2 * Routines for AIM Instant Messenger (OSCAR) dissection
3 * Copyright 2000, Ralf Hoelzer <ralf@well.com>
4 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
6 * $Id: packet-aim.c,v 1.36 2004/03/23 07:39:06 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 #include <epan/packet.h>
39 #include <epan/strutil.h>
41 #include "packet-tcp.h"
42 #include "packet-aim.h"
45 #define TCP_PORT_AIM 5190
50 #define CHANNEL_NEW_CONN 0x01
51 #define CHANNEL_SNAC_DATA 0x02
52 #define CHANNEL_FLAP_ERR 0x03
53 #define CHANNEL_CLOSE_CONN 0x04
54 #define CHANNEL_KEEP_ALIVE 0x05
56 #define CLI_COOKIE 0x01
58 #define FAMILY_ALL_ERROR_INVALID_HEADER 0x0001
59 #define FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED 0x0002
60 #define FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED 0x0003
61 #define FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN 0x0004
62 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE 0x0005
63 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED 0x0006
64 #define FAMILY_ALL_ERROR_OBSOLETE_SNAC 0x0007
65 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER 0x0008
66 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT 0x0009
67 #define FAMILY_ALL_ERROR_REFUSED_BY_CLIENT 0x000a
68 #define FAMILY_ALL_ERROR_REPLY_TOO_BIG 0x000b
69 #define FAMILY_ALL_ERROR_RESPONSES_LOST 0x000c
70 #define FAMILY_ALL_ERROR_REQUEST_DENIED 0x000d
71 #define FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT 0x000e
72 #define FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS 0x000f
73 #define FAMILY_ALL_ERROR_RECIPIENT_BLOCKED 0x0010
74 #define FAMILY_ALL_ERROR_SENDER_TOO_EVIL 0x0011
75 #define FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL 0x0012
76 #define FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE 0x0013
77 #define FAMILY_ALL_ERROR_NO_MATCH 0x0014
78 #define FAMILY_ALL_ERROR_LIST_OVERFLOW 0x0015
79 #define FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS 0x0016
80 #define FAMILY_ALL_ERROR_SERVER_QUEUE_FULL 0x0017
81 #define FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL 0x0018
83 static const value_string aim_flap_channels[] = {
84 { CHANNEL_NEW_CONN, "New Connection" },
85 { CHANNEL_SNAC_DATA, "SNAC Data" },
86 { CHANNEL_FLAP_ERR, "FLAP-Level Error" },
87 { CHANNEL_CLOSE_CONN, "Close Connection" },
88 { CHANNEL_KEEP_ALIVE, "Keep Alive" },
92 static const value_string aim_snac_errors[] = {
93 { FAMILY_ALL_ERROR_INVALID_HEADER, "Invalid SNAC Header" },
94 { FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED, "Server rate limit exceeded" },
95 { FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED, "Client rate limit exceeded" },
96 { FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN, "Recipient not logged in" },
97 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE, "Requested service unavailable" },
98 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED, "Requested service not defined" },
99 { FAMILY_ALL_ERROR_OBSOLETE_SNAC, "Obsolete SNAC issued" },
100 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER, "Not supported by server" },
101 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT, "Not supported by client" },
102 { FAMILY_ALL_ERROR_REFUSED_BY_CLIENT, "Refused by client" },
103 { FAMILY_ALL_ERROR_REPLY_TOO_BIG, "Reply too big" },
104 { FAMILY_ALL_ERROR_RESPONSES_LOST, "Responses lost" },
105 { FAMILY_ALL_ERROR_REQUEST_DENIED, "Request denied" },
106 { FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT, "Incorrect SNAC format" },
107 { FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS, "Insufficient rights" },
108 { FAMILY_ALL_ERROR_RECIPIENT_BLOCKED, "Recipient blocked" },
109 { FAMILY_ALL_ERROR_SENDER_TOO_EVIL, "Sender too evil" },
110 { FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL, "Receiver too evil" },
111 { FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE, "User temporarily unavailable" },
112 { FAMILY_ALL_ERROR_NO_MATCH, "No match" },
113 { FAMILY_ALL_ERROR_LIST_OVERFLOW, "List overflow" },
114 { FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS, "Request ambiguous" },
115 { FAMILY_ALL_ERROR_SERVER_QUEUE_FULL, "Server queue full" },
116 { FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL, "Not while on AOL" },
120 #define AIM_TLV_SCREEN_NAME 0x0001
121 #define AIM_TLV_ROASTED_PASSWORD 0x0002
122 #define AIM_TLV_CLIENT_ID_STRING 0x0003
123 #define AIM_TLV_ERRORURL 0x0004
124 #define AIM_TLV_BOS_SERVER_STRING 0x0005
125 #define AIM_TLV_AUTH_COOKIE 0x0006
126 #define AIM_TLV_ERRORCODE 0x0008
127 #define AIM_TLV_GENERIC_SERVICE_ID 0x000d
128 #define AIM_TLV_CLIENT_COUNTRY 0x000e
129 #define AIM_TLV_CLIENT_LANGUAGE 0x000f
130 #define AIM_TLV_EMAILADDR 0x0011
131 #define AIM_TLV_REGSTATUS 0x0013
132 #define AIM_TLV_CLIENT_DISTRIBUTION_NUM 0x0014
133 #define AIM_TLV_CLIENT_ID 0x0016
134 #define AIM_TLV_CLIENT_MAJOR_VERSION 0x0017
135 #define AIM_TLV_CLIENT_MINOR_VERSION 0x0018
136 #define AIM_TLV_CLIENT_LESSER_VERSION 0x0019
137 #define AIM_TLV_CLIENT_BUILD_NUMBER 0x001a
138 #define AIM_TLV_PASSWORD 0x0025
139 #define AIM_TLV_LATESTBETABUILD 0x0040
140 #define AIM_TLV_LATESTBETAURL 0x0041
141 #define AIM_TLV_LATESTBETAINFO 0x0042
142 #define AIM_TLV_LATESTBETANAME 0x0043
143 #define AIM_TLV_LATESTRELEASEBUILD 0x0044
144 #define AIM_TLV_LATESTRELEASEURL 0x0045
145 #define AIM_TLV_LATESTRELEASEINFO 0x0046
146 #define AIM_TLV_LATESTRELEASENAME 0x0047
147 #define AIM_TLV_CLIENTUSESSI 0x004a
149 const aim_tlv global_tlvs[] = {
150 { AIM_TLV_SCREEN_NAME, "Screen name", FT_STRING },
151 { AIM_TLV_ROASTED_PASSWORD, "Roasted password array", FT_BYTES },
152 { AIM_TLV_CLIENT_ID_STRING, "Client id string (name, version)", FT_STRING },
153 { AIM_TLV_CLIENT_ID, "Client id number", FT_UINT16 },
154 { AIM_TLV_CLIENT_MAJOR_VERSION, "Client major version", FT_UINT16 },
155 { AIM_TLV_CLIENT_MINOR_VERSION, "Client minor version", FT_UINT16 },
156 { AIM_TLV_CLIENT_LESSER_VERSION, "Client lesser version", FT_UINT16 },
157 { AIM_TLV_CLIENT_BUILD_NUMBER, "Client build number", FT_UINT16 },
158 { AIM_TLV_CLIENT_DISTRIBUTION_NUM, "Client distribution number", FT_UINT16 },
159 { AIM_TLV_CLIENT_LANGUAGE, "Client language", FT_STRING },
160 { AIM_TLV_CLIENT_COUNTRY, "Client country", FT_STRING },
161 { AIM_TLV_BOS_SERVER_STRING, "BOS server string", FT_STRING },
162 { AIM_TLV_AUTH_COOKIE, "Authorization cookie", FT_BYTES },
163 { AIM_TLV_ERRORURL, "Error URL", FT_STRING },
164 { AIM_TLV_ERRORCODE, "Error Code", FT_UINT16 },
165 { AIM_TLV_EMAILADDR, "Account Email address", FT_STRING },
166 { AIM_TLV_REGSTATUS, "Registration Status", FT_UINT16 },
167 { AIM_TLV_LATESTBETABUILD, "Latest Beta Build", FT_UINT32 },
168 { AIM_TLV_LATESTBETAURL, "Latest Beta URL", FT_STRING },
169 { AIM_TLV_LATESTBETAINFO, "Latest Beta Info", FT_STRING },
170 { AIM_TLV_LATESTBETANAME, "Latest Beta Name", FT_STRING },
171 { AIM_TLV_LATESTRELEASEBUILD, "Latest Release Build", FT_UINT32 },
172 { AIM_TLV_LATESTRELEASEURL, "Latest Release URL", FT_STRING },
173 { AIM_TLV_LATESTRELEASEINFO, "Latest Release Info", FT_STRING },
174 { AIM_TLV_LATESTRELEASENAME, "Latest Release Name", FT_STRING },
175 { AIM_TLV_CLIENTUSESSI, "Use SSI", FT_UINT8 },
176 { AIM_TLV_GENERIC_SERVICE_ID, "Service (Family) ID", FT_UINT16 },
181 #define FAMILY_BUDDYLIST_USERFLAGS 0x0001
182 #define FAMILY_BUDDYLIST_MEMBERSINCE 0x0002
183 #define FAMILY_BUDDYLIST_ONSINCE 0x0003
184 #define FAMILY_BUDDYLIST_IDLETIME 0x0004
185 #define FAMILY_BUDDYLIST_ICQSTATUS 0x0006
186 #define FAMILY_BUDDYLIST_ICQIPADDR 0x000a
187 #define FAMILY_BUDDYLIST_ICQSTUFF 0x000c
188 #define FAMILY_BUDDYLIST_CAPINFO 0x000d
189 #define FAMILY_BUDDYLIST_UNKNOWN 0x000e
190 #define FAMILY_BUDDYLIST_SESSIONLEN 0x000f
191 #define FAMILY_BUDDYLIST_ICQSESSIONLEN 0x0010
193 static const aim_tlv buddylist_tlvs[] = {
194 { FAMILY_BUDDYLIST_USERFLAGS, "User flags", FT_UINT16 },
195 { FAMILY_BUDDYLIST_MEMBERSINCE, "Member since date", FT_UINT32 },
196 { FAMILY_BUDDYLIST_ONSINCE, "Online since", FT_UINT32 },
197 { FAMILY_BUDDYLIST_IDLETIME, "Idle time (sec)", FT_UINT16 },
198 { FAMILY_BUDDYLIST_ICQSTATUS, "ICQ Online status", FT_UINT16 },
199 { FAMILY_BUDDYLIST_ICQIPADDR, "ICQ User IP Address", FT_IPv4 },
200 { FAMILY_BUDDYLIST_ICQSTUFF, "ICQ Info", FT_BYTES },
201 { FAMILY_BUDDYLIST_CAPINFO, "Capability Info", FT_BYTES },
202 { FAMILY_BUDDYLIST_UNKNOWN, "Unknown", FT_UINT16 },
203 { FAMILY_BUDDYLIST_SESSIONLEN, "Session Length (sec)", FT_UINT32 },
204 { FAMILY_BUDDYLIST_SESSIONLEN, "ICQ Session Length (sec)", FT_UINT32 },
211 const value_string *subtypes;
214 static GList *families = NULL;
216 #define FAMILY_GENERIC_MOTD_MOTD 0x000B
218 static const aim_tlv aim_fnac_family_generic_motd_tlv[] = {
219 { FAMILY_GENERIC_MOTD_MOTD, "Message of the day message", FT_STRING },
223 #define FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS 0x0005
224 #define FAMILY_GENERIC_REDIRECT_AUTH_COOKIE 0x0006
225 #define FAMILY_GENERIC_REDIRECT_FAMILY_ID 0x000D
227 static const aim_tlv aim_fnac_family_generic_redirect_tlv[] = {
228 { FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS, "Server address and (optional) port", FT_STRING },
229 { FAMILY_GENERIC_REDIRECT_AUTH_COOKIE, "Authorization cookie", FT_STRING },
230 { FAMILY_GENERIC_REDIRECT_FAMILY_ID, "Family ID", FT_UINT16 },
234 #define FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE 0x0001
235 #define FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE 0x0002
236 #define FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN 0x0003
237 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL 0x0004
238 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS 0x0006
240 static const value_string aim_snac_generic_motd_motdtypes[] = {
241 { FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE, "Mandatory Upgrade Needed Notice" },
242 { FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE, "Advisable Upgrade Notice" },
243 { FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN, "AIM/ICQ Service System Announcements" },
244 { FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL, "Standard Notice" },
245 { FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS, "News from AOL service" },
249 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
250 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset);
251 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
253 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree);
254 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
255 int offset, proto_tree *tree);
256 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
257 int offset, proto_tree *tree);
258 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
259 int offset, proto_tree *tree);
260 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
261 int offset, proto_tree *tree);
262 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
263 int offset, proto_tree *tree);
265 static dissector_table_t subdissector_table;
267 /* Initialize the protocol and registered fields */
268 static int proto_aim = -1;
269 static int hf_aim_cmd_start = -1;
270 static int hf_aim_channel = -1;
271 static int hf_aim_seqno = -1;
272 static int hf_aim_data = -1;
273 static int hf_aim_data_len = -1;
274 static int hf_aim_signon_challenge_len = -1;
275 static int hf_aim_signon_challenge = -1;
276 static int hf_aim_fnac_family = -1;
277 static int hf_aim_fnac_subtype = -1;
278 static int hf_aim_fnac_flags = -1;
279 static int hf_aim_fnac_id = -1;
280 static int hf_aim_infotype = -1;
281 static int hf_aim_buddyname_len = -1;
282 static int hf_aim_buddyname = -1;
283 static int hf_aim_userinfo_warninglevel = -1;
284 static int hf_aim_snac_error = -1;
285 static int hf_aim_userinfo_tlvcount = -1;
286 static int hf_aim_authcookie = -1;
288 /* Initialize the subtree pointers */
289 static gint ett_aim = -1;
290 static gint ett_aim_fnac = -1;
291 static gint ett_aim_tlv = -1;
293 /* desegmentation of AIM over TCP */
294 static gboolean aim_desegment = TRUE;
296 /* Code to actually dissect the packets */
297 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
299 /* check, if this is really an AIM packet, they start with 0x2a */
300 /* XXX - I've seen some stuff starting with 0x5a followed by 0x2a */
302 if(tvb_bytes_exist(tvb, 0, 1) && tvb_get_guint8(tvb, 0) != 0x2a) {
303 /* Not an instant messenger packet, just happened to use the same port */
304 /* XXX - if desegmentation disabled, this might be a continuation
305 packet, not a non-AIM packet */
309 tcp_dissect_pdus(tvb, pinfo, tree, aim_desegment, 6, get_aim_pdu_len,
311 return tvb_length(tvb);
314 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset)
319 * Get the length of the AIM packet.
321 plen = tvb_get_ntohs(tvb, offset + 4);
324 * That length doesn't include the length of the header itself; add that in.
329 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
332 unsigned char hdr_channel; /* channel ID */
333 unsigned short hdr_sequence_no; /* Internal frame sequence number, not needed */
334 unsigned short hdr_data_field_length; /* length of data within frame */
338 /* Set up structures we will need to add the protocol subtree and manage it */
340 proto_tree *aim_tree = NULL;
342 /* Make entries in Protocol column and Info column on summary display */
343 if (check_col(pinfo->cinfo, COL_PROTOCOL))
344 col_set_str(pinfo->cinfo, COL_PROTOCOL, "AIM");
346 if (check_col(pinfo->cinfo, COL_INFO))
347 col_add_str(pinfo->cinfo, COL_INFO, "AOL Instant Messenger");
349 /* get relevant header information */
350 offset += 1; /* XXX - put the identifier into the tree? */
351 hdr_channel = tvb_get_guint8(tvb, offset);
353 hdr_sequence_no = tvb_get_ntohs(tvb, offset);
355 hdr_data_field_length = tvb_get_ntohs(tvb, offset);
358 /* In the interest of speed, if "tree" is NULL, don't do any work not
359 necessary to generate protocol tree items. */
361 ti = proto_tree_add_item(tree, proto_aim, tvb, 0, -1, FALSE);
362 aim_tree = proto_item_add_subtree(ti, ett_aim);
363 proto_tree_add_uint(aim_tree, hf_aim_cmd_start, tvb, 0, 1, '*');
364 proto_tree_add_item(aim_tree, hf_aim_channel, tvb, 1, 1, FALSE);
365 proto_tree_add_uint(aim_tree, hf_aim_seqno, tvb, 2, 2, hdr_sequence_no);
366 proto_tree_add_uint(aim_tree, hf_aim_data_len, tvb, 4, 2, hdr_data_field_length);
372 case CHANNEL_NEW_CONN:
373 dissect_aim_newconn(tvb, pinfo, offset, aim_tree);
375 case CHANNEL_SNAC_DATA:
376 dissect_aim_snac(tvb, pinfo, offset, aim_tree);
378 case CHANNEL_FLAP_ERR:
379 dissect_aim_flap_err(tvb, pinfo, offset, aim_tree);
381 case CHANNEL_CLOSE_CONN:
382 dissect_aim_close_conn(tvb, pinfo, offset, aim_tree);
384 case CHANNEL_KEEP_ALIVE:
385 dissect_aim_keep_alive(tvb, pinfo, offset, aim_tree);
388 dissect_aim_unknown_channel(tvb, pinfo, offset, aim_tree);
394 const char *aim_get_subtypename( guint16 famnum, guint16 subtype )
396 GList *gl = families;
398 struct aim_family *fam = gl->data;
399 if(fam->family == famnum) return match_strval(subtype, fam->subtypes);
407 const char *aim_get_familyname( guint16 famnum )
409 GList *gl = families;
411 struct aim_family *fam = gl->data;
412 if(fam->family == famnum) return fam->name;
419 int aim_get_buddyname( char *name, tvbuff_t *tvb, int len_offset, int name_offset)
421 guint8 buddyname_length;
423 buddyname_length = tvb_get_guint8(tvb, len_offset);
425 if(buddyname_length > MAX_BUDDYNAME_LENGTH ) buddyname_length = MAX_BUDDYNAME_LENGTH;
426 tvb_get_nstringz0(tvb, name_offset, buddyname_length + 1, name);
428 return buddyname_length;
432 void aim_get_message( guchar *msg, tvbuff_t *tvb, int msg_offset, int msg_length)
436 int max, tagchars = 0;
437 int new_offset = msg_offset;
438 int new_length = msg_length;
442 /* make sure nothing bigger than 1000 bytes is printed */
443 if( msg_length > 999 ) return;
445 memset( msg, '\0', 1000);
449 /* loop until HTML tag is reached - quick&dirty way to find start of message
450 * (it is nearly impossible to find the correct start offset for all client versions) */
451 while( (tagchars < 6) && (new_length > 5) )
453 j = tvb_get_guint8(tvb, new_offset);
454 if( ( (j == '<') && (tagchars == 0) ) ||
455 ( (j == 'h') && (tagchars == 1) ) ||
456 ( (j == 'H') && (tagchars == 1) ) ||
457 ( (j == 't') && (tagchars == 2) ) ||
458 ( (j == 'T') && (tagchars == 2) ) ||
459 ( (j == 'm') && (tagchars == 3) ) ||
460 ( (j == 'M') && (tagchars == 3) ) ||
461 ( (j == 'l') && (tagchars == 4) ) ||
462 ( (j == 'L') && (tagchars == 4) ) ||
463 ( (j == '>') && (tagchars == 5) ) ) tagchars++;
468 /* set offset and length of message to after the first HTML tag */
469 msg_offset = new_offset;
470 msg_length = new_length;
471 max = msg_length - 1;
474 /* find the rest of the message until either a </html> is reached or the end of the frame.
475 * All other HTML tags are stripped to display only the raw message (printable characters) */
476 while( (c < max) && (tagchars < 7) )
478 j = tvb_get_guint8(tvb, msg_offset+c);
481 /* make sure this is an HTML tag by checking the order of the chars */
482 if( ( (j == '<') && (tagchars == 0) ) ||
483 ( (j == '/') && (tagchars == 1) ) ||
484 ( (j == 'h') && (tagchars == 2) ) ||
485 ( (j == 'H') && (tagchars == 2) ) ||
486 ( (j == 't') && (tagchars == 3) ) ||
487 ( (j == 'T') && (tagchars == 3) ) ||
488 ( (j == 'm') && (tagchars == 4) ) ||
489 ( (j == 'M') && (tagchars == 4) ) ||
490 ( (j == 'l') && (tagchars == 5) ) ||
491 ( (j == 'L') && (tagchars == 5) ) ||
492 ( (j == '>') && (tagchars == 6) ) ) tagchars++;
495 if( j == '<' ) bracket = TRUE;
496 if( j == '>' ) bracket = FALSE;
497 if( (isprint(j) ) && (bracket == FALSE) && (j != '>'))
509 void aim_init_family(guint16 family, const char *name, const value_string *subtypes)
511 struct aim_family *fam = g_new(struct aim_family, 1);
512 fam->name = g_strdup(name);
513 fam->family = family;
514 fam->subtypes = subtypes;
515 families = g_list_append(families, fam);
518 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo,
519 int offset, proto_tree *tree)
521 if (check_col(pinfo->cinfo, COL_INFO))
522 col_add_fstr(pinfo->cinfo, COL_INFO, "New Connection");
524 if (tvb_length_remaining(tvb, offset) > 0) {
525 proto_tree_add_item(tree, hf_aim_authcookie, tvb, offset, 4, FALSE);
527 while(tvb_length_remaining(tvb, offset) > 0) {
528 offset = dissect_aim_tlv(tvb, pinfo, offset, tree);
532 if (tvb_length_remaining(tvb, offset) > 0)
533 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
537 int dissect_aim_snac_error(tvbuff_t *tvb, packet_info *pinfo,
538 int offset, proto_tree *aim_tree)
541 if ((name = match_strval(tvb_get_ntohs(tvb, offset), aim_snac_errors)) != NULL) {
542 if (check_col(pinfo->cinfo, COL_INFO))
543 col_add_fstr(pinfo->cinfo, COL_INFO, name);
546 proto_tree_add_item (aim_tree, hf_aim_snac_error,
547 tvb, offset, 2, FALSE);
548 return tvb_length_remaining(tvb, 2);
551 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
552 int offset, proto_tree *aim_tree)
559 struct aiminfo aiminfo;
560 const char *fam_name, *subtype_name;
561 proto_tree *aim_tree_fnac = NULL;
565 orig_offset = offset;
566 family = tvb_get_ntohs(tvb, offset);
567 fam_name = aim_get_familyname(family);
569 subtype = tvb_get_ntohs(tvb, offset);
570 subtype_name = aim_get_subtypename(family, subtype);
572 flags = tvb_get_ntohs(tvb, offset);
574 id = tvb_get_ntohl(tvb, offset);
577 if (check_col(pinfo->cinfo, COL_INFO)) {
578 col_add_fstr(pinfo->cinfo, COL_INFO, "SNAC data");
583 offset = orig_offset;
584 ti1 = proto_tree_add_text(aim_tree, tvb, 6, 10, "FNAC");
585 aim_tree_fnac = proto_item_add_subtree(ti1, ett_aim_fnac);
587 proto_tree_add_text (aim_tree_fnac,
588 tvb, offset, 2, "Family: %s (0x%04x)", fam_name?fam_name:"Unknown", family);
591 proto_tree_add_text (aim_tree_fnac,
592 tvb, offset, 2, "Subtype: %s (0x%04x)", subtype_name?subtype_name:"Unknown", subtype);
595 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_flags, tvb, offset,
598 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_id, tvb, offset,
603 subtvb = tvb_new_subset(tvb, offset, -1, -1);
604 aiminfo.tcpinfo = pinfo->private_data;
605 aiminfo.family = family;
606 aiminfo.subtype = subtype;
607 pinfo->private_data = &aiminfo;
609 if (check_col(pinfo->cinfo, COL_INFO)) {
610 if(fam_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", fam_name);
611 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Family: 0x%04x", family);
612 if(subtype_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", subtype_name);
613 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Subtype: 0x%04x", subtype);
616 if(tvb_length_remaining(tvb,offset) == 0 || !dissector_try_port(subdissector_table, family, subtvb, pinfo, aim_tree)) {
617 /* Show the undissected payload */
618 if (tvb_length_remaining(tvb, offset) > 0)
619 proto_tree_add_item(aim_tree, hf_aim_data, tvb, offset, -1, FALSE);
623 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
624 int offset, proto_tree *tree)
626 if (check_col(pinfo->cinfo, COL_INFO)) {
627 col_add_fstr(pinfo->cinfo, COL_INFO, "FLAP error");
630 /* Show the undissected payload */
631 if (tvb_length_remaining(tvb, offset) > 0)
632 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
635 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
636 int offset, proto_tree *tree)
638 if (check_col(pinfo->cinfo, COL_INFO)) {
639 col_add_fstr(pinfo->cinfo, COL_INFO, "Keep Alive");
642 /* Show the undissected payload */
643 if (tvb_length_remaining(tvb, offset) > 0)
644 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
647 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
648 int offset, proto_tree *tree)
650 if (check_col(pinfo->cinfo, COL_INFO)) {
651 col_add_fstr(pinfo->cinfo, COL_INFO, "Close Connection");
654 while(tvb_length_remaining(tvb, offset) > 0) {
655 offset = dissect_aim_tlv(tvb, pinfo, offset, tree);
659 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
660 int offset, proto_tree *tree)
662 if (check_col(pinfo->cinfo, COL_INFO)) {
663 col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown Channel");
666 /* Show the undissected payload */
667 if (tvb_length_remaining(tvb, offset) > 0)
668 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
672 int dissect_aim_tlv(tvbuff_t *tvb, packet_info *pinfo _U_,
673 int offset, proto_tree *tree)
675 return dissect_aim_tlv_specific(tvb, pinfo, offset, tree, global_tlvs);
679 int dissect_aim_tlv_buddylist(tvbuff_t *tvb, packet_info *pinfo _U_,
680 int offset, proto_tree *tree)
683 return dissect_aim_tlv_specific(tvb, pinfo, offset, tree, buddylist_tlvs);
686 /* Dissect a TLV value */
687 int dissect_aim_tlv_specific(tvbuff_t *tvb, packet_info *pinfo _U_,
688 int offset, proto_tree *tree, const aim_tlv *tlv)
695 proto_tree *tlv_tree;
700 /* Record the starting offset so we can reuse it at the second pass */
701 orig_offset = offset;
703 /* Get the value ID */
704 valueid = tvb_get_ntohs(tvb, offset);
707 /* Figure out which entry applies from the tlv list */
709 while (tmp[i].valueid) {
710 if (tmp[i].valueid == valueid) {
711 /* We found a match */
717 /* At this point, we are either pointing at the correct record, or
718 we didn't find the record, and are pointing at the last item in the
721 length = tvb_get_ntohs(tvb, offset);
726 offset = orig_offset;
728 /* Show the info in the top of the tree if it's one of the standard
730 if (tmp[i].datatype == FT_STRING && length > 0) {
732 buf = tvb_get_string(tvb, offset + 4, length);
733 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4,
734 "%s: %s", tmp[i].desc, buf);
737 else if (tmp[i].datatype == FT_UINT16) {
738 value16 = tvb_get_ntohs(tvb, offset + 4);
739 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4,
740 "%s: %d", tmp[i].desc, value16);
742 else if (tmp[i].datatype == FT_UINT32) {
743 value32 = tvb_get_ntohl(tvb, offset + 4);
744 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4,
745 "%s: %d", tmp[i].desc, value32);
748 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4,
752 tlv_tree = proto_item_add_subtree(ti1, ett_aim_tlv);
754 proto_tree_add_text(tlv_tree, tvb, offset, 2,
755 "Value ID: %s (0x%04x)", tmp[i].desc, valueid);
758 proto_tree_add_text(tlv_tree, tvb, offset, 2,
759 "Length: %d", length);
762 ti1 = proto_tree_add_text(tlv_tree, tvb, offset, length,
767 /* Return the new length */
772 /* Register the protocol with Ethereal */
774 proto_register_aim(void)
777 /* Setup list of header fields */
778 static hf_register_info hf[] = {
780 { "Command Start", "aim.cmd_start", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }
783 { "Channel ID", "aim.channel", FT_UINT8, BASE_HEX, VALS(aim_flap_channels), 0x0, "", HFILL }
786 { "Sequence Number", "aim.seqno", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
788 { &hf_aim_authcookie,
789 { "Authentication Cookie", "aim.authcookie", FT_BYTES, BASE_DEC, NULL, 0x0, "", HFILL },
792 { "Data Field Length", "aim.datalen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
795 { "Data", "aim.data", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }
797 { &hf_aim_signon_challenge_len,
798 { "Signon challenge length", "aim.signon.challengelen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
800 { &hf_aim_signon_challenge,
801 { "Signon challenge", "aim.signon.challenge", FT_STRING, BASE_HEX, NULL, 0x0, "", HFILL }
803 { &hf_aim_fnac_family,
804 { "FNAC Family ID", "aim.fnac.family", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
806 { &hf_aim_fnac_subtype,
807 { "FNAC Subtype ID", "aim.fnac.subtype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
809 { &hf_aim_fnac_flags,
810 { "FNAC Flags", "aim.fnac.flags", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
813 { "FNAC ID", "aim.fnac.id", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }
816 { "Infotype", "aim.infotype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
818 { &hf_aim_buddyname_len,
819 { "Buddyname len", "aim.buddynamelen", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
822 { "Buddy Name", "aim.buddyname", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }
824 { &hf_aim_userinfo_warninglevel,
825 { "Warning Level", "aim.userinfo.warninglevel", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
827 { &hf_aim_userinfo_tlvcount,
828 { "TLV Count", "aim.userinfo.tlvcount", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
830 { &hf_aim_snac_error,
831 { "SNAC Error", "aim.snac.error", FT_UINT16,
832 BASE_HEX, VALS(aim_snac_errors), 0x0, "", HFILL },
836 /* Setup protocol subtree array */
837 static gint *ett[] = {
842 module_t *aim_module;
844 /* Register the protocol name and description */
845 proto_aim = proto_register_protocol("AOL Instant Messenger", "AIM", "aim");
847 /* Required function calls to register the header fields and subtrees used */
848 proto_register_field_array(proto_aim, hf, array_length(hf));
849 proto_register_subtree_array(ett, array_length(ett));
851 aim_module = prefs_register_protocol(proto_aim, NULL);
852 prefs_register_bool_preference(aim_module, "desegment",
853 "Desegment all AIM messages spanning multiple TCP segments",
854 "Whether the AIM dissector should desegment all messages spanning multiple TCP segments",
857 subdissector_table = register_dissector_table("aim.family",
858 "Family ID", FT_UINT16, BASE_HEX);
862 proto_reg_handoff_aim(void)
864 dissector_handle_t aim_handle;
866 aim_handle = new_create_dissector_handle(dissect_aim, proto_aim);
867 dissector_add("tcp.port", TCP_PORT_AIM, aim_handle);