2 * Routines for sap packet dissection
5 * Heikki Vatiainen <hessu@cs.tut.fi>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-tftp.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 #include <epan/packet.h>
32 #include <epan/expert.h>
34 #define UDP_PORT_SAP 9875
36 #define MCAST_SAP_VERSION_MASK 0xE0 /* 3 bits for SAP version*/
37 #define MCAST_SAP_VERSION_SHIFT 5 /* Right shift 5 bits to get the version */
38 #define MCAST_SAP_VER0 0 /* Version 0 */
39 #define MCAST_SAP_VER1PLUS 1 /* Version 1 or later */
41 void proto_register_sap(void);
42 void proto_reg_handoff_sap(void);
44 static const value_string mcast_sap_ver[] = {
45 { MCAST_SAP_VER0, "SAPv0"},
46 { MCAST_SAP_VER1PLUS, "SAPv1 or later"},
50 static const true_false_string mcast_sap_address_type = {"IPv6", "IPv4"};
51 static const true_false_string mcast_sap_message_type = { "Deletion", "Announcement"};
52 static const true_false_string mcast_sap_crypt_type = { "Payload encrypted", "Payload not encrypted "};
53 static const true_false_string mcast_sap_comp_type = { "Payload compressed", "Payload not compressed"};
55 static const value_string mcast_sap_auth_ver[] = {
56 { 1, "SAP authentication header v1"},
60 static const true_false_string mcast_sap_auth_pad = {
61 "Authentication subheader padded to 32 bits",
62 "No padding required for the authentication subheader"
65 #define MCAST_SAP_AUTH_TYPE_MASK 0x0F /* 4 bits for the type of the authentication header */
66 #define MCAST_SAP_AUTH_TYPE_PGP 0
67 #define MCAST_SAP_AUTH_TYPE_CMS 1
68 static const value_string mcast_sap_auth_type[] = {
69 { MCAST_SAP_AUTH_TYPE_PGP, "PGP"},
70 { MCAST_SAP_AUTH_TYPE_CMS, "CMS"},
74 #define MCAST_SAP_BIT_A 0x10 /* Address type: 0 IPv4, 1 IPv6 */
75 #define MCAST_SAP_BIT_R 0x08 /* Reserved: Must be 0 */
76 #define MCAST_SAP_BIT_T 0x04 /* Message Type: 0 announcement, 1 deletion */
77 #define MCAST_SAP_BIT_E 0x02 /* Encryption Bit: 1 payload encrypted */
78 #define MCAST_SAP_BIT_C 0x01 /* Compressed Bit: 1 payload zlib compressed */
80 #define MCAST_SAP_AUTH_BIT_P 0x10 /* Padding required for the authentication header */
83 static int proto_sap = -1;
84 static int hf_sap_flags = -1;
85 static int hf_sap_flags_v = -1;
86 static int hf_sap_flags_a = -1;
87 static int hf_sap_flags_r = -1;
88 static int hf_sap_flags_t = -1;
89 static int hf_sap_flags_e = -1;
90 static int hf_sap_flags_c = -1;
91 static int hf_auth_data = -1;
92 static int hf_auth_flags = -1;
93 static int hf_auth_flags_v = -1;
94 static int hf_auth_flags_p = -1;
95 static int hf_auth_flags_t = -1;
96 /* Generated from convert_proto_tree_add_text.pl */
97 static int hf_sap_auth_len = -1;
98 static int hf_sap_originating_source_ipv4 = -1;
99 static int hf_sap_auth_data_padding = -1;
100 static int hf_sap_auth_subheader = -1;
101 static int hf_sap_originating_source_ipv6 = -1;
102 static int hf_sap_message_identifier_hash = -1;
103 static int hf_sap_auth_data_padding_len = -1;
104 static int hf_sap_payload_type = -1;
106 static gint ett_sap = -1;
107 static gint ett_sap_flags = -1;
108 static gint ett_sap_auth = -1;
109 static gint ett_sap_authf = -1;
111 static expert_field ei_sap_compressed_and_encrypted = EI_INIT;
112 static expert_field ei_sap_encrypted = EI_INIT;
113 static expert_field ei_sap_compressed = EI_INIT;
114 /* Generated from convert_proto_tree_add_text.pl */
115 static expert_field ei_sap_bogus_authentication_or_pad_length = EI_INIT;
117 static dissector_handle_t sdp_handle;
120 dissect_sap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
123 int sap_version, is_ipv6, is_del, is_enc, is_comp, addr_len;
129 proto_item *si, *sif;
130 proto_tree *sap_tree = NULL, *sap_flags_tree;
132 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAP");
133 col_clear(pinfo->cinfo, COL_INFO);
135 vers_flags = tvb_get_guint8(tvb, offset);
136 is_ipv6 = vers_flags&MCAST_SAP_BIT_A;
137 is_del = vers_flags&MCAST_SAP_BIT_T;
138 is_enc = vers_flags&MCAST_SAP_BIT_E;
139 is_comp = vers_flags&MCAST_SAP_BIT_C;
141 sap_version = (vers_flags&MCAST_SAP_VERSION_MASK)>>MCAST_SAP_VERSION_SHIFT;
142 addr_len = (is_ipv6) ? (int)sizeof(struct e_in6_addr) : 4;
144 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (v%u)",
145 (is_del) ? "Deletion" : "Announcement", sap_version);
148 si = proto_tree_add_item(tree, proto_sap, tvb, offset, -1, ENC_NA);
149 sap_tree = proto_item_add_subtree(si, ett_sap);
151 sif = proto_tree_add_item(sap_tree, hf_sap_flags, tvb, offset, 1, ENC_NA);
152 sap_flags_tree = proto_item_add_subtree(sif, ett_sap_flags);
153 proto_tree_add_item(sap_flags_tree, hf_sap_flags_v, tvb, offset, 1, ENC_NA);
154 proto_tree_add_item(sap_flags_tree, hf_sap_flags_a, tvb, offset, 1, ENC_NA);
155 proto_tree_add_item(sap_flags_tree, hf_sap_flags_r, tvb, offset, 1, ENC_NA);
156 proto_tree_add_item(sap_flags_tree, hf_sap_flags_t, tvb, offset, 1, ENC_NA);
157 proto_tree_add_item(sap_flags_tree, hf_sap_flags_e, tvb, offset, 1, ENC_NA);
158 proto_tree_add_item(sap_flags_tree, hf_sap_flags_c, tvb, offset, 1, ENC_NA);
163 auth_len = tvb_get_guint8(tvb, offset);
164 proto_tree_add_item(sap_tree, hf_sap_auth_len, tvb, offset, 1, ENC_NA);
167 proto_tree_add_item(sap_tree, hf_sap_message_identifier_hash, tvb, offset, 2, ENC_BIG_ENDIAN);
171 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv4, tvb, offset, addr_len, ENC_BIG_ENDIAN);
173 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv6, tvb, offset, addr_len, ENC_BIG_ENDIAN);
176 /* Authentication data lives in its own subtree */
178 guint32 auth_data_len;
179 proto_item *sdi, *sai;
180 proto_tree *sa_tree, *saf_tree;
184 auth_data_len = (guint32)(auth_len * sizeof(guint32));
186 sdi = proto_tree_add_item(sap_tree, hf_auth_data, tvb, offset, auth_data_len, ENC_NA);
187 sa_tree = proto_item_add_subtree(sdi, ett_sap_auth);
189 auth_flags = tvb_get_guint8(tvb, offset);
190 sai = proto_tree_add_item(sa_tree, hf_auth_flags, tvb, offset, 1, ENC_NA);
191 saf_tree = proto_item_add_subtree(sai, ett_sap_authf);
192 proto_tree_add_item(saf_tree, hf_auth_flags_v, tvb, offset, 1, ENC_NA);
193 proto_tree_add_item(saf_tree, hf_auth_flags_p, tvb, offset, 1, ENC_NA);
194 proto_tree_add_item(saf_tree, hf_auth_flags_t, tvb, offset, 1, ENC_NA);
196 has_pad = auth_flags&MCAST_SAP_AUTH_BIT_P;
198 pad_len = tvb_get_guint8(tvb, offset+auth_data_len-1);
201 if ((int) auth_data_len - pad_len - 1 < 0) {
202 expert_add_info_format(pinfo, sai, &ei_sap_bogus_authentication_or_pad_length,
203 "Bogus authentication length (%d) or pad length (%d)", auth_len, pad_len);
208 proto_tree_add_item(sa_tree, hf_sap_auth_subheader, tvb, offset+1, auth_data_len-pad_len-1, ENC_NA);
210 proto_tree_add_item(sa_tree, hf_sap_auth_data_padding_len, tvb, offset+auth_data_len-1, 1, ENC_NA);
211 proto_tree_add_item(sa_tree, hf_sap_auth_data_padding, tvb, offset+auth_data_len-pad_len, pad_len, ENC_NA);
214 offset += auth_data_len;
217 if (is_enc || is_comp) {
218 expert_field *mangle;
219 if (is_enc && is_comp)
220 mangle = &ei_sap_compressed_and_encrypted;
222 mangle = &ei_sap_encrypted;
224 mangle = &ei_sap_compressed;
226 proto_tree_add_expert(sap_tree, pinfo, mangle, tvb, offset, -1);
231 /* Do we have the optional payload type aka. MIME content specifier */
232 if (tvb_strneql(tvb, offset, "v=", strlen("v="))) {
238 remaining_len = tvb_length_remaining(tvb, offset);
239 if (remaining_len == 0) {
241 * "tvb_strneql()" failed because there was no
242 * data left in the packet.
244 * Set the remaining length to 1, so that
245 * we throw the appropriate exception in
246 * "tvb_get_ptr()", rather than displaying
252 pt_string_len = tvb_strnlen(tvb, offset, remaining_len);
253 if (pt_string_len == -1) {
255 * We didn't find a terminating '\0'; run to the
258 pt_string_len = remaining_len;
259 pt_len = pt_string_len;
262 * Include the '\0' in the total item length.
264 pt_len = pt_string_len + 1;
267 pt_str = tvb_get_string(wmem_packet_scope(), tvb, offset, pt_string_len);
268 proto_tree_add_string_format_value(sap_tree, hf_sap_payload_type, tvb, offset, pt_len,
269 pt_str, "%.*s", pt_string_len, pt_str);
275 next_tvb = tvb_new_subset_remaining(tvb, offset);
276 call_dissector(sdp_handle, next_tvb, pinfo, tree);
279 void proto_register_sap(void)
282 static hf_register_info hf[] = {
284 { "Flags", "sap.flags",
285 FT_UINT8, BASE_HEX, NULL, 0x0,
286 "Bits in the beginning of the SAP header", HFILL }},
289 { "Version Number", "sap.flags.v",
290 FT_UINT8, BASE_DEC, VALS(mcast_sap_ver), MCAST_SAP_VERSION_MASK,
291 "3 bit version field in the SAP header", HFILL }},
294 { "Address Type", "sap.flags.a",
295 FT_BOOLEAN, 8, TFS(&mcast_sap_address_type), MCAST_SAP_BIT_A,
296 "Originating source address type", HFILL }},
299 { "Reserved", "sap.flags.r",
300 FT_BOOLEAN, 8, TFS(&tfs_set_notset), MCAST_SAP_BIT_R,
304 { "Message Type", "sap.flags.t",
305 FT_BOOLEAN, 8, TFS(&mcast_sap_message_type), MCAST_SAP_BIT_T,
306 "Announcement type", HFILL }},
309 { "Encryption Bit", "sap.flags.e",
310 FT_BOOLEAN, 8, TFS(&mcast_sap_crypt_type), MCAST_SAP_BIT_E,
314 { "Compression Bit", "sap.flags.c",
315 FT_BOOLEAN, 8, TFS(&mcast_sap_comp_type), MCAST_SAP_BIT_C,
319 { "Authentication data", "sap.auth",
320 FT_NONE, BASE_NONE, NULL, 0x0,
324 { "Authentication data flags", "sap.auth.flags",
325 FT_UINT8, BASE_HEX, NULL, 0x0,
329 { "Version Number", "sap.auth.flags.v",
330 FT_UINT8, BASE_DEC, VALS(mcast_sap_auth_ver), MCAST_SAP_VERSION_MASK,
334 { "Padding Bit", "sap.auth.flags.p",
335 FT_BOOLEAN, 8, TFS(&mcast_sap_auth_pad), MCAST_SAP_AUTH_BIT_P,
339 { "Authentication Type", "sap.auth.flags.t",
340 FT_UINT8, BASE_DEC, VALS(mcast_sap_auth_type), MCAST_SAP_AUTH_TYPE_MASK,
343 /* Generated from convert_proto_tree_add_text.pl */
344 { &hf_sap_auth_len, { "Authentication Length", "sap.auth.len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
345 { &hf_sap_message_identifier_hash, { "Message Identifier Hash", "sap.message_identifier_hash", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
346 { &hf_sap_originating_source_ipv4, { "Originating Source", "sap.originating_source", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
347 { &hf_sap_originating_source_ipv6, { "Originating Source", "sap.originating_source", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL }},
348 { &hf_sap_auth_subheader, { "Authentication subheader", "sap.auth.subheader", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
349 { &hf_sap_auth_data_padding, { "Authentication data padding", "sap.auth.data_padding", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
350 { &hf_sap_auth_data_padding_len, { "Authentication data pad count (bytes)", "sap.auth.data_padding.len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
351 { &hf_sap_payload_type, { "Payload type", "sap.payload_type", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
354 static gint *ett[] = {
361 static ei_register_info ei[] = {
362 { &ei_sap_compressed_and_encrypted, { "sap.compressed_and_encrypted", PI_UNDECODED, PI_WARN, "The rest of the packet is compressed and encrypted", EXPFILL }},
363 { &ei_sap_encrypted, { "sap.encrypted", PI_UNDECODED, PI_WARN, "The rest of the packet is encrypted", EXPFILL }},
364 { &ei_sap_compressed, { "sap.compressed", PI_UNDECODED, PI_WARN, "The rest of the packet is compressed", EXPFILL }},
366 /* Generated from convert_proto_tree_add_text.pl */
367 { &ei_sap_bogus_authentication_or_pad_length, { "sap.bogus_authentication_or_pad_length", PI_PROTOCOL, PI_WARN, "Bogus authentication length", EXPFILL }},
370 expert_module_t* expert_sap;
372 proto_sap = proto_register_protocol("Session Announcement Protocol", "SAP", "sap");
374 proto_register_field_array(proto_sap, hf, array_length(hf));
375 proto_register_subtree_array(ett, array_length(ett));
376 expert_sap = expert_register_protocol(proto_sap);
377 expert_register_field_array(expert_sap, ei, array_length(ei));
381 proto_reg_handoff_sap(void)
383 dissector_handle_t sap_handle;
385 sap_handle = create_dissector_handle(dissect_sap, proto_sap);
386 dissector_add_uint("udp.port", UDP_PORT_SAP, sap_handle);
389 * Get a handle for the SDP dissector.
391 sdp_handle = find_dissector("sdp");