2 * Routines for BT-UTP dissection
3 * Copyright 2011, Xiao Xiangquan <xiaoxiangquan@gmail.com>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1999 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 #include <epan/packet.h>
30 #include <epan/prefs.h>
32 #define DEFAULT_UDP_PORT 55627
43 /* V0 hdr: "flags"; V1 hdr: "type" */
44 static const value_string bt_utp_type_vals[] = {
47 { ST_STATE, "State" },
48 { ST_RESET, "Reset" },
55 EXT_SELECTION_ACKS = 1,
56 EXT_EXTENSION_BITS = 2,
60 static const value_string bt_utp_extension_type_vals[] = {
61 { EXT_NO_EXTENSION, "No Extension" },
62 { EXT_SELECTION_ACKS, "Selective acks" },
63 { EXT_EXTENSION_BITS, "Extension bits" },
67 static int proto_bt_utp = -1;
69 /* --- "Original" utp Header ("version 0" ?) --------------
71 See utp.cpp source code @ https://github.com/bittorrent/libutp
75 +-------+-------+---------------+---------------+---------------+
77 +-------+-------+---------------+---------------+---------------+
79 +---------------+---------------+---------------+---------------+
80 | timestamp_microseconds |
81 +---------------+---------------+---------------+---------------+
82 | timestamp_difference_microseconds |
83 +---------------+---------------+---------------+---------------+
84 | wnd_size | ext | flags | seq_nr [ho] |
85 +---------------+---------------+---------------+---------------+
86 | seq_nr [lo] | ack_nr |
87 +---------------+---------------+---------------+
89 -- Extension Field(s) --
92 +---------------+---------------+---------------+---------------+
93 | extension | len | bitmask
94 +---------------+---------------+---------------+---------------+
96 +---------------+---------------+....
100 /* --- Version 1 Header ----------------
102 Specifications: BEP-0029
103 http://www.bittorrent.org/beps/bep_0029.html
108 +-------+-------+---------------+---------------+---------------+
109 | ver | type | extension | connection_id |
110 +-------+-------+---------------+---------------+---------------+
111 | timestamp_microseconds |
112 +---------------+---------------+---------------+---------------+
113 | timestamp_difference_microseconds |
114 +---------------+---------------+---------------+---------------+
116 +---------------+---------------+---------------+---------------+
118 +---------------+---------------+---------------+---------------+
120 XXX: It appears that the above is to be interpreted as indicating
121 that 'ver' is in the low-order 4 bits of byte 0 (mask: 0x0f).
122 (See utp.cpp @ https://github.com/bittorrent/libutp)
124 -- Extension Field(s) --
126 +---------------+---------------+---------------+---------------+
127 | extension | len | bitmask
128 +---------------+---------------+---------------+---------------+
130 +---------------+---------------+....
133 #define V1_FIXED_HDR_SIZE 20
135 static int hf_bt_utp_ver = -1;
136 static int hf_bt_utp_type = -1;
137 static int hf_bt_utp_flags = -1;
138 static int hf_bt_utp_extension = -1;
139 static int hf_bt_utp_next_extension_type = -1;
140 static int hf_bt_utp_extension_len = -1;
141 static int hf_bt_utp_extension_bitmask = -1;
142 static int hf_bt_utp_extension_unknown = -1;
143 static int hf_bt_utp_connection_id_v0 = -1;
144 static int hf_bt_utp_connection_id_v1 = -1;
145 static int hf_bt_utp_timestamp_sec = -1;
146 static int hf_bt_utp_timestamp_us = -1;
147 static int hf_bt_utp_timestamp_diff_us = -1;
148 static int hf_bt_utp_wnd_size_v0 = -1;
149 static int hf_bt_utp_wnd_size_v1 = -1;
150 static int hf_bt_utp_seq_nr = -1;
151 static int hf_bt_utp_ack_nr = -1;
153 static gint ett_bt_utp = -1;
154 static gint ett_bt_utp_extension = -1;
156 static guint global_bt_utp_udp_port = DEFAULT_UDP_PORT;
158 void proto_reg_handoff_bt_utp(void);
161 utp_is_v1(tvbuff_t *tvb) {
166 v1_ver_type = tvb_get_guint8(tvb, 0);
167 v1_ext = tvb_get_guint8(tvb, 1);
169 if (((v1_ver_type & 0x0f) != 1) ||
170 ((v1_ver_type>>4) >= ST_NUM_STATES) ||
171 (v1_ext >= EXT_NUM_EXT)) {
172 return FALSE; /* Not V1 (or corrupt) */
175 /* The simple heuristic above (based upon code from utp.cpp) suggests the header is "V1";
176 * However, based upon a capture seen, the simple heuristic does not appear to be sufficient.
177 * So: Also do some length checking:
178 * The length of "V1" frames should be 20, 26, 30, 34, 36, 38, ...
180 * extension(s) len: 6, 10, 14, 16, 18, 20, ...
181 * XXX: this is a hack and should be replaced !!
182 * In fact this heuristic probably fails for some SF_DATA packets since they
183 * presumably can contain a variable number of data bytes after the header.
185 len = tvb_reported_length(tvb);
186 if (len < V1_FIXED_HDR_SIZE) {
187 return TRUE; /* Invalid ?: pretend V1 anyways */
189 len -= V1_FIXED_HDR_SIZE;
194 ((len > 14) && (len%2 == 0))) {
195 return TRUE; /* looks like V1 */
197 return FALSE; /* Not V1 (or corrupt) */
201 dissect_utp_header_v0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint8 *extension_type)
203 /* "Original" (V0) */
204 proto_tree_add_item(tree, hf_bt_utp_connection_id_v0, tvb, offset, 4, FALSE);
206 proto_tree_add_item(tree, hf_bt_utp_timestamp_sec, tvb, offset, 4, FALSE);
208 proto_tree_add_item(tree, hf_bt_utp_timestamp_us, tvb, offset, 4, FALSE);
210 proto_tree_add_item(tree, hf_bt_utp_timestamp_diff_us, tvb, offset, 4, FALSE);
212 proto_tree_add_item(tree, hf_bt_utp_wnd_size_v0, tvb, offset, 1, FALSE);
214 proto_tree_add_item(tree, hf_bt_utp_next_extension_type, tvb, offset, 1, FALSE);
216 *extension_type = tvb_get_guint8(tvb, offset);
218 proto_tree_add_item(tree, hf_bt_utp_flags, tvb, offset, 1, FALSE);
219 col_append_fstr(pinfo->cinfo, COL_INFO, " Type: %s", val_to_str(tvb_get_guint8(tvb, offset), bt_utp_type_vals, "Unknown %d"));
221 proto_tree_add_item(tree, hf_bt_utp_seq_nr, tvb, offset, 2, FALSE);
223 proto_tree_add_item(tree, hf_bt_utp_ack_nr, tvb, offset, 2, FALSE);
230 dissect_utp_header_v1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint8 *extension_type)
233 /* Strange: Contrary to BEP-29, in LibuTP (utp.cpp) the first byte has the following definition:
234 packet_type (4 high bits)
235 protocol version (4 low bits)
237 proto_tree_add_item(tree, hf_bt_utp_ver, tvb, offset, 1, FALSE);
238 proto_tree_add_item(tree, hf_bt_utp_type, tvb, offset, 1, FALSE);
239 col_append_fstr(pinfo->cinfo, COL_INFO, " Type: %s", val_to_str((tvb_get_guint8(tvb, offset) >> 4), bt_utp_type_vals, "Unknown %d"));
241 proto_tree_add_item(tree, hf_bt_utp_next_extension_type, tvb, offset, 1, FALSE);
242 *extension_type = tvb_get_guint8(tvb, offset);
244 proto_tree_add_item(tree, hf_bt_utp_connection_id_v1, tvb, offset, 2, FALSE);
246 proto_tree_add_item(tree, hf_bt_utp_timestamp_us, tvb, offset, 4, FALSE);
248 proto_tree_add_item(tree, hf_bt_utp_timestamp_diff_us, tvb, offset, 4, FALSE);
250 proto_tree_add_item(tree, hf_bt_utp_wnd_size_v1, tvb, offset, 4, FALSE);
252 proto_tree_add_item(tree, hf_bt_utp_seq_nr, tvb, offset, 2, FALSE);
254 proto_tree_add_item(tree, hf_bt_utp_ack_nr, tvb, offset, 2, FALSE);
261 dissect_utp_extension(tvbuff_t *tvb, packet_info _U_*pinfo, proto_tree *tree, int offset, guint8 *extension_type)
264 proto_tree *ext_tree;
265 guint8 extension_length;
266 /* display the extension tree */
268 /* XXX: This code loops thru the packet bytes until reaching the end of the PDU
269 * ignoring the "end-of-list" [EXT_NO_EXTENSION] extension type.
270 * Should we just quit when EXT_NO_EXTENSION is encountered ?
272 while(offset < (int)tvb_reported_length(tvb))
274 switch(*extension_type){
275 case EXT_SELECTION_ACKS: /* 1 */
277 ti = proto_tree_add_item(tree, hf_bt_utp_extension, tvb, offset, -1, ENC_NA);
278 ext_tree = proto_item_add_subtree(ti, ett_bt_utp_extension);
280 proto_tree_add_item(ext_tree, hf_bt_utp_next_extension_type, tvb, offset, 1, FALSE);
281 *extension_type = tvb_get_guint8(tvb, offset);
284 proto_tree_add_item(ext_tree, hf_bt_utp_extension_len, tvb, offset, 1, FALSE);
285 extension_length = tvb_get_guint8(tvb, offset);
286 proto_item_append_text(ti, " Selection Acks, Len=%d", extension_length);
289 proto_tree_add_item(ext_tree, hf_bt_utp_extension_bitmask, tvb, offset, extension_length, ENC_NA);
290 offset += extension_length;
291 proto_item_set_len(ti, 1 + 1 + extension_length);
294 case EXT_EXTENSION_BITS: /* 2 */
296 ti = proto_tree_add_item(tree, hf_bt_utp_extension, tvb, offset, -1, ENC_NA);
297 ext_tree = proto_item_add_subtree(ti, ett_bt_utp_extension);
299 proto_tree_add_item(ext_tree, hf_bt_utp_next_extension_type, tvb, offset, 1, FALSE);
300 *extension_type = tvb_get_guint8(tvb, offset);
303 proto_tree_add_item(ext_tree, hf_bt_utp_extension_len, tvb, offset, 1, FALSE);
304 extension_length = tvb_get_guint8(tvb, offset);
305 proto_item_append_text(ti, " Extension Bits, Len=%d", extension_length);
308 proto_tree_add_item(ext_tree, hf_bt_utp_extension_bitmask, tvb, offset, extension_length, ENC_NA);
309 offset += extension_length;
310 proto_item_set_len(ti, 1 + 1 + extension_length);
314 ti = proto_tree_add_item(tree, hf_bt_utp_extension, tvb, offset, -1, ENC_NA);
315 ext_tree = proto_item_add_subtree(ti, ett_bt_utp_extension);
317 proto_tree_add_item(ext_tree, hf_bt_utp_next_extension_type, tvb, offset, 1, FALSE);
318 *extension_type = tvb_get_guint8(tvb, offset);
321 proto_tree_add_item(ext_tree, hf_bt_utp_extension_len, tvb, offset, 1, FALSE);
322 extension_length = tvb_get_guint8(tvb, offset);
323 proto_item_append_text(ti, " Unknown, Len=%d", extension_length);
326 proto_tree_add_item(ext_tree, hf_bt_utp_extension_unknown, tvb, offset, extension_length, ENC_NA);
327 offset += extension_length;
328 proto_item_set_len(ti, 1 + 1 + extension_length);
337 dissect_bt_utp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
339 proto_tree *sub_tree = NULL;
340 int decoded_length = 0;
341 guint8 extension_type;
343 /* set the protocol column */
344 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BT-uTP");
345 /* set the info column */
346 col_set_str( pinfo->cinfo, COL_INFO, "uTorrent Transport Protocol" );
351 ti = proto_tree_add_item(tree, proto_bt_utp, tvb, 0, -1, FALSE);
352 sub_tree = proto_item_add_subtree(ti, ett_bt_utp);
355 /* Determine header version */
357 if (!utp_is_v1(tvb)) {
358 decoded_length = dissect_utp_header_v0(tvb, pinfo, sub_tree, decoded_length, &extension_type);
360 decoded_length = dissect_utp_header_v1(tvb, pinfo, sub_tree, decoded_length, &extension_type);
363 decoded_length = dissect_utp_extension(tvb, pinfo, sub_tree, decoded_length, &extension_type);
365 return decoded_length;
369 proto_register_bt_utp(void)
371 static hf_register_info hf[] = {
373 { "Version", "bt-utp.ver",
374 FT_UINT8, BASE_DEC, NULL, 0x0F,
378 { "Flags", "bt-utp.flags",
379 FT_UINT8, BASE_DEC, VALS(bt_utp_type_vals), 0x0,
383 { "Type", "bt-utp.type",
384 FT_UINT8, BASE_DEC, VALS(bt_utp_type_vals), 0xF0,
387 { &hf_bt_utp_extension,
388 { "Extension", "bt-utp.extension",
389 FT_NONE, BASE_NONE, NULL, 0x0,
392 { &hf_bt_utp_next_extension_type,
393 { "Next Extension Type", "bt-utp.next_extension_type",
394 FT_UINT8, BASE_DEC, VALS(bt_utp_extension_type_vals), 0x0,
397 { &hf_bt_utp_extension_len,
398 { "Extension Length", "bt-utp.extension_len",
399 FT_UINT8, BASE_DEC, NULL, 0x0,
402 { &hf_bt_utp_extension_bitmask,
403 { "Extension Bitmask", "bt-utp.extension_bitmask",
404 FT_BYTES, BASE_NONE, NULL, 0x0,
407 { &hf_bt_utp_extension_unknown,
408 { "Extension Unknown", "bt-utp.extension_unknown",
409 FT_BYTES, BASE_NONE, NULL, 0x0,
412 { &hf_bt_utp_connection_id_v0,
413 { "Connection ID", "bt-utp.connection_id",
414 FT_UINT32, BASE_DEC, NULL, 0x0,
417 { &hf_bt_utp_connection_id_v1,
418 { "Connection ID", "bt-utp.connection_id",
419 FT_UINT16, BASE_DEC, NULL, 0x0,
422 { &hf_bt_utp_timestamp_sec,
423 { "Timestamp seconds", "bt-utp.timestamp_sec",
424 FT_UINT32, BASE_DEC, NULL, 0x0,
427 { &hf_bt_utp_timestamp_us,
428 { "Timestamp Microseconds", "bt-utp.timestamp_us",
429 FT_UINT32, BASE_DEC, NULL, 0x0,
432 { &hf_bt_utp_timestamp_diff_us,
433 { "Timestamp Difference Microseconds", "bt-utp.timestamp_diff_us",
434 FT_UINT32, BASE_DEC, NULL, 0x0,
437 { &hf_bt_utp_wnd_size_v0,
438 { "Windows Size", "bt-utp.wnd_size",
439 FT_UINT8, BASE_DEC, NULL, 0x0,
442 { &hf_bt_utp_wnd_size_v1,
443 { "Windows Size", "bt-utp.wnd_size",
444 FT_UINT32, BASE_DEC, NULL, 0x0,
448 { "Sequence NR", "bt-utp.seq_nr",
449 FT_UINT16, BASE_DEC, NULL, 0x0,
453 { "ACK NR", "bt-utp.ack_nr",
454 FT_UINT16, BASE_DEC, NULL, 0x0,
459 /* Setup protocol subtree array */
460 static gint *ett[] = { &ett_bt_utp, &ett_bt_utp_extension };
462 module_t *bt_utp_module;
464 /* Register protocol */
465 proto_bt_utp = proto_register_protocol (
466 "uTorrent Transport Protocol", /* name */
467 "BT-uTP", /* short name */
468 "bt-utp" /* abbrev */
471 proto_register_field_array(proto_bt_utp, hf, array_length(hf));
472 proto_register_subtree_array(ett, array_length(ett));
473 new_register_dissector("bt-utp", dissect_bt_utp, proto_bt_utp);
475 /* Register our configuration options */
476 bt_utp_module = prefs_register_protocol(proto_bt_utp, proto_reg_handoff_bt_utp);
478 prefs_register_uint_preference(bt_utp_module, "udp_port",
479 "uTorrent Transport Protocol UDP port",
480 "Set the UDP port for uTorrent Transport Protocol.",
481 10, &global_bt_utp_udp_port);
485 proto_reg_handoff_bt_utp(void)
487 static gboolean bt_utp_prefs_initialized = FALSE;
488 static dissector_handle_t bt_utp_handle;
489 static guint bt_utp_udp_port;
491 if (!bt_utp_prefs_initialized)
493 bt_utp_handle = new_create_dissector_handle(dissect_bt_utp, proto_bt_utp);
494 bt_utp_prefs_initialized = TRUE;
498 dissector_delete_uint("udp.port", bt_utp_udp_port, bt_utp_handle);
501 /* Set our port number for future use */
502 bt_utp_udp_port = global_bt_utp_udp_port;
503 dissector_add_uint("udp.port", global_bt_utp_udp_port, bt_utp_handle);
511 * indent-tabs-mode: nil
514 * ex: set shiftwidth=2 tabstop=8 expandtab:
515 * :indentSize=2:tabSize=8:noTabs=true: