2 * Routines for AIM Instant Messenger (OSCAR) dissection
3 * Copyright 2000, Ralf Hoelzer <ralf@well.com>
4 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
5 * Copyright 2004, Devin Heitmueller <dheitmueller@netilla.com>
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 #include <epan/packet.h>
42 #include <epan/strutil.h>
44 #include "packet-tcp.h"
45 #include "packet-aim.h"
48 #define TCP_PORT_AIM 5190
53 #define CHANNEL_NEW_CONN 0x01
54 #define CHANNEL_SNAC_DATA 0x02
55 #define CHANNEL_FLAP_ERR 0x03
56 #define CHANNEL_CLOSE_CONN 0x04
57 #define CHANNEL_KEEP_ALIVE 0x05
59 #define CLI_COOKIE 0x01
61 #define FAMILY_ALL_ERROR_INVALID_HEADER 0x0001
62 #define FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED 0x0002
63 #define FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED 0x0003
64 #define FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN 0x0004
65 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE 0x0005
66 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED 0x0006
67 #define FAMILY_ALL_ERROR_OBSOLETE_SNAC 0x0007
68 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER 0x0008
69 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT 0x0009
70 #define FAMILY_ALL_ERROR_REFUSED_BY_CLIENT 0x000a
71 #define FAMILY_ALL_ERROR_REPLY_TOO_BIG 0x000b
72 #define FAMILY_ALL_ERROR_RESPONSES_LOST 0x000c
73 #define FAMILY_ALL_ERROR_REQUEST_DENIED 0x000d
74 #define FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT 0x000e
75 #define FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS 0x000f
76 #define FAMILY_ALL_ERROR_RECIPIENT_BLOCKED 0x0010
77 #define FAMILY_ALL_ERROR_SENDER_TOO_EVIL 0x0011
78 #define FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL 0x0012
79 #define FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE 0x0013
80 #define FAMILY_ALL_ERROR_NO_MATCH 0x0014
81 #define FAMILY_ALL_ERROR_LIST_OVERFLOW 0x0015
82 #define FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS 0x0016
83 #define FAMILY_ALL_ERROR_SERVER_QUEUE_FULL 0x0017
84 #define FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL 0x0018
86 static const value_string aim_flap_channels[] = {
87 { CHANNEL_NEW_CONN, "New Connection" },
88 { CHANNEL_SNAC_DATA, "SNAC Data" },
89 { CHANNEL_FLAP_ERR, "FLAP-Level Error" },
90 { CHANNEL_CLOSE_CONN, "Close Connection" },
91 { CHANNEL_KEEP_ALIVE, "Keep Alive" },
95 static const value_string aim_snac_errors[] = {
96 { FAMILY_ALL_ERROR_INVALID_HEADER, "Invalid SNAC Header" },
97 { FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED, "Server rate limit exceeded" },
98 { FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED, "Client rate limit exceeded" },
99 { FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN, "Recipient not logged in" },
100 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE, "Requested service unavailable" },
101 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED, "Requested service not defined" },
102 { FAMILY_ALL_ERROR_OBSOLETE_SNAC, "Obsolete SNAC issued" },
103 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER, "Not supported by server" },
104 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT, "Not supported by client" },
105 { FAMILY_ALL_ERROR_REFUSED_BY_CLIENT, "Refused by client" },
106 { FAMILY_ALL_ERROR_REPLY_TOO_BIG, "Reply too big" },
107 { FAMILY_ALL_ERROR_RESPONSES_LOST, "Responses lost" },
108 { FAMILY_ALL_ERROR_REQUEST_DENIED, "Request denied" },
109 { FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT, "Incorrect SNAC format" },
110 { FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS, "Insufficient rights" },
111 { FAMILY_ALL_ERROR_RECIPIENT_BLOCKED, "Recipient blocked" },
112 { FAMILY_ALL_ERROR_SENDER_TOO_EVIL, "Sender too evil" },
113 { FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL, "Receiver too evil" },
114 { FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE, "User temporarily unavailable" },
115 { FAMILY_ALL_ERROR_NO_MATCH, "No match" },
116 { FAMILY_ALL_ERROR_LIST_OVERFLOW, "List overflow" },
117 { FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS, "Request ambiguous" },
118 { FAMILY_ALL_ERROR_SERVER_QUEUE_FULL, "Server queue full" },
119 { FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL, "Not while on AOL" },
123 #define AIM_CLIENT_TLV_SCREEN_NAME 0x0001
124 #define AIM_CLIENT_TLV_NEW_ROASTED_PASSWORD 0x0002
125 #define AIM_CLIENT_TLV_CLIENT_ID_STRING 0x0003
126 #define AIM_CLIENT_TLV_ERRORURL 0x0004
127 #define AIM_CLIENT_TLV_BOS_SERVER_STRING 0x0005
128 #define AIM_CLIENT_TLV_AUTH_COOKIE 0x0006
129 #define AIM_CLIENT_TLV_ERRORCODE 0x0008
130 #define AIM_CLIENT_TLV_DISCONNECT_REASON 0x0009
131 #define AIM_CLIENT_TLV_RECONNECT_HOST 0x000a
132 #define AIM_CLIENT_TLV_URL 0x000b
133 #define AIM_CLIENT_TLV_DEBUG_DATA 0x000c
134 #define AIM_CLIENT_TLV_GENERIC_SERVICE_ID 0x000d
135 #define AIM_CLIENT_TLV_CLIENT_COUNTRY 0x000e
136 #define AIM_CLIENT_TLV_CLIENT_LANGUAGE 0x000f
137 #define AIM_CLIENT_TLV_EMAILADDR 0x0011
138 #define AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD 0x0012
139 #define AIM_CLIENT_TLV_REGSTATUS 0x0013
140 #define AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM 0x0014
141 #define AIM_CLIENT_TLV_INVITEMESSAGE 0x0015
142 #define AIM_CLIENT_TLV_CLIENT_ID 0x0016
143 #define AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION 0x0017
144 #define AIM_CLIENT_TLV_CLIENT_MINOR_VERSION 0x0018
145 #define AIM_CLIENT_TLV_CLIENT_LESSER_VERSION 0x0019
146 #define AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER 0x001a
147 #define AIM_CLIENT_TLV_PASSWORD_MD5 0x0025
148 #define AIM_CLIENT_TLV_LATESTBETABUILD 0x0040
149 #define AIM_CLIENT_TLV_LATESTBETAURL 0x0041
150 #define AIM_CLIENT_TLV_LATESTBETAINFO 0x0042
151 #define AIM_CLIENT_TLV_LATESTBETANAME 0x0043
152 #define AIM_CLIENT_TLV_LATESTRELEASEBUILD 0x0044
153 #define AIM_CLIENT_TLV_LATESTRELEASEURL 0x0045
154 #define AIM_CLIENT_TLV_LATESTRELEASEINFO 0x0046
155 #define AIM_CLIENT_TLV_LATESTRELEASENAME 0x0047
156 #define AIM_CLIENT_TLV_BETA_DIGEST_SIG 0x0048
157 #define AIM_CLIENT_TLV_RELEASE_DIGEST_SIG 0x0049
158 #define AIM_CLIENT_TLV_CLIENTUSESSI 0x004a
159 #define AIM_CLIENT_TLV_CHANGE_PASSWORD_URL 0x0054
160 #define AIM_CLIENT_TLV_AWAITING_AUTH 0x0066
161 #define AIM_CLIENT_TLV_MEMBERS 0x00c8
162 #define AIM_CLIENT_TLV_VISIBILITY_BITS 0x00c9
163 #define AIM_CLIENT_TLV_PRIVACY 0x00ca
164 #define AIM_CLIENT_TLV_VISIBLE_CLASS 0x00cb
165 #define AIM_CLIENT_TLV_VISIBLE_MISC 0x00cc
166 #define AIM_CLIENT_TLV_ICQ2K_SHORTCUT 0x00cd
167 #define AIM_CLIENT_TLV_FIRST_LOADED_TIME 0x00d4
168 #define AIM_CLIENT_TLV_BUDDY_ICON_MD5SUM 0x00d5
169 #define AIM_CLIENT_TLV_GIVEN_NAME 0x0131
170 #define AIM_CLIENT_TLV_LOCAL_EMAIL 0x0137
171 #define AIM_CLIENT_TLV_LOCAL_SMS 0x013a
172 #define AIM_CLIENT_TLV_LOCAL_COMMENT 0x013c
173 #define AIM_CLIENT_TLV_LOCAL_PERSONAL_ALERT 0x013d
174 #define AIM_CLIENT_TLV_LOCAL_PERSONAL_SOUND 0x013e
175 #define AIM_CLIENT_TLV_FIRST_MESSAGE_SENT 0x0145
177 const aim_tlv client_tlvs[] = {
178 { AIM_CLIENT_TLV_SCREEN_NAME, "Screen name", dissect_aim_tlv_value_string },
179 { AIM_CLIENT_TLV_NEW_ROASTED_PASSWORD, "Roasted password array", dissect_aim_tlv_value_bytes },
180 { AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD, "Old roasted password array", dissect_aim_tlv_value_bytes },
181 { AIM_CLIENT_TLV_CLIENT_ID_STRING, "Client id string (name, version)", dissect_aim_tlv_value_string },
182 { AIM_CLIENT_TLV_CLIENT_ID, "Client id number", dissect_aim_tlv_value_uint16 },
183 { AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION, "Client major version", dissect_aim_tlv_value_uint16 },
184 { AIM_CLIENT_TLV_CLIENT_MINOR_VERSION, "Client minor version", dissect_aim_tlv_value_uint16 },
185 { AIM_CLIENT_TLV_CLIENT_LESSER_VERSION, "Client lesser version", dissect_aim_tlv_value_uint16 },
186 { AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER, "Client build number", dissect_aim_tlv_value_uint16 },
187 { AIM_CLIENT_TLV_PASSWORD_MD5, "Password Hash (MD5)", dissect_aim_tlv_value_bytes },
188 { AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM, "Client distribution number", dissect_aim_tlv_value_uint16 },
189 { AIM_CLIENT_TLV_CLIENT_LANGUAGE, "Client language", dissect_aim_tlv_value_string },
190 { AIM_CLIENT_TLV_CLIENT_COUNTRY, "Client country", dissect_aim_tlv_value_string },
191 { AIM_CLIENT_TLV_BOS_SERVER_STRING, "BOS server string", dissect_aim_tlv_value_string },
192 { AIM_CLIENT_TLV_AUTH_COOKIE, "Authorization cookie", dissect_aim_tlv_value_bytes },
193 { AIM_CLIENT_TLV_ERRORURL, "Error URL", dissect_aim_tlv_value_string },
194 { AIM_CLIENT_TLV_ERRORCODE, "Error Code", dissect_aim_tlv_value_uint16 },
195 { AIM_CLIENT_TLV_DISCONNECT_REASON, "Disconnect Reason", dissect_aim_tlv_value_uint16 },
196 { AIM_CLIENT_TLV_RECONNECT_HOST, "Reconnect Hostname", dissect_aim_tlv_value_string },
197 { AIM_CLIENT_TLV_URL, "URL", dissect_aim_tlv_value_string },
198 { AIM_CLIENT_TLV_DEBUG_DATA, "Debug Data", dissect_aim_tlv_value_uint16 },
199 { AIM_CLIENT_TLV_EMAILADDR, "Account Email address", dissect_aim_tlv_value_string },
200 { AIM_CLIENT_TLV_REGSTATUS, "Registration Status", dissect_aim_tlv_value_uint16 },
201 { AIM_CLIENT_TLV_LATESTBETABUILD, "Latest Beta Build", dissect_aim_tlv_value_uint32 },
202 { AIM_CLIENT_TLV_LATESTBETAURL, "Latest Beta URL", dissect_aim_tlv_value_string },
203 { AIM_CLIENT_TLV_LATESTBETAINFO, "Latest Beta Info", dissect_aim_tlv_value_string },
204 { AIM_CLIENT_TLV_LATESTBETANAME, "Latest Beta Name", dissect_aim_tlv_value_string },
205 { AIM_CLIENT_TLV_LATESTRELEASEBUILD, "Latest Release Build", dissect_aim_tlv_value_uint32 },
206 { AIM_CLIENT_TLV_LATESTRELEASEURL, "Latest Release URL", dissect_aim_tlv_value_string },
207 { AIM_CLIENT_TLV_LATESTRELEASEINFO, "Latest Release Info", dissect_aim_tlv_value_string },
208 { AIM_CLIENT_TLV_LATESTRELEASENAME, "Latest Release Name", dissect_aim_tlv_value_string },
209 { AIM_CLIENT_TLV_BETA_DIGEST_SIG, "Beta Digest Signature (MD5)" , dissect_aim_tlv_value_bytes },
210 { AIM_CLIENT_TLV_RELEASE_DIGEST_SIG, "Release Digest Signature (MD5)", dissect_aim_tlv_value_bytes },
211 { AIM_CLIENT_TLV_CLIENTUSESSI, "Use SSI", dissect_aim_tlv_value_uint8 },
212 { AIM_CLIENT_TLV_GENERIC_SERVICE_ID, "Service (Family) ID", dissect_aim_tlv_value_uint16 },
213 { AIM_CLIENT_TLV_CHANGE_PASSWORD_URL, "Change password url", dissect_aim_tlv_value_string },
214 { AIM_CLIENT_TLV_AWAITING_AUTH, "Awaiting Authorization", dissect_aim_tlv_value_bytes },
215 { AIM_CLIENT_TLV_MEMBERS, "Members of this Group", dissect_aim_tlv_value_bytes },
216 { AIM_CLIENT_TLV_VISIBILITY_BITS, "Bitfield", dissect_aim_tlv_value_bytes },
217 { AIM_CLIENT_TLV_PRIVACY, "Privacy Settings" , dissect_aim_tlv_value_uint8 },
218 { AIM_CLIENT_TLV_VISIBLE_CLASS, "Visible To Classes", dissect_aim_tlv_value_userclass },
219 { AIM_CLIENT_TLV_VISIBLE_MISC, "Allow Others to See Data", dissect_aim_tlv_value_bytes },
220 { AIM_CLIENT_TLV_ICQ2K_SHORTCUT, "ICQ2K Shortcut List", dissect_aim_tlv_value_string },
221 { AIM_CLIENT_TLV_FIRST_LOADED_TIME, "First Time Buddy Was Added (Unix Timestamp)" , dissect_aim_tlv_value_uint32 },
222 { AIM_CLIENT_TLV_BUDDY_ICON_MD5SUM, "MD5SUM of Current Buddy Icon", dissect_aim_tlv_value_bytes },
223 { AIM_CLIENT_TLV_GIVEN_NAME, "Locally Specified Buddy Name", dissect_aim_tlv_value_string },
224 { AIM_CLIENT_TLV_LOCAL_EMAIL, "Locally Specified Buddy Email", dissect_aim_tlv_value_string },
225 { AIM_CLIENT_TLV_LOCAL_SMS, "Locally Specified Buddy SMS", dissect_aim_tlv_value_string },
226 { AIM_CLIENT_TLV_LOCAL_COMMENT, "Locally Specified Buddy Comment", dissect_aim_tlv_value_string },
227 { AIM_CLIENT_TLV_LOCAL_PERSONAL_ALERT, "Personal Alert for Buddy", dissect_aim_tlv_value_uint16 },
228 { AIM_CLIENT_TLV_LOCAL_PERSONAL_SOUND, "Personal Sound for Buddy", dissect_aim_tlv_value_string },
229 { AIM_CLIENT_TLV_FIRST_MESSAGE_SENT, " First Time Message Sent to Buddy (Unix Timestamp)", dissect_aim_tlv_value_uint32 },
230 { 0, "Unknown", NULL },
234 static int dissect_aim_tlv_value_userstatus(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb);
235 static int dissect_aim_tlv_value_dcinfo(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb);
237 #define AIM_ONLINEBUDDY_USERCLASS 0x0001
238 #define AIM_ONLINEBUDDY_ONSINCE 0x0003
239 #define AIM_ONLINEBUDDY_IDLETIME 0x0004
240 #define AIM_ONLINEBUDDY_MEMBERSINCE 0x0005
241 #define AIM_ONLINEBUDDY_STATUS 0x0006
242 #define AIM_ONLINEBUDDY_TIMEUPDATE 0x0011
243 #define AIM_ONLINEBUDDY_IPADDR 0x000a
244 #define AIM_ONLINEBUDDY_DCINFO 0x000c
245 #define AIM_ONLINEBUDDY_CAPINFO 0x000d
246 #define AIM_ONLINEBUDDY_UNKNOWN 0x000e
247 #define AIM_ONLINEBUDDY_SESSIONLEN 0x000f
248 #define AIM_ONLINEBUDDY_ICQSESSIONLEN 0x0010
250 const aim_tlv onlinebuddy_tlvs[] = {
251 { AIM_ONLINEBUDDY_USERCLASS, "User class", dissect_aim_tlv_value_userclass },
252 { AIM_ONLINEBUDDY_ONSINCE, "Online since", dissect_aim_tlv_value_uint32 },
253 { AIM_ONLINEBUDDY_IDLETIME, "Idle time (sec)", dissect_aim_tlv_value_uint16 },
254 { AIM_ONLINEBUDDY_STATUS, "Online status", dissect_aim_tlv_value_userstatus },
255 { AIM_ONLINEBUDDY_IPADDR, "User IP Address", dissect_aim_tlv_value_ipv4 },
256 { AIM_ONLINEBUDDY_DCINFO, "DC Info", dissect_aim_tlv_value_dcinfo},
257 { AIM_ONLINEBUDDY_CAPINFO, "Capability Info", dissect_aim_tlv_value_bytes },
258 { AIM_ONLINEBUDDY_MEMBERSINCE, "Member since", dissect_aim_tlv_value_time },
259 { AIM_ONLINEBUDDY_UNKNOWN, "Unknown", dissect_aim_tlv_value_uint16 },
260 { AIM_ONLINEBUDDY_TIMEUPDATE, "Time update", dissect_aim_tlv_value_bytes },
261 { AIM_ONLINEBUDDY_SESSIONLEN, "Session Length (sec)", dissect_aim_tlv_value_uint32 },
262 { AIM_ONLINEBUDDY_ICQSESSIONLEN, "ICQ Session Length (sec)", dissect_aim_tlv_value_uint32 },
263 { 0, "Unknown", NULL }
269 const value_string *subtypes;
272 static GList *families = NULL;
274 #define AIM_MOTD_TLV_MOTD 0x000B
276 const aim_tlv motd_tlvs[] = {
277 { AIM_MOTD_TLV_MOTD, "Message of the day message", dissect_aim_tlv_value_string },
278 { 0, "Unknown", NULL }
281 #define FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS 0x0005
282 #define FAMILY_GENERIC_REDIRECT_AUTH_COOKIE 0x0006
283 #define FAMILY_GENERIC_REDIRECT_FAMILY_ID 0x000D
285 static const aim_tlv aim_fnac_family_generic_redirect_tlv[] = {
286 { FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS, "Server address and (optional) port", dissect_aim_tlv_value_string },
287 { FAMILY_GENERIC_REDIRECT_AUTH_COOKIE, "Authorization cookie", dissect_aim_tlv_value_string },
288 { FAMILY_GENERIC_REDIRECT_FAMILY_ID, "Family ID", dissect_aim_tlv_value_uint16 },
289 { 0, "Unknown", NULL }
292 #define FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE 0x0001
293 #define FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE 0x0002
294 #define FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN 0x0003
295 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL 0x0004
296 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS 0x0006
298 static const value_string aim_snac_generic_motd_motdtypes[] = {
299 { FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE, "Mandatory Upgrade Needed Notice" },
300 { FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE, "Advisable Upgrade Notice" },
301 { FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN, "AIM/ICQ Service System Announcements" },
302 { FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL, "Standard Notice" },
303 { FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS, "News from AOL service" },
307 #define CLASS_UNCONFIRMED 0x0001
308 #define CLASS_ADMINISTRATOR 0x0002
309 #define CLASS_AOL 0x0004
310 #define CLASS_COMMERCIAL 0x0008
311 #define CLASS_FREE 0x0010
312 #define CLASS_AWAY 0x0020
313 #define CLASS_ICQ 0x0040
314 #define CLASS_WIRELESS 0x0080
315 #define CLASS_UNKNOWN100 0x0100
316 #define CLASS_UNKNOWN200 0x0200
317 #define CLASS_UNKNOWN400 0x0400
318 #define CLASS_UNKNOWN800 0x0800
320 #define FNAC_FLAG_NEXT_IS_RELATED 0x0001
321 #define FNAC_FLAG_CONTAINS_VERSION 0x8000
323 #define FNAC_TLV_FAMILY_VERSION 0x0001
325 static const aim_tlv fnac_tlvs[] = {
326 { FNAC_TLV_FAMILY_VERSION, "SNAC Family Version", dissect_aim_tlv_value_uint16 },
327 { 0, "Unknown", NULL }
330 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
331 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset);
332 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
334 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree);
335 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
336 int offset, proto_tree *tree, proto_tree *root_tree);
337 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
338 int offset, proto_tree *tree);
339 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
340 int offset, proto_tree *tree);
341 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
342 int offset, proto_tree *tree);
343 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
344 int offset, proto_tree *tree);
346 static dissector_table_t subdissector_table;
348 /* Initialize the protocol and registered fields */
349 static int proto_aim = -1;
350 static int hf_aim_cmd_start = -1;
351 static int hf_aim_channel = -1;
352 static int hf_aim_seqno = -1;
353 static int hf_aim_data = -1;
354 static int hf_aim_data_len = -1;
355 static int hf_aim_signon_challenge_len = -1;
356 static int hf_aim_signon_challenge = -1;
357 static int hf_aim_fnac_family = -1;
358 static int hf_aim_fnac_subtype = -1;
359 static int hf_aim_fnac_flags = -1;
360 static int hf_aim_fnac_flag_next_is_related = -1;
361 static int hf_aim_fnac_flag_contains_version = -1;
362 static int hf_aim_fnac_id = -1;
363 static int hf_aim_infotype = -1;
364 static int hf_aim_buddyname_len = -1;
365 static int hf_aim_buddyname = -1;
366 static int hf_aim_userinfo_warninglevel = -1;
367 static int hf_aim_snac_error = -1;
368 static int hf_aim_tlvcount = -1;
369 static int hf_aim_authcookie = -1;
370 static int hf_aim_userclass_unconfirmed = -1;
371 static int hf_aim_userclass_administrator = -1;
372 static int hf_aim_userclass_aol = -1;
373 static int hf_aim_userclass_commercial = -1;
374 static int hf_aim_userclass_free = -1;
375 static int hf_aim_userclass_away = -1;
376 static int hf_aim_userclass_icq = -1;
377 static int hf_aim_userclass_wireless = -1;
378 static int hf_aim_userclass_unknown100 = -1;
379 static int hf_aim_userclass_unknown200 = -1;
380 static int hf_aim_userclass_unknown400 = -1;
381 static int hf_aim_userclass_unknown800 = -1;
382 static int hf_aim_messageblock_featuresdes = -1;
383 static int hf_aim_messageblock_featureslen = -1;
384 static int hf_aim_messageblock_features = -1;
385 static int hf_aim_messageblock_info = -1;
386 static int hf_aim_messageblock_len = -1;
387 static int hf_aim_messageblock_charset = -1;
388 static int hf_aim_messageblock_charsubset = -1;
389 static int hf_aim_messageblock_message = -1;
392 /* Initialize the subtree pointers */
393 static gint ett_aim = -1;
394 static gint ett_aim_buddyname= -1;
395 static gint ett_aim_fnac = -1;
396 static gint ett_aim_fnac_flags = -1;
397 static gint ett_aim_tlv = -1;
398 static gint ett_aim_userclass = -1;
399 static gint ett_aim_messageblock = -1;
401 /* desegmentation of AIM over TCP */
402 static gboolean aim_desegment = TRUE;
404 /* Code to actually dissect the packets */
405 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
407 /* check, if this is really an AIM packet, they start with 0x2a */
408 /* XXX - I've seen some stuff starting with 0x5a followed by 0x2a */
410 if(tvb_bytes_exist(tvb, 0, 1) && tvb_get_guint8(tvb, 0) != 0x2a) {
411 /* Not an instant messenger packet, just happened to use the same port */
412 /* XXX - if desegmentation disabled, this might be a continuation
413 packet, not a non-AIM packet */
417 tcp_dissect_pdus(tvb, pinfo, tree, aim_desegment, 6, get_aim_pdu_len,
419 return tvb_length(tvb);
422 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset)
427 * Get the length of the AIM packet.
429 plen = tvb_get_ntohs(tvb, offset + 4);
432 * That length doesn't include the length of the header itself; add that in.
437 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
440 unsigned char hdr_channel; /* channel ID */
441 unsigned short hdr_sequence_no; /* Internal frame sequence number, not needed */
442 unsigned short hdr_data_field_length; /* length of data within frame */
446 /* Set up structures we will need to add the protocol subtree and manage it */
448 proto_tree *aim_tree = NULL;
450 /* Make entries in Protocol column and Info column on summary display */
451 if (check_col(pinfo->cinfo, COL_PROTOCOL))
452 col_set_str(pinfo->cinfo, COL_PROTOCOL, "AIM");
454 if (check_col(pinfo->cinfo, COL_INFO))
455 col_add_str(pinfo->cinfo, COL_INFO, "AOL Instant Messenger");
457 /* get relevant header information */
458 offset += 1; /* XXX - put the identifier into the tree? */
459 hdr_channel = tvb_get_guint8(tvb, offset);
461 hdr_sequence_no = tvb_get_ntohs(tvb, offset);
463 hdr_data_field_length = tvb_get_ntohs(tvb, offset);
466 /* In the interest of speed, if "tree" is NULL, don't do any work not
467 necessary to generate protocol tree items. */
469 ti = proto_tree_add_item(tree, proto_aim, tvb, 0, -1, FALSE);
470 aim_tree = proto_item_add_subtree(ti, ett_aim);
471 proto_tree_add_uint(aim_tree, hf_aim_cmd_start, tvb, 0, 1, '*');
472 proto_tree_add_item(aim_tree, hf_aim_channel, tvb, 1, 1, FALSE);
473 proto_tree_add_uint(aim_tree, hf_aim_seqno, tvb, 2, 2, hdr_sequence_no);
474 proto_tree_add_uint(aim_tree, hf_aim_data_len, tvb, 4, 2, hdr_data_field_length);
480 case CHANNEL_NEW_CONN:
481 dissect_aim_newconn(tvb, pinfo, offset, aim_tree);
483 case CHANNEL_SNAC_DATA:
484 dissect_aim_snac(tvb, pinfo, offset, aim_tree, tree);
486 case CHANNEL_FLAP_ERR:
487 dissect_aim_flap_err(tvb, pinfo, offset, aim_tree);
489 case CHANNEL_CLOSE_CONN:
490 dissect_aim_close_conn(tvb, pinfo, offset, aim_tree);
492 case CHANNEL_KEEP_ALIVE:
493 dissect_aim_keep_alive(tvb, pinfo, offset, aim_tree);
496 dissect_aim_unknown_channel(tvb, pinfo, offset, aim_tree);
502 const char *aim_get_subtypename( guint16 famnum, guint16 subtype )
504 GList *gl = families;
506 struct aim_family *fam = gl->data;
507 if(fam->family == famnum) return match_strval(subtype, fam->subtypes);
515 const char *aim_get_familyname( guint16 famnum )
517 GList *gl = families;
519 struct aim_family *fam = gl->data;
520 if(fam->family == famnum) return fam->name;
527 int aim_get_buddyname( char *name, tvbuff_t *tvb, int len_offset, int name_offset)
529 guint8 buddyname_length;
531 buddyname_length = tvb_get_guint8(tvb, len_offset);
533 if(buddyname_length > MAX_BUDDYNAME_LENGTH ) buddyname_length = MAX_BUDDYNAME_LENGTH;
534 tvb_get_nstringz0(tvb, name_offset, buddyname_length + 1, name);
536 return buddyname_length;
540 void aim_get_message( guchar *msg, tvbuff_t *tvb, int msg_offset, int msg_length)
544 int max, tagchars = 0;
545 int new_offset = msg_offset;
546 int new_length = msg_length;
550 /* make sure nothing bigger than 1000 bytes is printed */
551 if( msg_length > 999 ) return;
553 memset( msg, '\0', 1000);
557 /* loop until HTML tag is reached - quick&dirty way to find start of message
558 * (it is nearly impossible to find the correct start offset for all client versions) */
559 while( (tagchars < 6) && (new_length > 5) )
561 j = tvb_get_guint8(tvb, new_offset);
562 if( ( (j == '<') && (tagchars == 0) ) ||
563 ( (j == 'h') && (tagchars == 1) ) ||
564 ( (j == 'H') && (tagchars == 1) ) ||
565 ( (j == 't') && (tagchars == 2) ) ||
566 ( (j == 'T') && (tagchars == 2) ) ||
567 ( (j == 'm') && (tagchars == 3) ) ||
568 ( (j == 'M') && (tagchars == 3) ) ||
569 ( (j == 'l') && (tagchars == 4) ) ||
570 ( (j == 'L') && (tagchars == 4) ) ||
571 ( (j == '>') && (tagchars == 5) ) ) tagchars++;
576 /* set offset and length of message to after the first HTML tag */
577 msg_offset = new_offset;
578 msg_length = new_length;
579 max = msg_length - 1;
582 /* find the rest of the message until either a </html> is reached or the end of the frame.
583 * All other HTML tags are stripped to display only the raw message (printable characters) */
584 while( (c < max) && (tagchars < 7) )
586 j = tvb_get_guint8(tvb, msg_offset+c);
589 /* make sure this is an HTML tag by checking the order of the chars */
590 if( ( (j == '<') && (tagchars == 0) ) ||
591 ( (j == '/') && (tagchars == 1) ) ||
592 ( (j == 'h') && (tagchars == 2) ) ||
593 ( (j == 'H') && (tagchars == 2) ) ||
594 ( (j == 't') && (tagchars == 3) ) ||
595 ( (j == 'T') && (tagchars == 3) ) ||
596 ( (j == 'm') && (tagchars == 4) ) ||
597 ( (j == 'M') && (tagchars == 4) ) ||
598 ( (j == 'l') && (tagchars == 5) ) ||
599 ( (j == 'L') && (tagchars == 5) ) ||
600 ( (j == '>') && (tagchars == 6) ) ) tagchars++;
603 if( j == '<' ) bracket = TRUE;
604 if( j == '>' ) bracket = FALSE;
605 if( (isprint(j) ) && (bracket == FALSE) && (j != '>'))
617 void aim_init_family(guint16 family, const char *name, const value_string *subtypes)
619 struct aim_family *fam = g_new(struct aim_family, 1);
620 fam->name = g_strdup(name);
621 fam->family = family;
622 fam->subtypes = subtypes;
623 families = g_list_append(families, fam);
626 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo,
627 int offset, proto_tree *tree)
629 if (check_col(pinfo->cinfo, COL_INFO))
630 col_add_fstr(pinfo->cinfo, COL_INFO, "New Connection");
632 if (tvb_length_remaining(tvb, offset) > 0) {
633 proto_tree_add_item(tree, hf_aim_authcookie, tvb, offset, 4, FALSE);
635 while(tvb_reported_length_remaining(tvb, offset) > 0) {
636 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, client_tlvs);
640 if (tvb_length_remaining(tvb, offset) > 0)
641 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
645 int dissect_aim_snac_error(tvbuff_t *tvb, packet_info *pinfo,
646 int offset, proto_tree *aim_tree)
649 if ((name = match_strval(tvb_get_ntohs(tvb, offset), aim_snac_errors)) != NULL) {
650 if (check_col(pinfo->cinfo, COL_INFO))
651 col_add_fstr(pinfo->cinfo, COL_INFO, name);
654 proto_tree_add_item (aim_tree, hf_aim_snac_error,
655 tvb, offset, 2, FALSE);
656 return tvb_length_remaining(tvb, 2);
659 int dissect_aim_userinfo(tvbuff_t *tvb, packet_info *pinfo,
660 int offset, proto_tree *tree)
662 offset = dissect_aim_buddyname(tvb, pinfo, offset, tree);
664 proto_tree_add_item(tree, hf_aim_userinfo_warninglevel, tvb, offset, 2, FALSE);
667 return dissect_aim_tlv_list(tvb, pinfo, offset, tree, onlinebuddy_tlvs);
670 int dissect_aim_fnac_flags(tvbuff_t *tvb, int offset, int len, proto_item *ti, guint16 flags)
672 proto_tree *entry = proto_item_add_subtree(ti, ett_aim_fnac_flags);
673 proto_tree_add_boolean(entry, hf_aim_fnac_flag_next_is_related, tvb, offset, len, flags);
674 proto_tree_add_boolean(entry, hf_aim_fnac_flag_contains_version, tvb, offset, len, flags);
678 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
679 int offset, proto_tree *aim_tree, proto_tree *root_tree)
686 struct aiminfo aiminfo;
687 const char *fam_name, *subtype_name;
688 proto_tree *aim_tree_fnac = NULL;
692 orig_offset = offset;
693 family = tvb_get_ntohs(tvb, offset);
694 fam_name = aim_get_familyname(family);
696 subtype = tvb_get_ntohs(tvb, offset);
697 subtype_name = aim_get_subtypename(family, subtype);
699 flags = tvb_get_ntohs(tvb, offset);
701 id = tvb_get_ntohl(tvb, offset);
704 if (check_col(pinfo->cinfo, COL_INFO)) {
705 col_add_fstr(pinfo->cinfo, COL_INFO, "SNAC data");
710 offset = orig_offset;
711 ti1 = proto_tree_add_text(aim_tree, tvb, 6, 10, "FNAC");
712 aim_tree_fnac = proto_item_add_subtree(ti1, ett_aim_fnac);
714 proto_tree_add_text (aim_tree_fnac,
715 tvb, offset, 2, "Family: %s (0x%04x)", fam_name?fam_name:"Unknown", family);
718 proto_tree_add_text (aim_tree_fnac,
719 tvb, offset, 2, "Subtype: %s (0x%04x)", subtype_name?subtype_name:"Unknown", subtype);
722 ti1 = proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_flags, tvb, offset,
725 offset = dissect_aim_fnac_flags(tvb, offset, 2, ti1, flags);
727 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_id, tvb, offset,
732 if(flags & FNAC_FLAG_CONTAINS_VERSION) {
733 guint16 len = tvb_get_ntohs(tvb, offset);
738 while(offset < oldoffset + len) {
739 offset = dissect_aim_tlv(tvb, pinfo, offset, aim_tree, fnac_tlvs);
743 subtvb = tvb_new_subset(tvb, offset, -1, -1);
744 aiminfo.tcpinfo = pinfo->private_data;
745 aiminfo.family = family;
746 aiminfo.subtype = subtype;
747 pinfo->private_data = &aiminfo;
749 if (check_col(pinfo->cinfo, COL_INFO)) {
750 if(fam_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", fam_name);
751 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Family: 0x%04x", family);
752 if(subtype_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", subtype_name);
753 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Subtype: 0x%04x", subtype);
756 if(tvb_length_remaining(tvb, offset) == 0 || !dissector_try_port(subdissector_table, family, subtvb, pinfo, root_tree)) {
757 /* Show the undissected payload */
758 if (tvb_length_remaining(tvb, offset) > 0)
759 proto_tree_add_item(aim_tree, hf_aim_data, tvb, offset, -1, FALSE);
763 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
764 int offset, proto_tree *tree)
766 if (check_col(pinfo->cinfo, COL_INFO)) {
767 col_add_fstr(pinfo->cinfo, COL_INFO, "FLAP error");
770 /* Show the undissected payload */
771 if (tvb_length_remaining(tvb, offset) > 0)
772 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
775 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
776 int offset, proto_tree *tree)
778 if (check_col(pinfo->cinfo, COL_INFO)) {
779 col_add_fstr(pinfo->cinfo, COL_INFO, "Keep Alive");
782 /* Show the undissected payload */
783 if (tvb_length_remaining(tvb, offset) > 0)
784 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
787 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
788 int offset, proto_tree *tree)
790 if (check_col(pinfo->cinfo, COL_INFO)) {
791 col_add_fstr(pinfo->cinfo, COL_INFO, "Close Connection");
794 while(tvb_reported_length_remaining(tvb, offset) > 0) {
795 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, client_tlvs);
799 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
800 int offset, proto_tree *tree)
802 if (check_col(pinfo->cinfo, COL_INFO)) {
803 col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown Channel");
806 /* Show the undissected payload */
807 if (tvb_length_remaining(tvb, offset) > 0)
808 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
811 int dissect_aim_buddyname(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
814 guint8 buddyname_length = 0;
816 proto_item *ti = NULL;
817 proto_tree *buddy_tree = NULL;
819 buddyname_length = tvb_get_guint8(tvb, offset);
821 buddyname = tvb_get_string(tvb, offset, buddyname_length);
824 ti = proto_tree_add_text(tree, tvb, offset-1, 1+buddyname_length,
826 format_text(buddyname, buddyname_length));
827 buddy_tree = proto_item_add_subtree(ti, ett_aim_buddyname);
830 proto_tree_add_item(buddy_tree, hf_aim_buddyname_len, tvb, offset-1, 1, FALSE);
831 proto_tree_add_item(buddy_tree, hf_aim_buddyname, tvb, offset, buddyname_length, FALSE);
832 return offset+buddyname_length;
836 int dissect_aim_tlv_value_client_capabilities(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
839 return tvb_length(tvb);
842 int dissect_aim_tlv_value_time(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
845 return tvb_length(tvb);
848 int dissect_aim_userclass(tvbuff_t *tvb, int offset, int len, proto_item *ti, guint32 flags)
852 entry = proto_item_add_subtree(ti, ett_aim_userclass);
853 proto_tree_add_boolean(entry, hf_aim_userclass_unconfirmed, tvb, offset, len, flags);
854 proto_tree_add_boolean(entry, hf_aim_userclass_administrator, tvb, offset, len, flags);
855 proto_tree_add_boolean(entry, hf_aim_userclass_aol, tvb, offset, len, flags);
856 proto_tree_add_boolean(entry, hf_aim_userclass_commercial, tvb, offset, len, flags);
857 proto_tree_add_boolean(entry, hf_aim_userclass_free, tvb, offset, len, flags);
858 proto_tree_add_boolean(entry, hf_aim_userclass_away, tvb, offset, len, flags);
859 proto_tree_add_boolean(entry, hf_aim_userclass_icq, tvb, offset, len, flags);
860 proto_tree_add_boolean(entry, hf_aim_userclass_wireless, tvb, offset, len, flags);
861 proto_tree_add_boolean(entry, hf_aim_userclass_unknown100, tvb, offset, len, flags);
862 proto_tree_add_boolean(entry, hf_aim_userclass_unknown200, tvb, offset, len, flags);
863 proto_tree_add_boolean(entry, hf_aim_userclass_unknown400, tvb, offset, len, flags);
864 proto_tree_add_boolean(entry, hf_aim_userclass_unknown800, tvb, offset, len, flags);
868 int dissect_aim_tlv_value_userclass(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb)
870 guint16 value16 = tvb_get_ntohs(tvb, 0);
871 proto_item_set_text(ti, "Value: 0x%04x", value16);
872 return dissect_aim_userclass(tvb, 0, 2, ti, value16);
875 static int dissect_aim_tlv_value_userstatus(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
878 return tvb_length(tvb);
881 static int dissect_aim_tlv_value_dcinfo(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
884 return tvb_length(tvb);
887 int dissect_aim_tlv_value_string (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb)
892 string_len = tvb_length(tvb);
893 buf = tvb_get_string(tvb, 0, string_len);
894 proto_item_set_text(ti, "Value: %s", format_text(buf, string_len));
899 int dissect_aim_tlv_value_bytes (proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb _U_)
901 return tvb_length(tvb);
904 int dissect_aim_tlv_value_uint8 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
905 guint8 value8 = tvb_get_guint8(tvb, 0);
906 proto_item_set_text(ti, "Value: %d", value8);
910 int dissect_aim_tlv_value_uint16 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
911 guint16 value16 = tvb_get_ntohs(tvb, 0);
912 proto_item_set_text(ti, "Value: %d", value16);
916 int dissect_aim_tlv_value_ipv4 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
917 /* FIXME: Somewhat more readable format ? */
918 guint32 value32 = tvb_get_ntoh24(tvb, 0);
919 proto_item_set_text(ti, "Value: %d", value32);
923 int dissect_aim_tlv_value_uint32 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
924 guint32 value32 = tvb_get_ntoh24(tvb, 0);
925 proto_item_set_text(ti, "Value: %d", value32);
929 int dissect_aim_tlv_value_messageblock (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
936 /* Setup a new subtree */
937 entry = proto_item_add_subtree(ti, ett_aim_messageblock);
939 /* Features descriptor */
940 proto_tree_add_item(entry, hf_aim_messageblock_featuresdes, tvb, offset, 2,
944 /* Features Length */
945 featurelen = tvb_get_ntohs(tvb, offset);
946 proto_tree_add_item(entry, hf_aim_messageblock_featureslen, tvb, offset, 2,
950 /* Features (should be expanded further @@@@@@@ ) */
951 proto_tree_add_item(entry, hf_aim_messageblock_features, tvb, offset,
953 offset += featurelen;
955 /* There can be multiple messages in this message block */
956 while (tvb_length_remaining(tvb, offset) > 0) {
958 proto_tree_add_item(entry, hf_aim_messageblock_info, tvb, offset, 2,
962 /* Block length (includes charset and charsubset) */
963 blocklen = tvb_get_ntohs(tvb, offset);
964 proto_tree_add_item(entry, hf_aim_messageblock_len, tvb, offset, 2,
969 proto_tree_add_item(entry, hf_aim_messageblock_charset, tvb, offset, 2,
973 /* Character subset */
974 proto_tree_add_item(entry, hf_aim_messageblock_charsubset, tvb, offset, 2,
978 /* The actual message */
979 buf = tvb_get_string(tvb, offset, blocklen - 4 );
980 proto_item_set_text(ti, "Message: %s",
981 format_text(buf, blocklen - 4));
982 proto_tree_add_item(entry, hf_aim_messageblock_message, tvb, offset,
985 offset += tvb_length_remaining(tvb, offset);
992 /* Dissect a TLV value */
993 int dissect_aim_tlv(tvbuff_t *tvb, packet_info *pinfo _U_,
994 int offset, proto_tree *tree, const aim_tlv *tlv)
1001 proto_tree *tlv_tree;
1004 /* Record the starting offset so we can reuse it at the second pass */
1005 orig_offset = offset;
1007 /* Get the value ID */
1008 valueid = tvb_get_ntohs(tvb, offset);
1011 /* Figure out which entry applies from the tlv list */
1013 while (tmp[i].valueid) {
1014 if (tmp[i].valueid == valueid) {
1015 /* We found a match */
1021 /* At this point, we are either pointing at the correct record, or
1022 we didn't find the record, and are pointing at the last item in the
1025 length = tvb_get_ntohs(tvb, offset);
1030 offset = orig_offset;
1032 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4, "TLV: %s", tmp[i].desc);
1034 tlv_tree = proto_item_add_subtree(ti1, ett_aim_tlv);
1036 proto_tree_add_text(tlv_tree, tvb, offset, 2,
1037 "Value ID: %s (0x%04x)", tmp[i].desc, valueid);
1040 proto_tree_add_text(tlv_tree, tvb, offset, 2,
1041 "Length: %d", length);
1044 ti1 = proto_tree_add_text(tlv_tree, tvb, offset, length,
1047 if (tmp[i].dissector) {
1048 tmp[i].dissector(ti1, valueid, tvb_new_subset(tvb, offset, length, length));
1054 /* Return the new length */
1058 int dissect_aim_tlv_list(tvbuff_t *tvb, packet_info *pinfo _U_,
1059 int offset, proto_tree *tree, const aim_tlv *tlv_table)
1061 guint16 i, tlv_count = tvb_get_ntohs(tvb, offset);
1063 proto_tree_add_item(tree, hf_aim_tlvcount, tvb, offset, 2, FALSE);
1066 for(i = 0; i < tlv_count; i++) {
1067 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, tlv_table);
1072 /* Register the protocol with Ethereal */
1074 proto_register_aim(void)
1077 /* Setup list of header fields */
1078 static hf_register_info hf[] = {
1079 { &hf_aim_cmd_start,
1080 { "Command Start", "aim.cmd_start", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }
1083 { "Channel ID", "aim.channel", FT_UINT8, BASE_HEX, VALS(aim_flap_channels), 0x0, "", HFILL }
1086 { "Sequence Number", "aim.seqno", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1088 { &hf_aim_authcookie,
1089 { "Authentication Cookie", "aim.authcookie", FT_BYTES, BASE_DEC, NULL, 0x0, "", HFILL },
1092 { "Data Field Length", "aim.datalen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1095 { "Data", "aim.data", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }
1097 { &hf_aim_signon_challenge_len,
1098 { "Signon challenge length", "aim.signon.challengelen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1100 { &hf_aim_signon_challenge,
1101 { "Signon challenge", "aim.signon.challenge", FT_STRING, BASE_HEX, NULL, 0x0, "", HFILL }
1103 { &hf_aim_fnac_family,
1104 { "FNAC Family ID", "aim.fnac.family", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1106 { &hf_aim_fnac_subtype,
1107 { "FNAC Subtype ID", "aim.fnac.subtype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1109 { &hf_aim_fnac_flags,
1110 { "FNAC Flags", "aim.fnac.flags", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1113 { "FNAC ID", "aim.fnac.id", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }
1116 { "Infotype", "aim.infotype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1118 { &hf_aim_buddyname_len,
1119 { "Buddyname len", "aim.buddynamelen", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
1121 { &hf_aim_buddyname,
1122 { "Buddy Name", "aim.buddyname", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }
1125 { "TLV Count", "aim.tlvcount", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1127 { &hf_aim_snac_error,
1128 { "SNAC Error", "aim.snac.error", FT_UINT16,
1129 BASE_HEX, VALS(aim_snac_errors), 0x0, "", HFILL },
1131 { &hf_aim_userclass_unconfirmed,
1132 { "AOL Unconfirmed user flag", "aim.userclass.unconfirmed", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNCONFIRMED, "", HFILL },
1134 { &hf_aim_userclass_administrator,
1135 { "AOL Administrator flag", "aim.userclass.administrator", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_ADMINISTRATOR, "", HFILL },
1137 { &hf_aim_userclass_aol,
1138 { "AOL Staff User Flag", "aim.userclass.staff", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_AOL, "", HFILL },
1140 { &hf_aim_userclass_commercial,
1141 { "AOL commercial account flag", "aim.userclass.commercial", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_COMMERCIAL, "", HFILL },
1143 { &hf_aim_userclass_free,
1144 { "ICQ non-commercial account flag", "aim.userclass.noncommercial", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_FREE, "", HFILL },
1146 { &hf_aim_userclass_away,
1147 { "AOL away status flag", "aim.userclass.away", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_AWAY, "", HFILL },
1149 { &hf_aim_userclass_icq,
1150 { "ICQ user sign", "aim.userclass.icq", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_ICQ, "", HFILL },
1152 { &hf_aim_userclass_wireless,
1153 { "AOL wireless user", "aim.userclass.wireless", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_WIRELESS, "", HFILL },
1155 { &hf_aim_userclass_unknown100,
1156 { "Unknown bit", "aim.userclass.unknown100", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN100, "", HFILL },
1158 { &hf_aim_userclass_unknown200,
1159 { "Unknown bit", "aim.userclass.unknown200", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN200, "", HFILL },
1161 { &hf_aim_userclass_unknown400,
1162 { "Unknown bit", "aim.userclass.unknown400", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN400, "", HFILL },
1164 { &hf_aim_userclass_unknown800,
1165 { "Unknown bit", "aim.userclass.unknown800", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN800, "", HFILL },
1167 { &hf_aim_fnac_flag_next_is_related,
1168 { "Followed By SNAC with related information", "aim.fnac.flags.next_is_related", FT_BOOLEAN, 16, TFS(&flags_set_truth), FNAC_FLAG_NEXT_IS_RELATED, "", HFILL },
1170 { &hf_aim_fnac_flag_contains_version,
1171 { "Contains Version of Family this SNAC is in", "aim.fnac.flags.contains_version", FT_BOOLEAN, 16, TFS(&flags_set_truth), FNAC_FLAG_CONTAINS_VERSION, "", HFILL },
1173 { &hf_aim_userinfo_warninglevel,
1174 { "Warning Level", "aim.userinfo.warninglevel", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1176 { &hf_aim_messageblock_featuresdes,
1177 { "Features", "aim.messageblock.featuresdes", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1179 { &hf_aim_messageblock_featureslen,
1180 { "Features Length", "aim.messageblock.featureslen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1182 { &hf_aim_messageblock_features,
1183 { "Features", "aim.messageblock.features", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL },
1185 { &hf_aim_messageblock_info,
1186 { "Block info", "aim.messageblock.info", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1188 { &hf_aim_messageblock_len,
1189 { "Block length", "aim.messageblock.length", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1191 { &hf_aim_messageblock_charset,
1192 { "Block Character set", "aim.messageblock.charset", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1194 { &hf_aim_messageblock_charsubset,
1195 { "Block Character subset", "aim.messageblock.charsubset", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1197 { &hf_aim_messageblock_message,
1198 { "Message", "aim.messageblock.message", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL },
1202 /* Setup protocol subtree array */
1203 static gint *ett[] = {
1206 &ett_aim_fnac_flags,
1210 &ett_aim_messageblock
1212 module_t *aim_module;
1214 /* Register the protocol name and description */
1215 proto_aim = proto_register_protocol("AOL Instant Messenger", "AIM", "aim");
1217 /* Required function calls to register the header fields and subtrees used */
1218 proto_register_field_array(proto_aim, hf, array_length(hf));
1219 proto_register_subtree_array(ett, array_length(ett));
1221 aim_module = prefs_register_protocol(proto_aim, NULL);
1222 prefs_register_bool_preference(aim_module, "desegment",
1223 "Reassemble AIM messages spanning multiple TCP segments",
1224 "Whether the AIM dissector should reassemble messages spanning multiple TCP segments."
1225 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
1228 subdissector_table = register_dissector_table("aim.family",
1229 "Family ID", FT_UINT16, BASE_HEX);
1233 proto_reg_handoff_aim(void)
1235 dissector_handle_t aim_handle;
1237 aim_handle = new_create_dissector_handle(dissect_aim, proto_aim);
1238 dissector_add("tcp.port", TCP_PORT_AIM, aim_handle);