CLIENT_TLV_FAMILY_ID, "Service (SNAC Family) ID", dissect_aim_tlv_value_uint16 },
205 { AIM_CLIENT_TLV_CHANGE_PASSWORD_URL, "Change password url", dissect_aim_tlv_value_string },
206 { AIM_CLIENT_TLV_AWAITING_AUTH, "Awaiting Authorization", dissect_aim_tlv_value_bytes },
207 { AIM_CLIENT_TLV_MEMBERS, "Members of this Group", dissect_aim_tlv_value_bytes },
208 { AIM_CLIENT_TLV_VISIBILITY_BITS, "Bitfield", dissect_aim_tlv_value_bytes },
209 { AIM_CLIENT_TLV_PRIVACY, "Privacy Settings" , dissect_aim_tlv_value_uint8 },
210 { AIM_CLIENT_TLV_VISIBLE_CLASS, "Visible To Classes", dissect_aim_tlv_value_userclass },
211 { AIM_CLIENT_TLV_VISIBLE_MISC, "Allow Others to See Data", dissect_aim_tlv_value_bytes },
212 { AIM_CLIENT_TLV_ICQ2K_SHORTCUT, "ICQ2K Shortcut List", dissect_aim_tlv_value_string },
213 { AIM_CLIENT_TLV_FIRST_LOADED_TIME, "First Time Buddy Was Added (Unix Timestamp)" , dissect_aim_tlv_value_uint32 },
214 { AIM_CLIENT_TLV_BUDDY_ICON_MD5SUM, "MD5SUM of Current Buddy Icon", dissect_aim_tlv_value_bytes },
215 { AIM_CLIENT_TLV_GIVEN_NAME, "Locally Specified Buddy Name", dissect_aim_tlv_value_string },
216 { AIM_CLIENT_TLV_LOCAL_EMAIL, "Locally Specified Buddy Email", dissect_aim_tlv_value_string },
217 { AIM_CLIENT_TLV_LOCAL_SMS, "Locally Specified Buddy SMS", dissect_aim_tlv_value_string },
218 { AIM_CLIENT_TLV_LOCAL_COMMENT, "Locally Specified Buddy Comment", dissect_aim_tlv_value_string },
219 { AIM_CLIENT_TLV_LOCAL_PERSONAL_ALERT, "Personal Alert for Buddy", dissect_aim_tlv_value_uint16 },
220 { AIM_CLIENT_TLV_LOCAL_PERSONAL_SOUND, "Personal Sound for Buddy", dissect_aim_tlv_value_string },
221 { AIM_CLIENT_TLV_FIRST_MESSAGE_SENT, "First Time Message Sent to Buddy (Unix Timestamp)", dissect_aim_tlv_value_uint32 },
226 static int dissect_aim_tlv_value_userstatus(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_);
227 static int dissect_aim_tlv_value_dcinfo(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_);
228 static int dissect_aim_tlv_value_client_short_capabilities(proto_item *ti, guint16, tvbuff_t *, packet_info *);
230 #define AIM_ONLINEBUDDY_USERCLASS 0x0001
231 #define AIM_ONLINEBUDDY_ONSINCE 0x0003
232 #define AIM_ONLINEBUDDY_IDLETIME 0x0004
233 #define AIM_ONLINEBUDDY_MEMBERSINCE 0x0005
234 #define AIM_ONLINEBUDDY_STATUS 0x0006
235 #define AIM_ONLINEBUDDY_IPADDR 0x000a
236 #define AIM_ONLINEBUDDY_DCINFO 0x000c
237 #define AIM_ONLINEBUDDY_CAPINFO 0x000d
238 #define AIM_ONLINEBUDDY_SESSIONLEN 0x000f
239 #define AIM_ONLINEBUDDY_ICQSESSIONLEN 0x0010
240 #define AIM_ONLINEBUDDY_TIMEUPDATE 0x0011
241 #define AIM_ONLINEBUDDY_MYINSTANCENUM 0x0014
242 #define AIM_ONLINEBUDDY_SHORTCAPS 0x0019
243 #define AIM_ONLINEBUDDY_BARTINFO 0x001d
244 #define AIM_ONLINEBUDDY_NICKFLAGS2 0x001f
245 #define AIM_ONLINEBUDDY_BUDDYFEEDTIME 0x0023
246 #define AIM_ONLINEBUDDY_SIGTIME 0x0026
247 #define AIM_ONLINEBUDDY_AWAYTIME 0x0027
248 #define AIM_ONLINEBUDDY_GEOCOUNTRY 0x002a
250 const aim_tlv aim_onlinebuddy_tlvs[] = {
251 { AIM_ONLINEBUDDY_USERCLASS, "User class", dissect_aim_tlv_value_userclass },
252 { AIM_ONLINEBUDDY_ONSINCE, "Online since", dissect_aim_tlv_value_uint32 },
253 { AIM_ONLINEBUDDY_IDLETIME, "Idle time (sec)", dissect_aim_tlv_value_uint16 },
254 { AIM_ONLINEBUDDY_MEMBERSINCE, "Member since", dissect_aim_tlv_value_time },
255 { AIM_ONLINEBUDDY_STATUS, "Online status", dissect_aim_tlv_value_userstatus },
256 { AIM_ONLINEBUDDY_IPADDR, "User IP Address", dissect_aim_tlv_value_ipv4 },
257 { AIM_ONLINEBUDDY_DCINFO, "DC Info", dissect_aim_tlv_value_dcinfo},
258 { AIM_ONLINEBUDDY_CAPINFO, "Capability Info", dissect_aim_tlv_value_client_capabilities },
259 { AIM_ONLINEBUDDY_TIMEUPDATE, "Time update", dissect_aim_tlv_value_bytes },
260 { AIM_ONLINEBUDDY_SESSIONLEN, "Session Length (sec)", dissect_aim_tlv_value_uint32 },
261 { AIM_ONLINEBUDDY_ICQSESSIONLEN, "ICQ Session Length (sec)", dissect_aim_tlv_value_uint32 },
262 { AIM_ONLINEBUDDY_MYINSTANCENUM, "Client instance number", dissect_aim_tlv_value_uint8 },
263 { AIM_ONLINEBUDDY_SHORTCAPS, "Short Capabilities", dissect_aim_tlv_value_client_short_capabilities },
264 { AIM_ONLINEBUDDY_BARTINFO, "BART Info", dissect_aim_tlv_value_bytes },
265 { AIM_ONLINEBUDDY_NICKFLAGS2, "Upper bytes of Nick Flags", dissect_aim_tlv_value_bytes },
266 { AIM_ONLINEBUDDY_BUDDYFEEDTIME, "Last Buddy Feed update", dissect_aim_tlv_value_time },
267 { AIM_ONLINEBUDDY_SIGTIME, "Profile set time", dissect_aim_tlv_value_time },
268 { AIM_ONLINEBUDDY_AWAYTIME, "Away set time", dissect_aim_tlv_value_time },
269 { AIM_ONLINEBUDDY_GEOCOUNTRY, "Country code", dissect_aim_tlv_value_string },
273 #define DC_DISABLED 0x0000
274 #define DC_HTTPS 0x0001
275 #define DC_SOCKS 0x0002
276 #define DC_NORMAL 0x0003
277 #define DC_IMPOSSIBLE 0x0004
279 static const value_string dc_types[] = {
280 { DC_DISABLED, "DC disabled" },
281 { DC_HTTPS, "DC thru firewall or HTTPS proxy" },
282 { DC_SOCKS, "DC thru SOCKS proxy" },
283 { DC_NORMAL, "Regular connection" },
284 { DC_IMPOSSIBLE, "DC not possible " },
288 #define PROTO_VERSION_ICQ98 0x0004
289 #define PROTO_VERSION_ICQ99 0x0006
290 #define PROTO_VERSION_ICQ2K 0x0007
291 #define PROTO_VERSION_ICQ2K1 0x0008
292 #define PROTO_VERSION_ICQLITE 0x0009
293 #define PROTO_VERSION_ICQ2K3B 0x000A
295 static const value_string protocol_versions[] = {
296 { PROTO_VERSION_ICQ98, "ICQ '98" },
297 { PROTO_VERSION_ICQ99, "ICQ '99" },
298 { PROTO_VERSION_ICQ2K, "ICQ 2000" },
299 { PROTO_VERSION_ICQ2K1, "ICQ 2001" },
300 { PROTO_VERSION_ICQLITE, "ICQ Lite" },
301 { PROTO_VERSION_ICQ2K3B, "ICQ 2003B" },
305 static GList *families = NULL;
307 #define AIM_MOTD_TLV_MOTD 0x000B
309 const aim_tlv aim_motd_tlvs[] = {
310 { AIM_MOTD_TLV_MOTD, "Message of the day message", dissect_aim_tlv_value_string },
314 #define CLASS_UNCONFIRMED 0x00000001
315 #define CLASS_ADMINISTRATOR 0x00000002
316 #define CLASS_AOL 0x00000004
317 #define CLASS_COMMERCIAL 0x00000008
318 #define CLASS_AIM 0x00000010
319 #define CLASS_AWAY 0x00000020
320 #define CLASS_ICQ 0x00000040
321 #define CLASS_WIRELESS 0x00000080
322 #define CLASS_UNKNOWN100 0x00000100
323 #define CLASS_IMF 0x00000200
324 #define CLASS_BOT 0x00000400
325 #define CLASS_UNKNOWN800 0x00000800
326 #define CLASS_ONE_WAY_WIRELESS 0x00001000
327 #define CLASS_UNKNOWN2000 0x00002000
328 #define CLASS_UNKNOWN4000 0x00004000
329 #define CLASS_UNKNOWN8000 0x00008000
330 #define CLASS_UNKNOWN10000 0x00010000
331 #define CLASS_UNKNOWN20000 0x00020000
332 #define CLASS_NO_KNOCK_KNOCK 0x00040000
333 #define CLASS_FORWARD_MOBILE 0x00080000
335 #define FNAC_FLAG_NEXT_IS_RELATED 0x0001
336 #define FNAC_FLAG_CONTAINS_VERSION 0x8000
338 #define FNAC_TLV_FAMILY_VERSION 0x0001
340 static const aim_tlv aim_fnac_tlvs[] = {
341 { FNAC_TLV_FAMILY_VERSION, "SNAC Family Version", dissect_aim_tlv_value_uint16 },
345 #define SSI_OP_RESULT_SUCCESS 0
346 #define SSI_OP_RESULT_DB_ERROR 1
347 #define SSI_OP_RESULT_NOT_FOUND 2
348 #define SSI_OP_RESULT_ALREADY_EXISTS 3
349 #define SSI_OP_RESULT_UNAVAILABLE 5
350 #define SSI_OP_RESULT_BAD_REQUEST 10
351 #define SSI_OP_RESULT_DB_TIME_OUT 11
352 #define SSI_OP_RESULT_OVER_ROW_LIMIT 12
353 #define SSI_OP_RESULT_NOT_EXECUTED 13
354 #define SSI_OP_RESULT_AUTH_REQUIRED 14
355 #define SSI_OP_RESULT_BAD_LOGINID 16
356 #define SSI_OP_RESULT_OVER_BUDDY_LIMIT 17
357 #define SSI_OP_RESULT_INSERT_SMART_GROUP 20
358 #define SSI_OP_RESULT_TIMEOUT 26
360 static const value_string aim_ssi_result_codes[] = {
361 { SSI_OP_RESULT_SUCCESS, "Success" },
362 { SSI_OP_RESULT_DB_ERROR, "Some kind of database error" },
363 { SSI_OP_RESULT_NOT_FOUND, "Item was not found for an update or delete" },
364 { SSI_OP_RESULT_ALREADY_EXISTS, "Item already exists for an insert" },
365 { SSI_OP_RESULT_UNAVAILABLE, "Server or database is not available" },
366 { SSI_OP_RESULT_BAD_REQUEST, "Request was not formed well" },
367 { SSI_OP_RESULT_DB_TIME_OUT, "Database timed out" },
368 { SSI_OP_RESULT_OVER_ROW_LIMIT, "Too many items of this class for an insert" },
369 { SSI_OP_RESULT_NOT_EXECUTED, "Not executed due to other error in same request" },
370 { SSI_OP_RESULT_AUTH_REQUIRED, "Buddy List authorization required" },
371 { SSI_OP_RESULT_BAD_LOGINID, "Bad loginId" },
372 { SSI_OP_RESULT_OVER_BUDDY_LIMIT, "Too many buddies" },
373 { SSI_OP_RESULT_INSERT_SMART_GROUP, "Attempt to added a Buddy to a smart group" },
374 { SSI_OP_RESULT_TIMEOUT, "General timeout" },
378 /* Initialize the protocol and registered fields */
379 static int proto_aim = -1;
380 static int hf_aim_cmd_start = -1;
381 static int hf_aim_channel = -1;
382 static int hf_aim_seqno = -1;
383 static int hf_aim_data = -1;
384 static int hf_aim_data_len = -1;
385 static int hf_aim_tlv_length = -1;
386 static int hf_aim_tlv_value_id = -1;
387 /* static int hf_aim_signon_challenge_len = -1; */
388 /* static int hf_aim_signon_challenge = -1; */
389 static int hf_aim_fnac_family = -1;
390 static int hf_aim_fnac_subtype = -1;
391 static int hf_aim_fnac_flags = -1;
392 static int hf_aim_fnac_flag_next_is_related = -1;
393 static int hf_aim_fnac_flag_contains_version = -1;
394 static int hf_aim_fnac_id = -1;
395 /* static int hf_aim_infotype = -1; */
396 static int hf_aim_buddyname_len = -1;
397 static int hf_aim_buddyname = -1;
398 static int hf_aim_userinfo_warninglevel = -1;
399 static int hf_aim_snac_error = -1;
400 static int hf_aim_ssi_result_code = -1;
401 static int hf_aim_tlvcount = -1;
402 static int hf_aim_version = -1;
403 static int hf_aim_userclass_unconfirmed = -1;
404 static int hf_aim_userclass_administrator = -1;
405 static int hf_aim_userclass_aol = -1;
406 static int hf_aim_userclass_commercial = -1;
407 static int hf_aim_userclass_aim = -1;
408 static int hf_aim_userclass_away = -1;
409 static int hf_aim_userclass_icq = -1;
410 static int hf_aim_userclass_wireless = -1;
411 static int hf_aim_userclass_unknown100 = -1;
412 static int hf_aim_userclass_imf = -1;
413 static int hf_aim_userclass_bot = -1;
414 static int hf_aim_userclass_unknown800 = -1;
415 static int hf_aim_userclass_one_way_wireless = -1;
416 static int hf_aim_userclass_unknown2000 = -1;
417 static int hf_aim_userclass_unknown4000 = -1;
418 static int hf_aim_userclass_unknown8000 = -1;
419 static int hf_aim_userclass_unknown10000 = -1;
420 static int hf_aim_userclass_unknown20000 = -1;
421 static int hf_aim_userclass_no_knock_knock = -1;
422 static int hf_aim_userclass_forward_mobile = -1;
423 static int hf_aim_nickinfo_caps = -1;
424 static int hf_aim_nickinfo_short_caps = -1;
425 static int hf_aim_messageblock_featuresdes = -1;
426 static int hf_aim_messageblock_featureslen = -1;
427 static int hf_aim_messageblock_features = -1;
428 static int hf_aim_messageblock_info = -1;
429 static int hf_aim_messageblock_len = -1;
430 static int hf_aim_messageblock_charset = -1;
431 static int hf_aim_messageblock_charsubset = -1;
432 static int hf_aim_messageblock_message = -1;
434 static int hf_aim_dcinfo_ip = -1;
435 static int hf_aim_dcinfo_tcpport = -1;
436 static int hf_aim_dcinfo_type = -1;
437 static int hf_aim_dcinfo_proto_version = -1;
438 static int hf_aim_dcinfo_auth_cookie = -1;
439 static int hf_aim_dcinfo_webport = -1;
440 static int hf_aim_dcinfo_client_future = -1;
441 static int hf_aim_dcinfo_last_info_update = -1;
442 static int hf_aim_dcinfo_last_ext_info_update = -1;
443 static int hf_aim_dcinfo_last_ext_status_update = -1;
444 static int hf_aim_dcinfo_unknown = -1;
445 static int hf_aim_string08 = -1;
447 /* Initialize the subtree pointers */
448 static gint ett_aim = -1;
449 static gint ett_aim_dcinfo = -1;
450 static gint ett_aim_buddyname= -1;
451 static gint ett_aim_fnac = -1;
452 static gint ett_aim_fnac_flags = -1;
453 static gint ett_aim_tlv = -1;
454 static gint ett_aim_tlv_value = -1;
455 static gint ett_aim_userclass = -1;
456 static gint ett_aim_messageblock = -1;
457 static gint ett_aim_nickinfo_caps = -1;
458 static gint ett_aim_nickinfo_short_caps = -1;
459 static gint ett_aim_string08_array = -1;
461 static expert_field ei_aim_messageblock_len = EI_INIT;
463 /* desegmentation of AIM over TCP */
464 static gboolean aim_desegment = TRUE;
466 static dissector_handle_t aim_handle;
470 *aim_get_subtype( guint16 famnum, guint16 subtype )
472 GList *gl = families;
474 aim_family *fam = (aim_family *)gl->data;
475 if(fam->family == famnum) {
477 for(i = 0; fam->subtypes[i].name; i++) {
478 if(fam->subtypes[i].id == subtype) return &(fam->subtypes[i]);
489 *aim_get_family( guint16 famnum )
491 GList *gl = families;
493 aim_family *fam = (aim_family *)gl->data;
494 if(fam->family == famnum) return fam;
502 aim_get_buddyname( guint8 **name, tvbuff_t *tvb, int offset)
504 guint8 buddyname_length;
506 buddyname_length = tvb_get_guint8(tvb, offset);
508 *name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 1, buddyname_length, ENC_UTF_8|ENC_NA);
510 return buddyname_length;
515 aim_get_message( guchar *msg, tvbuff_t *tvb, int msg_offset, int msg_length)
519 int max, tagchars = 0;
520 int new_offset = msg_offset;
521 int new_length = msg_length;
524 /* make sure nothing bigger than 1000 bytes is printed */
525 if( msg_length > 999 ) return;
527 memset( msg, '\0', 1000);
531 /* loop until HTML tag is reached - quick&dirty way to find start of message
532 * (it is nearly impossible to find the correct start offset for all client versions) */
533 while( (tagchars < 6) && (new_length > 5) )
535 j = tvb_get_guint8(tvb, new_offset);
536 if( ( (j == '<') && (tagchars == 0) ) ||
537 ( (j == 'h') && (tagchars == 1) ) ||
538 ( (j == 'H') && (tagchars == 1) ) ||
539 ( (j == 't') && (tagchars == 2) ) ||
540 ( (j == 'T') && (tagchars == 2) ) ||
541 ( (j == 'm') && (tagchars == 3) ) ||
542 ( (j == 'M') && (tagchars == 3) ) ||
543 ( (j == 'l') && (tagchars == 4) ) ||
544 ( (j == 'L') && (tagchars == 4) ) ||
545 ( (j == '>') && (tagchars == 5) ) ) tagchars++;
550 /* set offset and length of message to after the first HTML tag */
551 msg_offset = new_offset;
552 msg_length = new_length;
553 max = msg_length - 1;
556 /* find the rest of the message until either a </html> is reached or the end of the frame.
557 * All other HTML tags are stripped to display only the raw message (printable characters) */
558 while( (c < max) && (tagchars < 7) )
560 j = tvb_get_guint8(tvb, msg_offset+c);
563 /* make sure this is an HTML tag by checking the order of the chars */
564 if( ( (j == '<') && (tagchars == 0) ) ||
565 ( (j == '/') && (tagchars == 1) ) ||
566 ( (j == 'h') && (tagchars == 2) ) ||
567 ( (j == 'H') && (tagchars == 2) ) ||
568 ( (j == 't') && (tagchars == 3) ) ||
569 ( (j == 'T') && (tagchars == 3) ) ||
570 ( (j == 'm') && (tagchars == 4) ) ||
571 ( (j == 'M') && (tagchars == 4) ) ||
572 ( (j == 'l') && (tagchars == 5) ) ||
573 ( (j == 'L') && (tagchars == 5) ) ||
574 ( (j == '>') && (tagchars == 6) ) ) tagchars++;
577 if( j == '<' ) bracket = TRUE;
578 if( j == '>' ) bracket = FALSE;
579 if( (g_ascii_isprint(j) ) && (bracket == FALSE) && (j != '>'))
581 if( g_ascii_isprint(j) )
592 aim_init_family(int proto, int ett, guint16 family, const aim_subtype *subtypes)
594 aim_family *fam = g_new(aim_family, 1);
595 fam->proto = find_protocol_by_id(proto);
596 fam->name = proto_get_protocol_short_name(fam->proto);
597 fam->family = family;
598 fam->subtypes = subtypes;
599 families = g_list_append(families, fam);
601 fam->proto_id = proto;
606 dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo, int offset,
609 col_set_str(pinfo->cinfo, COL_INFO, "New Connection");
611 if (tvb_reported_length_remaining(tvb, offset) > 0) {
612 proto_tree_add_item(tree, hf_aim_version, tvb, offset, 4, ENC_NA);
614 offset = dissect_aim_tlv_sequence(tvb, pinfo, offset, tree, aim_client_tlvs);
617 if (tvb_reported_length_remaining(tvb, offset) > 0)
618 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, ENC_NA);
623 dissect_aim_snac_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *aim_tree)
625 col_add_str(pinfo->cinfo, COL_INFO,
626 val_to_str(tvb_get_ntohs(tvb, 0), aim_snac_errors, "Unknown SNAC error 0x%02x"));
628 proto_tree_add_item (aim_tree, hf_aim_snac_error, tvb, 0, 2, ENC_BIG_ENDIAN);
630 return dissect_aim_tlv_sequence(tvb, pinfo, 2, aim_tree, aim_client_tlvs);
634 dissect_aim_ssi_result(tvbuff_t *tvb, packet_info *pinfo, proto_tree *aim_tree)
636 col_add_str(pinfo->cinfo, COL_INFO,
637 val_to_str(tvb_get_ntohs(tvb, 0), aim_ssi_result_codes, "Unknown SSI result code 0x%02x"));
639 proto_tree_add_item (aim_tree, hf_aim_ssi_result_code, tvb, 0, 2, ENC_BIG_ENDIAN);
645 dissect_aim_userinfo(tvbuff_t *tvb, packet_info *pinfo,
646 int offset, proto_tree *tree)
648 offset = dissect_aim_buddyname(tvb, pinfo, offset, tree);
650 proto_tree_add_item(tree, hf_aim_userinfo_warninglevel, tvb, offset, 2, ENC_BIG_ENDIAN);
653 return dissect_aim_tlv_list(tvb, pinfo, offset, tree, aim_onlinebuddy_tlvs);
657 dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo, int offset,
658 proto_tree *aim_tree, proto_tree *root_tree)
664 proto_tree *aim_tree_fnac = NULL;
667 const aim_subtype *subtype;
668 proto_tree *family_tree = NULL;
669 const aim_family *family;
671 orig_offset = offset;
672 family_id = tvb_get_ntohs(tvb, offset);
673 family = aim_get_family(family_id);
675 subtype_id = tvb_get_ntohs(tvb, offset);
676 subtype = aim_get_subtype(family_id, subtype_id);
678 flags = tvb_get_ntohs(tvb, offset);
680 id = tvb_get_ntohl(tvb, offset);
683 if( aim_tree && subtype != NULL )
685 static const int * fnac_flags[] = {
686 &hf_aim_fnac_flag_next_is_related,
687 &hf_aim_fnac_flag_contains_version,
691 offset = orig_offset;
692 aim_tree_fnac = proto_tree_add_subtree_format(aim_tree, tvb, 6, 10, ett_aim_fnac, NULL,
693 "FNAC: Family: %s (0x%04x), Subtype: %s (0x%04x)",
694 family ? family->name : "Unknown", family_id,
695 (subtype && subtype->name) ? subtype->name : "Unknown", subtype_id);
697 proto_tree_add_uint_format_value (aim_tree_fnac, hf_aim_fnac_family,
698 tvb, offset, 2, family_id, "%s (0x%04x)",
699 family ? family->name : "Unknown", family_id);
702 proto_tree_add_uint_format_value (aim_tree_fnac, hf_aim_fnac_subtype,
703 tvb, offset, 2, subtype_id, "%s (0x%04x)",
704 (subtype && subtype->name) ? subtype->name : "Unknown", subtype_id);
708 proto_tree_add_bitmask(aim_tree_fnac, tvb, offset, hf_aim_fnac_flags,
709 ett_aim_fnac_flags, fnac_flags, ENC_BIG_ENDIAN);
712 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_id, tvb, offset,
717 if(flags & FNAC_FLAG_CONTAINS_VERSION)
719 guint16 len = tvb_get_ntohs(tvb, offset);
724 while(offset < oldoffset + len) {
725 offset = dissect_aim_tlv(tvb, pinfo, offset, aim_tree, aim_fnac_tlvs);
729 subtvb = tvb_new_subset_remaining(tvb, offset);
732 col_set_str(pinfo->cinfo, COL_PROTOCOL, family->name);
734 if(subtype != NULL && family != NULL)
736 col_set_str(pinfo->cinfo, COL_INFO, family->name);
737 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", subtype->name);
739 col_set_str(pinfo->cinfo, COL_INFO, "SNAC data");
742 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", family->name);
744 col_append_fstr(pinfo->cinfo, COL_INFO, ", Family: 0x%04x", family_id);
746 col_append_fstr(pinfo->cinfo, COL_INFO, ", Subtype: 0x%04x", subtype_id);
749 if(aim_tree && family != NULL)
751 proto_item *ti = proto_tree_add_item(root_tree, family->proto_id, subtvb, 0, -1, ENC_NA);
752 family_tree = proto_item_add_subtree(ti, family->ett);
754 proto_item_append_text(ti, ", %s", subtype->name);
757 if((tvb_reported_length_remaining(tvb, offset) > 0) && (subtype != NULL) && subtype->dissector)
759 subtype->dissector(subtvb, pinfo, family_tree);
764 dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo, int offset,
767 col_set_str(pinfo->cinfo, COL_INFO, "FLAP error");
769 /* Show the undissected payload */
770 if (tvb_reported_length_remaining(tvb, offset) > 0)
771 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, ENC_NA);
775 dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo, int offset,
778 col_set_str(pinfo->cinfo, COL_INFO, "Keep Alive");
780 /* Show the undissected payload */
781 if (tvb_reported_length_remaining(tvb, offset) > 0)
782 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, ENC_NA);
786 dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo, int offset,
789 col_set_str(pinfo->cinfo, COL_INFO, "Close Connection");
791 dissect_aim_tlv_sequence(tvb, pinfo, offset, tree, aim_client_tlvs);
795 dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo, int offset,
798 col_set_str(pinfo->cinfo, COL_INFO, "Unknown Channel");
800 /* Show the undissected payload */
801 if (tvb_reported_length_remaining(tvb, offset) > 0)
802 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, ENC_NA);
806 dissect_aim_buddyname(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
809 guint8 buddyname_length = 0;
810 proto_tree *buddy_tree;
812 buddyname_length = tvb_get_guint8(tvb, offset);
817 buddy_tree = proto_tree_add_subtree_format(tree, tvb, offset-1, 1+buddyname_length,
818 ett_aim_buddyname, NULL, "Buddy: %s",
819 tvb_format_text(tvb, offset, buddyname_length));
820 proto_tree_add_item(buddy_tree, hf_aim_buddyname_len, tvb, offset-1, 1, ENC_BIG_ENDIAN);
821 proto_tree_add_item(buddy_tree, hf_aim_buddyname, tvb, offset, buddyname_length, ENC_UTF_8|ENC_NA);
824 return offset+buddyname_length;
827 typedef struct _aim_client_capability
831 } aim_client_capability;
833 static const aim_client_capability known_client_caps[] = {
835 {0x09461343, 0x4c7f, 0x11d1,
836 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
839 { 0x09461348, 0x4c7f, 0x11d1,
840 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
843 {0x09460000, 0x4c7f, 0x11d1,
844 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
847 {0x09460001, 0x4c7f, 0x11d1,
848 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
851 {0x09460002, 0x4c7f, 0x11d1,
852 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
855 {0x09460100, 0x4c7f, 0x11d1,
856 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
859 {0x09460101, 0x4c7f, 0x11d1,
860 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
863 {0x09460102, 0x4c7f, 0x11d1,
864 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
867 {0x09460103, 0x4c7f, 0x11d1,
868 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
871 {0x09460104, 0x4c7f, 0x11d1,
872 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
875 {0x09460105, 0x4c7f, 0x11d1,
876 { 0x82, 0x22, 0x44, 0x45, 0x45, 0x53, 0x54, 0x00}}},
878 { "Host Status Text Aware",
879 {0x0946010A, 0x4c7f, 0x11d1,
880 { 0x82, 0x22, 0x44, 0x45, 0x45, 0x53, 0x54, 0x00}}},
883 {0x0946010B, 0x4c7f, 0x11d1,
884 { 0x82, 0x22, 0x44, 0x45, 0x45, 0x53, 0x54, 0x00}}},
887 {0x094601FF, 0x4c7f, 0x11d1,
888 { 0x82, 0x22, 0x44, 0x45, 0x45, 0x53, 0x54, 0x00}}},
891 {0x09461323, 0x4c7f, 0x11d1,
892 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
895 {0x09461341, 0x4c7f, 0x11d1,
896 { 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
899 {0x09461343, 0x4c7f, 0x11d1,
900 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
902 { "Direct ICQ Communication",
903 {0x09461344, 0x4c7f, 0x11d1,
904 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
907 {0x09461345, 0x4c7f, 0x11d1,
908 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
911 {0x09461346, 0x4c7f, 0x11d1,
912 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
915 {0x09461347, 0x4c7f, 0x11d1,
916 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
919 {0x09461348, 0x4c7f, 0x11d1,
920 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
922 { "ICQ Server Relaying",
923 {0x09461349, 0x4c7f, 0x11d1,
924 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
927 {0x0946134a, 0x4c7f, 0x11d1,
928 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
931 {0x0946134a, 0x4c7f, 0x11d1,
932 {0x22, 0x82, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
935 {0x0946134b, 0x4c7f, 0x11d1,
936 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
938 { "AIM/ICQ Interoperability",
939 {0x0946134d, 0x4c7f, 0x11d1,
940 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
942 { "ICQ UTF8 Support",
943 {0x0946134e, 0x4c7f, 0x11d1,
944 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
946 { "Old ICQ UTF8 Support",
947 {0x2e7a6475, 0xfadf, 0x4dc8,
948 {0x88, 0x6f, 0xea, 0x35, 0x95, 0xfd, 0xb6, 0xdf}}},
951 {0x748f2420, 0x6287, 0x11d1,
952 {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}}},
954 { "ICQ Rich Text Format Messages",
955 {0x97b12751, 0x243c, 0x4334,
956 {0xad, 0x22, 0xd6, 0xab, 0xf7, 0x3f, 0x14, 0x92}}},
959 {0xaa4a32b5, 0xf884, 0x48c6,
960 {0xa3, 0xd7, 0x8c, 0x50, 0x97, 0x19, 0xfd, 0x5b}}},
962 { "Trillian Encryption",
963 {0xf2e7c7f4, 0xfead, 0x4dfb,
964 {0xb2, 0x35, 0x36, 0x79, 0x8b, 0xdf, 0x00, 0x00}}},
966 { NULL, {0x0, 0x0, 0x0, { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 } } }
969 static const aim_client_capability *
970 aim_find_capability (e_guid_t clsid)
974 for(i = 0; known_client_caps[i].name; i++)
976 const aim_client_capability *caps = &(known_client_caps[i]);
978 if(memcmp(&(caps->clsid), &clsid, sizeof(e_guid_t)) == 0)
985 static const aim_client_capability *
986 aim_find_short_capability(guint16 shortid)
988 e_guid_t clsid = {0x09460000, 0x4c7f, 0x11d1, {0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}};
989 clsid.data1 |= shortid;
991 return aim_find_capability(clsid);
995 dissect_aim_capability(proto_tree *entry, tvbuff_t *tvb, int offset)
997 const aim_client_capability *caps;
1000 tvb_get_ntohguid(tvb, offset, &clsid);
1001 caps = aim_find_capability(clsid);
1003 proto_tree_add_guid_format(entry, hf_aim_nickinfo_caps, tvb, offset, 16,
1005 "%s {%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
1006 caps?caps->name:"Unknown", clsid.data1, clsid.data2,
1007 clsid.data3, clsid.data4[0], clsid.data4[1], clsid.data4[2],
1008 clsid.data4[3], clsid.data4[4], clsid.data4[5], clsid.data4[6],
1016 dissect_aim_short_capability(proto_tree *entry, tvbuff_t *tvb, int offset)
1018 const aim_client_capability *caps;
1021 shortid = tvb_get_ntohs(tvb, offset);
1022 caps = aim_find_short_capability(shortid);
1024 proto_tree_add_uint_format(entry, hf_aim_nickinfo_short_caps, tvb, offset, 2,
1027 caps?caps->name:"Unknown", shortid
1034 dissect_aim_tlv_value_client_capabilities(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1039 proto_item_set_text(ti, "Client Capabilities List");
1041 entry = proto_item_add_subtree(ti, ett_aim_nickinfo_caps);
1043 while (tvb_reported_length_remaining(tvb, offset) > 0) {
1044 offset = dissect_aim_capability(entry, tvb, offset);
1047 return tvb_reported_length(tvb);
1051 dissect_aim_tlv_value_client_short_capabilities(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1056 proto_item_set_text(ti, "Short Client Capabilities List");
1058 entry = proto_item_add_subtree(ti, ett_aim_nickinfo_short_caps);
1060 while (tvb_reported_length_remaining(tvb, offset) > 0) {
1061 offset = dissect_aim_short_capability(entry, tvb, offset);
1064 return tvb_reported_length(tvb);
1068 dissect_aim_tlv_value_time(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1071 return tvb_reported_length(tvb);
1075 dissect_aim_userclass(tvbuff_t *tvb, int offset, int len, proto_item *ti, guint32 flags)
1079 entry = proto_item_add_subtree(ti, ett_aim_userclass);
1080 proto_tree_add_boolean(entry, hf_aim_userclass_unconfirmed, tvb, offset, len, flags);
1081 proto_tree_add_boolean(entry, hf_aim_userclass_administrator, tvb, offset, len, flags);
1082 proto_tree_add_boolean(entry, hf_aim_userclass_aol, tvb, offset, len, flags);
1083 proto_tree_add_boolean(entry, hf_aim_userclass_commercial, tvb, offset, len, flags);
1084 proto_tree_add_boolean(entry, hf_aim_userclass_aim, tvb, offset, len, flags);
1085 proto_tree_add_boolean(entry, hf_aim_userclass_away, tvb, offset, len, flags);
1086 proto_tree_add_boolean(entry, hf_aim_userclass_icq, tvb, offset, len, flags);
1087 proto_tree_add_boolean(entry, hf_aim_userclass_wireless, tvb, offset, len, flags);
1088 proto_tree_add_boolean(entry, hf_aim_userclass_unknown100, tvb, offset, len, flags);
1089 proto_tree_add_boolean(entry, hf_aim_userclass_imf, tvb, offset, len, flags);
1090 proto_tree_add_boolean(entry, hf_aim_userclass_bot, tvb, offset, len, flags);
1091 proto_tree_add_boolean(entry, hf_aim_userclass_unknown800, tvb, offset, len, flags);
1092 proto_tree_add_boolean(entry, hf_aim_userclass_one_way_wireless, tvb, offset, len, flags);
1093 proto_tree_add_boolean(entry, hf_aim_userclass_unknown2000, tvb, offset, len, flags);
1094 proto_tree_add_boolean(entry, hf_aim_userclass_unknown4000, tvb, offset, len, flags);
1095 proto_tree_add_boolean(entry, hf_aim_userclass_unknown8000, tvb, offset, len, flags);
1096 proto_tree_add_boolean(entry, hf_aim_userclass_unknown10000, tvb, offset, len, flags);
1097 proto_tree_add_boolean(entry, hf_aim_userclass_unknown20000, tvb, offset, len, flags);
1098 proto_tree_add_boolean(entry, hf_aim_userclass_no_knock_knock, tvb, offset, len, flags);
1099 proto_tree_add_boolean(entry, hf_aim_userclass_forward_mobile, tvb, offset, len, flags);
1105 dissect_aim_tlv_value_userclass(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1107 guint16 value16 = tvb_get_ntohs(tvb, 0);
1108 proto_item_set_text(ti, "Value: 0x%04x", value16);
1109 return dissect_aim_userclass(tvb, 0, 2, ti, value16);
1113 dissect_aim_tlv_value_userstatus(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1116 return tvb_reported_length(tvb);
1120 dissect_aim_tlv_value_dcinfo(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1124 proto_tree *dctree = proto_item_add_subtree(ti, ett_aim_dcinfo);
1126 proto_tree_add_item(dctree, hf_aim_dcinfo_ip , tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1127 proto_tree_add_item(dctree, hf_aim_dcinfo_tcpport, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1128 proto_tree_add_item(dctree, hf_aim_dcinfo_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset+=1;
1129 proto_tree_add_item(dctree, hf_aim_dcinfo_proto_version, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2;
1130 proto_tree_add_item(dctree, hf_aim_dcinfo_auth_cookie, tvb, offset, 4, ENC_NA); offset+=2;
1131 proto_tree_add_item(dctree, hf_aim_dcinfo_webport, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1132 proto_tree_add_item(dctree, hf_aim_dcinfo_client_future, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1133 proto_tree_add_item(dctree, hf_aim_dcinfo_last_info_update, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1134 proto_tree_add_item(dctree, hf_aim_dcinfo_last_ext_info_update, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1135 proto_tree_add_item(dctree, hf_aim_dcinfo_last_ext_status_update, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4;
1136 proto_tree_add_item(dctree, hf_aim_dcinfo_unknown, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2;
1142 dissect_aim_tlv_value_string (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1147 string_len = tvb_reported_length(tvb);
1148 buf = tvb_get_string_enc(wmem_packet_scope(), tvb, 0, string_len, ENC_UTF_8|ENC_NA);
1149 proto_item_set_text(ti, "Value: %s", format_text(buf, string_len));
1155 dissect_aim_tlv_value_string08_array (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1160 entry = proto_item_add_subtree(ti, ett_aim_string08_array);
1162 while (tvb_reported_length_remaining(tvb, offset) > 1)
1164 guint8 string_len = tvb_get_guint8(tvb, offset);
1165 proto_tree_add_item(entry, hf_aim_string08, tvb, offset, 1, ENC_UTF_8|ENC_NA);
1166 offset += (string_len+1);
1173 dissect_aim_tlv_value_bytes (proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1175 return tvb_reported_length(tvb);
1179 dissect_aim_tlv_value_uint8 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1181 guint8 value8 = tvb_get_guint8(tvb, 0);
1182 proto_item_set_text(ti, "Value: %d", value8);
1187 dissect_aim_tlv_value_uint16 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1189 guint16 value16 = tvb_get_ntohs(tvb, 0);
1190 proto_item_set_text(ti, "Value: %d", value16);
1195 dissect_aim_tlv_value_ipv4 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1197 proto_item_set_text(ti, "Value: %s", tvb_ip_to_str(tvb, 0));
1202 dissect_aim_tlv_value_uint32 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo _U_)
1204 guint32 value32 = tvb_get_ntohl(tvb, 0);
1205 proto_item_set_text(ti, "Value: %d", value32);
1210 dissect_aim_tlv_value_messageblock (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb, packet_info *pinfo)
1216 proto_item* len_item;
1219 /* Setup a new subtree */
1220 entry = proto_item_add_subtree(ti, ett_aim_messageblock);
1222 /* Features descriptor */
1223 proto_tree_add_item(entry, hf_aim_messageblock_featuresdes, tvb, offset,
1227 /* Features Length */
1228 featurelen = tvb_get_ntohs(tvb, offset);
1229 proto_tree_add_item(entry, hf_aim_messageblock_featureslen, tvb, offset,
1233 /* Features (should be expanded further @@@@@@@ ) */
1234 proto_tree_add_item(entry, hf_aim_messageblock_features, tvb, offset,
1235 featurelen, ENC_NA);
1236 offset += featurelen;
1238 /* There can be multiple messages in this message block */
1239 while (tvb_reported_length_remaining(tvb, offset) > 0) {
1241 proto_tree_add_item(entry, hf_aim_messageblock_info, tvb,
1242 offset, 2, ENC_BIG_ENDIAN);
1245 /* Block length (includes charset and charsubset) */
1246 len_item = proto_tree_add_item_ret_uint(entry, hf_aim_messageblock_len, tvb, offset,
1247 2, ENC_BIG_ENDIAN, &blocklen);
1250 expert_add_info(pinfo, len_item, &ei_aim_messageblock_len);
1256 proto_tree_add_item(entry, hf_aim_messageblock_charset, tvb,
1257 offset, 2, ENC_BIG_ENDIAN);
1260 /* Character subset */
1261 proto_tree_add_item(entry, hf_aim_messageblock_charsubset, tvb,
1262 offset, 2, ENC_BIG_ENDIAN);
1265 /* The actual message */
1266 buf = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, blocklen - 4, ENC_ASCII|ENC_NA);
1267 proto_item_append_text(ti, "Message: %s ",
1268 format_text(buf, blocklen - 4));
1269 proto_tree_add_item(entry, hf_aim_messageblock_message, tvb,
1270 offset, blocklen-4, ENC_ASCII|ENC_NA);
1272 offset += blocklen-4;
1278 /* Dissect a TLV value */
1280 dissect_aim_tlv(tvbuff_t *tvb, packet_info *pinfo, int offset,
1281 proto_tree *tree, const aim_tlv *tlv)
1289 proto_tree *tlv_tree;
1291 /* Get the value ID */
1292 valueid = tvb_get_ntohs(tvb, offset);
1294 /* Figure out which entry applies from the tlv list */
1296 while (tmp[i].valueid) {
1297 if (tmp[i].valueid == valueid) {
1298 /* We found a match */
1304 /* At this point, we are either pointing at the correct record, or
1305 we didn't find the record, and are pointing at the last item in the
1308 length = tvb_get_ntohs(tvb, offset+2);
1310 if (tmp[i].desc != NULL)
1315 tlv_tree = proto_tree_add_subtree_format(tree, tvb, offset, length + 4,
1316 ett_aim_tlv, NULL, "TLV: %s", desc);
1318 proto_tree_add_uint_format_value(tlv_tree, hf_aim_tlv_value_id, tvb, offset, 2,
1319 valueid, "%s (0x%04x)", desc, valueid);
1322 proto_tree_add_uint(tlv_tree, hf_aim_tlv_length, tvb, offset, 2, length);
1325 proto_tree_add_subtree(tlv_tree, tvb, offset, length, ett_aim_tlv_value, &ti1, "Value");
1327 if (tmp[i].dissector) {
1328 tmp[i].dissector(ti1, valueid, tvb_new_subset_length(tvb, offset, length), pinfo);
1333 /* Return the new length */
1338 dissect_aim_tlv_sequence(tvbuff_t *tvb, packet_info *pinfo, int offset,
1339 proto_tree *tree, const aim_tlv *tlv_table)
1341 while (tvb_reported_length_remaining(tvb, offset) > 0) {
1342 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, tlv_table);
1349 dissect_aim_tlv_list(tvbuff_t *tvb, packet_info *pinfo, int offset,
1350 proto_tree *tree, const aim_tlv *tlv_table)
1352 guint16 i, tlv_count = tvb_get_ntohs(tvb, offset);
1354 proto_tree_add_item(tree, hf_aim_tlvcount, tvb, offset, 2, ENC_BIG_ENDIAN);
1357 for(i = 0; i < tlv_count; i++) {
1358 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, tlv_table);
1365 get_aim_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
1370 * Get the length of the AIM packet.
1372 plen = tvb_get_ntohs(tvb, offset + 4);
1375 * That length doesn't include the length of the header itself; add that in.
1381 dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
1384 unsigned char hdr_channel; /* channel ID */
1385 unsigned short hdr_sequence_no; /* Internal frame sequence number, not needed */
1386 unsigned short hdr_data_field_length; /* length of data within frame */
1390 /* Set up structures we will need to add the protocol subtree and manage it */
1392 proto_tree *aim_tree = NULL;
1394 /* Make entries in Protocol column and Info column on summary display */
1395 col_set_str(pinfo->cinfo, COL_PROTOCOL, "AIM");
1397 col_set_str(pinfo->cinfo, COL_INFO, "AOL Instant Messenger");
1399 /* get relevant header information */
1400 offset += 1; /* XXX - put the identifier into the tree? */
1401 hdr_channel = tvb_get_guint8(tvb, offset);
1403 hdr_sequence_no = tvb_get_ntohs(tvb, offset);
1405 hdr_data_field_length = tvb_get_ntohs(tvb, offset);
1408 /* In the interest of speed, if "tree" is NULL, don't do any work not
1409 necessary to generate protocol tree items. */
1411 ti = proto_tree_add_item(tree, proto_aim, tvb, 0, -1, ENC_NA);
1412 aim_tree = proto_item_add_subtree(ti, ett_aim);
1413 proto_tree_add_uint(aim_tree, hf_aim_cmd_start, tvb, 0, 1, '*');
1414 proto_tree_add_item(aim_tree, hf_aim_channel, tvb, 1, 1, ENC_BIG_ENDIAN);
1415 proto_tree_add_uint(aim_tree, hf_aim_seqno, tvb, 2, 2, hdr_sequence_no);
1416 proto_tree_add_uint(aim_tree, hf_aim_data_len, tvb, 4, 2, hdr_data_field_length);
1422 case CHANNEL_NEW_CONN:
1423 dissect_aim_newconn(tvb, pinfo, offset, aim_tree);
1425 case CHANNEL_SNAC_DATA:
1426 dissect_aim_snac(tvb, pinfo, offset, aim_tree, tree);
1428 case CHANNEL_FLAP_ERR:
1429 dissect_aim_flap_err(tvb, pinfo, offset, aim_tree);
1431 case CHANNEL_CLOSE_CONN:
1432 dissect_aim_close_conn(tvb, pinfo, offset, aim_tree);
1434 case CHANNEL_KEEP_ALIVE:
1435 dissect_aim_keep_alive(tvb, pinfo, offset, aim_tree);
1438 dissect_aim_unknown_channel(tvb, pinfo, offset, aim_tree);
1442 return tvb_reported_length(tvb);
1445 /* Code to actually dissect the packets */
1447 dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1449 /* check, if this is really an AIM packet, they start with 0x2a */
1450 /* XXX - I've seen some stuff starting with 0x5a followed by 0x2a */
1452 if(tvb_reported_length(tvb) >= 1 && tvb_get_guint8(tvb, 0) != 0x2a)
1454 /* Not an instant messenger packet, just happened to use the
1457 * XXX - if desegmentation disabled, this might be a continuation
1458 * packet, not a non-AIM packet
1463 tcp_dissect_pdus(tvb, pinfo, tree, aim_desegment, 6, get_aim_pdu_len,
1464 dissect_aim_pdu, data);
1465 return tvb_reported_length(tvb);
1469 dissect_aim_ssl_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1471 dissector_handle_t *app_handle = (dissector_handle_t *) data;
1472 /* XXX improve heuristics */
1473 if (tvb_reported_length(tvb) < 1 || tvb_get_guint8(tvb, 0) != 0x2a) {
1476 dissect_aim(tvb, pinfo, tree, NULL);
1477 *app_handle = aim_handle;
1482 /* Register the protocol with Wireshark */
1484 proto_register_aim(void)
1487 /* Setup list of header fields */
1488 static hf_register_info hf[] = {
1489 { &hf_aim_cmd_start,
1490 { "Command Start", "aim.cmd_start", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }
1493 { "Channel ID", "aim.channel", FT_UINT8, BASE_HEX, VALS(aim_flap_channels), 0x0, NULL, HFILL }
1496 { "Sequence Number", "aim.seqno", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
1499 { "Protocol Version", "aim.version", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL },
1502 { "Data Field Length", "aim.datalen", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
1504 { &hf_aim_tlv_length,
1505 { "Length", "aim.tlv.length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
1507 { &hf_aim_tlv_value_id,
1508 { "Value ID", "aim.tlv.value_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
1511 { "Data", "aim.data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
1514 { &hf_aim_signon_challenge_len,
1515 { "Signon challenge length", "aim.signon.challengelen", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
1517 { &hf_aim_signon_challenge,
1518 { "Signon challenge", "aim.signon.challenge", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }
1521 { &hf_aim_fnac_family,
1522 { "FNAC Family ID", "aim.fnac.family", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
1524 { &hf_aim_fnac_subtype,
1525 { "FNAC Subtype ID", "aim.fnac.subtype", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
1527 { &hf_aim_fnac_flags,
1528 { "FNAC Flags", "aim.fnac.flags", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
1531 { "FNAC ID", "aim.fnac.id", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }
1535 { "Infotype", "aim.infotype", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }
1538 { &hf_aim_buddyname_len,
1539 { "Buddyname len", "aim.buddynamelen", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }
1541 { &hf_aim_buddyname,
1542 { "Buddy Name", "aim.buddyname", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }
1545 { "TLV Count", "aim.tlvcount", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
1547 { &hf_aim_snac_error,
1548 { "SNAC Error", "aim.snac.error", FT_UINT16, BASE_HEX, VALS(aim_snac_errors), 0x0, NULL, HFILL },
1550 { &hf_aim_userclass_unconfirmed,
1551 { "AOL Unconfirmed account flag", "aim.userclass.unconfirmed", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNCONFIRMED, NULL, HFILL },
1553 { &hf_aim_userclass_administrator,
1554 { "AOL Administrator flag", "aim.userclass.administrator", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_ADMINISTRATOR, NULL, HFILL },
1556 { &hf_aim_userclass_aol,
1557 { "AOL Staff User Flag", "aim.userclass.staff", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_AOL, NULL, HFILL },
1559 { &hf_aim_userclass_commercial,
1560 { "AOL commercial account flag", "aim.userclass.commercial", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_COMMERCIAL, NULL, HFILL },
1562 { &hf_aim_userclass_aim,
1563 { "AIM user flag", "aim.userclass.free", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_AIM, NULL, HFILL },
1565 { &hf_aim_userclass_away,
1566 { "AOL away status flag", "aim.userclass.away", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_AWAY, NULL, HFILL },
1568 { &hf_aim_userclass_icq,
1569 { "ICQ user sign", "aim.userclass.icq", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_ICQ, NULL, HFILL },
1571 { &hf_aim_userclass_wireless,
1572 { "AOL wireless user", "aim.userclass.wireless", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_WIRELESS, NULL, HFILL },
1574 { &hf_aim_userclass_unknown100,
1575 { "Unknown bit", "aim.userclass.unknown100", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN100, NULL, HFILL },
1577 { &hf_aim_userclass_imf,
1578 { "Using IM Forwarding", "aim.userclass.imf", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_IMF, NULL, HFILL },
1580 { &hf_aim_userclass_bot,
1581 { "Bot User", "aim.userclass.bot", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_BOT, NULL, HFILL },
1583 { &hf_aim_userclass_unknown800,
1584 { "Unknown bit", "aim.userclass.unknown800", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN800, NULL, HFILL },
1586 { &hf_aim_userclass_one_way_wireless,
1587 { "One Way Wireless Device", "aim.userclass.one_way_wireless", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_ONE_WAY_WIRELESS, NULL, HFILL },
1589 { &hf_aim_userclass_unknown2000,
1590 { "Unknown bit", "aim.userclass.unknown2000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN2000, NULL, HFILL },
1592 { &hf_aim_userclass_unknown4000,
1593 { "Unknown bit", "aim.userclass.unknown4000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN4000, NULL, HFILL },
1595 { &hf_aim_userclass_unknown8000,
1596 { "Unknown bit", "aim.userclass.unknown8000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN8000, NULL, HFILL },
1598 { &hf_aim_userclass_unknown10000,
1599 { "Unknown bit", "aim.userclass.unknown10000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN10000, NULL, HFILL },
1601 { &hf_aim_userclass_unknown20000,
1602 { "Unknown bit", "aim.userclass.unknown20000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_UNKNOWN20000, NULL, HFILL },
1604 { &hf_aim_userclass_no_knock_knock,
1605 { "Do not display the 'not on Buddy List' knock-knock", "aim.userclass.no_knock_knock", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_NO_KNOCK_KNOCK, NULL, HFILL },
1607 { &hf_aim_userclass_forward_mobile,
1608 { "Forward to mobile if not active", "aim.userclass.forward_mobile", FT_BOOLEAN, 32, TFS(&tfs_set_notset), CLASS_FORWARD_MOBILE, NULL, HFILL },
1610 { &hf_aim_nickinfo_caps,
1611 { "Client capabilities", "aim.nickinfo.caps", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL },
1613 { &hf_aim_nickinfo_short_caps,
1614 { "Short client capabilities", "aim.nickinfo.short_caps", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL },
1616 { &hf_aim_fnac_flag_next_is_related,
1617 { "Followed By SNAC with related information", "aim.fnac.flags.next_is_related", FT_BOOLEAN, 16, TFS(&tfs_set_notset), FNAC_FLAG_NEXT_IS_RELATED, NULL, HFILL },
1619 { &hf_aim_fnac_flag_contains_version,
1620 { "Contains Version of Family this SNAC is in", "aim.fnac.flags.contains_version", FT_BOOLEAN, 16, TFS(&tfs_set_notset), FNAC_FLAG_CONTAINS_VERSION, NULL, HFILL },
1622 { &hf_aim_userinfo_warninglevel,
1623 { "Warning Level", "aim.userinfo.warninglevel", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
1625 { &hf_aim_messageblock_featuresdes,
1626 { "Features", "aim.messageblock.featuresdes", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL },
1628 { &hf_aim_messageblock_featureslen,
1629 { "Features Length", "aim.messageblock.featureslen", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
1631 { &hf_aim_messageblock_features,
1632 { "Features", "aim.messageblock.features", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL },
1634 { &hf_aim_messageblock_info,
1635 { "Block info", "aim.messageblock.info", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL },
1637 { &hf_aim_messageblock_len,
1638 { "Block length", "aim.messageblock.length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
1640 { &hf_aim_messageblock_charset,
1641 { "Block Character set", "aim.messageblock.charset", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL },
1643 { &hf_aim_messageblock_charsubset,
1644 { "Block Character subset", "aim.messageblock.charsubset", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL },
1646 { &hf_aim_messageblock_message,
1647 { "Message", "aim.messageblock.message", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL },
1649 { &hf_aim_dcinfo_ip,
1650 { "Internal IP address", "aim.dcinfo.addr", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL },
1652 { &hf_aim_dcinfo_tcpport,
1653 { "TCP Port", "aim.dcinfo.tcpport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL },
1655 { &hf_aim_dcinfo_type,
1656 { "Type", "aim.dcinfo.type", FT_UINT8, BASE_HEX, VALS(dc_types), 0x0, NULL, HFILL },
1658 { &hf_aim_dcinfo_proto_version,
1659 { "Protocol Version", "aim.dcinfo.proto_version", FT_UINT16, BASE_DEC, VALS(protocol_versions), 0x0, NULL, HFILL },
1661 { &hf_aim_dcinfo_auth_cookie,
1662 { "Authorization Cookie", "aim.dcinfo.auth_cookie", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL },
1664 { &hf_aim_dcinfo_webport,
1665 { "Web Front Port", "aim.dcinfo.webport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL },
1667 { &hf_aim_dcinfo_client_future,
1668 { "Client Futures", "aim.dcinfo.client_futures", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
1670 { &hf_aim_dcinfo_last_info_update,
1671 { "Last Info Update", "aim.dcinfo.last_info_update", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL },
1673 { &hf_aim_dcinfo_last_ext_info_update,
1674 { "Last Extended Info Update", "aim.dcinfo.last_ext_info_update", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL },
1676 { &hf_aim_dcinfo_last_ext_status_update,
1677 { "Last Extended Status Update", "aim.dcinfo.last_ext_status_update", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL },
1679 { &hf_aim_dcinfo_unknown,
1680 { "Unknown", "aim.dcinfo.unknown", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
1682 { &hf_aim_ssi_result_code,
1683 { "Last SSI operation result code", "aim.ssi.code", FT_UINT16, BASE_HEX, VALS(aim_ssi_result_codes), 0x0, NULL, HFILL },
1686 { "Address/Port List", "aim.string08", FT_UINT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL },
1690 /* Setup protocol subtree array */
1691 static gint *ett[] = {
1695 &ett_aim_fnac_flags,
1700 &ett_aim_messageblock,
1701 &ett_aim_nickinfo_caps,
1702 &ett_aim_nickinfo_short_caps,
1703 &ett_aim_string08_array
1706 static ei_register_info ei[] = {
1707 { &ei_aim_messageblock_len, { "aim.messageblock.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid block length", EXPFILL }},
1710 module_t *aim_module;
1711 expert_module_t *expert_aim;
1713 /* Register the protocol name and description */
1714 proto_aim = proto_register_protocol("AOL Instant Messenger", "AIM", "aim");
1715 aim_handle = register_dissector("aim", dissect_aim, proto_aim);
1717 /* Required function calls to register the header fields and subtrees used */
1718 proto_register_field_array(proto_aim, hf, array_length(hf));
1719 proto_register_subtree_array(ett, array_length(ett));
1720 expert_aim = expert_register_protocol(proto_aim);
1721 expert_register_field_array(expert_aim, ei, array_length(ei));
1723 aim_module = prefs_register_protocol(proto_aim, NULL);
1725 prefs_register_bool_preference(aim_module, "desegment",
1726 "Reassemble AIM messages spanning multiple TCP segments",
1727 "Whether the AIM dissector should reassemble messages spanning multiple TCP segments."
1728 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
1733 proto_reg_handoff_aim(void)
1735 dissector_add_uint("tcp.port", TCP_PORT_AIM, aim_handle);
1736 ssl_dissector_add(0, aim_handle);
1737 /* Heuristics disabled by default, it is really weak... */
1738 heur_dissector_add("ssl", dissect_aim_ssl_heur, "AIM over SSL", "aim_ssl", proto_aim, HEURISTIC_DISABLE);
1742 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1747 * indent-tabs-mode: t
1750 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1751 * :indentSize=8:tabSize=8:noTabs=false: