epan/dissectors/packet-mactelnet.c

   1 /* packet-mactelnet.c
   2  * Routines for MAC-Telnet dissection
   3  * Copyright 2010, Haakon Nessjoen <haakon.nessjoen@gmail.com>
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or modify
  12  * it under the terms of the GNU General Public License as published by
  13  * the Free Software Foundation; either version 2 of the License, or
  14  * (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License along
  22  * with this program; if not, write to the Free Software Foundation, Inc.,
  23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  24  */
  25
  26 /*
  27  * Thanks to "omniflux" for dissecting the protocol by hand before me.
  28  * http://www.omniflux.com/devel/mikrotik/Mikrotik_MAC_Telnet_Procotol.txt
  29  */
  30
  31 #ifdef HAVE_CONFIG_H
  32 # include "config.h"
  33 #endif
  34
  35 #include <glib.h>
  36 #include <string.h>
  37
  38 #include <epan/packet.h>
  39 #include <epan/prefs.h>
  40 #include <epan/addr_resolv.h>
  41
  42 #define PROTO_TAG_MACTELNET "MAC-Telnet"
  43
  44 void proto_reg_handoff_mactelnet(void);
  45
  46 /* Initialize the protocol and registered fields */
  47 static gint proto_mactelnet = -1;
  48 static gint hf_mactelnet_control_packet = -1;
  49 static gint hf_mactelnet_type = -1;
  50 static gint hf_mactelnet_protocolver = -1;
  51 static gint hf_mactelnet_source_mac = -1;
  52 static gint hf_mactelnet_destination_mac = -1;
  53 static gint hf_mactelnet_session_id = -1;
  54 static gint hf_mactelnet_client_type = -1;
  55 static gint hf_mactelnet_databytes = -1;
  56 static gint hf_mactelnet_datatype = -1;
  57 static gint hf_mactelnet_control = -1;
  58 static gint hf_mactelnet_control_length = -1;
  59 static gint hf_mactelnet_control_encryption_key = -1;
  60 static gint hf_mactelnet_control_password = -1;
  61 static gint hf_mactelnet_control_username = -1;
  62 static gint hf_mactelnet_control_terminal = -1;
  63 static gint hf_mactelnet_control_width = -1;
  64 static gint hf_mactelnet_control_height = -1;
  65
  66 /* Global port preference */
  67 static guint global_mactelnet_port = 20561;
  68
  69 /* Control packet definition */
  70 static const guint32 control_packet = 0x563412FF;
  71
  72 /* Initialize the subtree pointers */
  73 static gint ett_mactelnet = -1;
  74 static gint ett_mactelnet_control = -1;
  75
  76 static dissector_handle_t data_handle;
  77
  78 /* Packet types */
  79 static const value_string packettypenames[] = {
  80         { 0, "Start session" },
  81         { 1, "Data" },
  82         { 2, "Acknowledge" },
  83         { 255, "End session" },
  84         { 0, NULL }
  85 };
  86
  87 /* Known client types */
  88 static const value_string clienttypenames[] = {
  89         { 0x0015, "MAC Telnet" },
  90         { 0x0f90, "Winbox" },
  91         { 0, NULL }
  92 };
  93
  94 /* Known control-packet types */
  95 static const value_string controlpackettypenames[] = {
  96         { 0, "Begin authentication" },
  97         { 1, "Encryption key" },
  98         { 2, "Password" },
  99         { 3, "Username" },
 100         { 4, "Terminal type" },
 101         { 5, "Terminal width" },
 102         { 6, "Terminal height" },
 103         { 9, "End authentication" },
 104         { 0, NULL }
 105 };
 106
 107
 108 static int
 109 dissect_mactelnet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 110 {
 111         proto_item *mactelnet_item;
 112         proto_tree *mactelnet_tree;
 113         proto_item *mactelnet_control_item;
 114         proto_tree *mactelnet_control_tree;
 115         guint16 type;
 116
 117         /* Check that there's enough data */
 118         if (tvb_length(tvb) < 22)
 119                 return 0;
 120
 121         /* Make entries in Protocol column and Info column on summary display */
 122         col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_MACTELNET);
 123
 124         /*  Get the type byte */
 125         type = tvb_get_guint8(tvb, 1);
 126
 127         col_add_fstr(pinfo->cinfo, COL_INFO, "%s > %s Type: %s",
 128                      tvb_ether_to_str(tvb, 2),
 129                      tvb_ether_to_str(tvb, 8),
 130                      val_to_str(type, packettypenames, "Unknown Type:0x%02x"));
 131
 132         if (tree) {
 133                 guint8 no_ip[4] = {0,0,0,0};
 134                 guint32 offset = 0;
 135
 136                 /* create display subtree for the protocol */
 137                 mactelnet_item = proto_tree_add_item(tree, proto_mactelnet, tvb, 0, -1, ENC_NA);
 138                 mactelnet_tree = proto_item_add_subtree(mactelnet_item, ett_mactelnet);
 139
 140                 /* ver(1) */
 141                 proto_tree_add_item(mactelnet_tree, hf_mactelnet_protocolver, tvb, offset, 1, ENC_NA);
 142                 offset++;
 143
 144                 /* ptype(1) */
 145                 proto_tree_add_item(mactelnet_tree, hf_mactelnet_type, tvb, offset, 1, ENC_NA);
 146                 offset++;
 147
 148                 /* saddr(6) */
 149                 proto_tree_add_item(mactelnet_tree, hf_mactelnet_source_mac, tvb, offset, 6, ENC_NA);
 150                 offset += 6;
 151
 152                 /* dstaddr(6) */
 153                 proto_tree_add_item(mactelnet_tree, hf_mactelnet_destination_mac, tvb, offset, 6, ENC_NA);
 154                 offset += 6;
 155
 156                 if (memcmp(pinfo->src.data, &no_ip, 4) == 0) {
 157                         /* Server to client */
 158
 159                         /* sessionid(2) */
 160                         proto_tree_add_item(mactelnet_tree, hf_mactelnet_session_id, tvb, offset+2, 2, ENC_BIG_ENDIAN);
 161                         offset += 2;
 162
 163                         /* clienttype(2) */
 164                         proto_tree_add_item(mactelnet_tree, hf_mactelnet_client_type, tvb, offset-2, 2, ENC_BIG_ENDIAN);
 165                         offset += 2;
 166                 } else {
 167                         /* Client to server */
 168
 169                         /* sessionid(2) */
 170                         proto_tree_add_item(mactelnet_tree, hf_mactelnet_session_id, tvb, offset, 2, ENC_BIG_ENDIAN);
 171                         offset += 2;
 172
 173                         /* clienttype(2) */
 174                         proto_tree_add_item(mactelnet_tree, hf_mactelnet_client_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 175                         offset += 2;
 176                 }
 177
 178                 /* counter(4) */
 179                 proto_tree_add_item(mactelnet_tree, hf_mactelnet_databytes, tvb, offset, 4, ENC_BIG_ENDIAN);
 180                 offset += 4;
 181
 182                 /* Data packets only */
 183                 if (type == 1) {
 184                         while(tvb_reported_length_remaining(tvb, offset) > 0) {
 185                                 if (tvb_reported_length_remaining(tvb, offset) > 4 && tvb_get_ntohl(tvb, offset) == control_packet) {
 186                                         guint8 datatype;
 187                                         guint32 datalength;
 188
 189                                         /* Add subtree for control packet */
 190                                         mactelnet_control_item = proto_tree_add_item(mactelnet_tree, hf_mactelnet_control, tvb, offset, -1, ENC_NA);
 191                                         mactelnet_control_tree = proto_item_add_subtree(mactelnet_control_item, ett_mactelnet);
 192                                         /* Control packet magic number (4) */
 193                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
 194                                         offset += 4;
 195
 196                                         /* Control packet type (1) */
 197                                         datatype = tvb_get_guint8(tvb, offset);
 198                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_datatype, tvb, offset, 1, ENC_NA);
 199                                         offset++;
 200
 201                                         /* Control packet length (4) */
 202                                         datalength = tvb_get_ntohl(tvb, offset);
 203                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_length, tvb, offset, 4, ENC_BIG_ENDIAN);
 204                                         offset += 4;
 205
 206                                         switch (datatype) {
 207                                                 case 1: /* Encryption Key */
 208                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_encryption_key, tvb, offset, datalength, ENC_NA);
 209                                                         break;
 210
 211                                                 case 2: /* Password */
 212                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_password, tvb, offset, datalength, ENC_NA);
 213                                                         break;
 214
 215                                                 case 3: /* Username */
 216                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_username, tvb, offset, datalength, ENC_NA);
 217                                                         break;
 218
 219                                                 case 4: /* Terminal type */
 220                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_terminal, tvb, offset, datalength, ENC_NA);
 221                                                         break;
 222
 223                                                 case 5: /* Terminal width */
 224                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_width, tvb, offset, 2, ENC_LITTLE_ENDIAN);
 225                                                         break;
 226
 227                                                 case 6: /* Terminal height */
 228                                                         proto_tree_add_item(mactelnet_control_tree, hf_mactelnet_control_height, tvb, offset, 2, ENC_LITTLE_ENDIAN);
 229                                                         break;
 230
 231                                                 case 9: /* End authentication (no data) */
 232                                                         break;
 233                                         }
 234                                         proto_item_set_len (mactelnet_control_item, datalength + 9);
 235                                         offset += datalength;
 236                                 } else {
 237                                         /* Data packet, let wireshark handle it */
 238                                         tvbuff_t *next_client = tvb_new_subset(tvb, offset, -1, -1);
 239                                         return call_dissector(data_handle, next_client, pinfo, mactelnet_tree);
 240                                 }
 241                         }
 242                 }
 243
 244
 245         }
 246         return tvb_reported_length(tvb);
 247 }
 248
 249
 250 void
 251 proto_register_mactelnet(void)
 252 {
 253         static hf_register_info hf[] = {
 254                 { &hf_mactelnet_control_packet,
 255                 { "Control Packet Magic Number", "mactelnet.control_packet", FT_UINT32, BASE_HEX, NULL, 0x0,
 256                   NULL, HFILL }},
 257                 { &hf_mactelnet_type,
 258                 { "Type", "mactelnet.type", FT_UINT8, BASE_DEC, VALS(packettypenames), 0x0,
 259                   "Packet Type", HFILL }},
 260                 { &hf_mactelnet_protocolver,
 261                 { "Protocol Version", "mactelnet.protocol_version", FT_UINT8, BASE_DEC, NULL, 0x0,
 262                   NULL, HFILL }},
 263                 { &hf_mactelnet_source_mac,
 264                 { "Source MAC", "mactelnet.source_mac", FT_ETHER, BASE_NONE, NULL , 0x0,
 265                   NULL, HFILL }},
 266                 { &hf_mactelnet_destination_mac,
 267                 { "Destination MAC", "mactelnet.destination_mac", FT_ETHER, BASE_NONE, NULL , 0x0,
 268                   NULL, HFILL }},
 269                 { &hf_mactelnet_session_id,
 270                 { "Session ID", "mactelnet.session_id", FT_UINT16, BASE_HEX, NULL , 0x0,
 271                   "Session ID for this connection", HFILL }},
 272                 { &hf_mactelnet_client_type,
 273                 { "Client Type", "mactelnet.client_type", FT_UINT16, BASE_HEX, VALS(clienttypenames) , 0x0,
 274                   NULL, HFILL }},
 275                 { &hf_mactelnet_databytes,
 276                 { "Session Data Bytes", "mactelnet.session_bytes", FT_UINT32, BASE_DEC, NULL , 0x0,
 277                   "Session data bytes received", HFILL }},
 278                 { &hf_mactelnet_datatype,
 279                 { "Data Packet Type", "mactelnet.data_type", FT_UINT8, BASE_HEX, VALS(controlpackettypenames) , 0x0,
 280                   NULL, HFILL }},
 281                 { &hf_mactelnet_control,
 282                 { "Control Packet", "mactelnet.control", FT_NONE, BASE_NONE, NULL , 0x0,
 283                   NULL, HFILL }},
 284                 { &hf_mactelnet_control_length,
 285                 { "Control Data Length", "mactelnet.control_length", FT_UINT32, BASE_DEC, NULL , 0x0,
 286                   "Control packet length", HFILL }},
 287                 { &hf_mactelnet_control_encryption_key,
 288                 { "Encryption Key", "mactelnet.control_encryptionkey", FT_BYTES, BASE_NONE, NULL , 0x0,
 289                   "Login encryption key", HFILL }},
 290                 { &hf_mactelnet_control_password,
 291                 { "Password MD5", "mactelnet.control_password", FT_BYTES, BASE_NONE, NULL , 0x0,
 292                   "Null padded MD5 password", HFILL }},
 293                 { &hf_mactelnet_control_username,
 294                 { "Username", "mactelnet.control_username", FT_STRING, BASE_NONE, NULL , 0x0,
 295                   NULL, HFILL }},
 296                 { &hf_mactelnet_control_terminal,
 297                 { "Terminal Type", "mactelnet.control_terminaltype", FT_STRING, BASE_NONE, NULL , 0x0,
 298                   NULL, HFILL }},
 299                 { &hf_mactelnet_control_width,
 300                 { "Terminal Width", "mactelnet.control_width", FT_UINT16, BASE_DEC, NULL , 0x0,
 301                   NULL, HFILL }},
 302                 { &hf_mactelnet_control_height,
 303                 { "Terminal Height", "mactelnet.control_height", FT_UINT16, BASE_DEC, NULL , 0x0,
 304                   NULL, HFILL }}
 305         };
 306
 307         /* Setup protocol subtree array */
 308         static gint *ett[] = {
 309                 &ett_mactelnet,
 310                 &ett_mactelnet_control,
 311         };
 312
 313         module_t *mactelnet_module;
 314
 315         /* Register the protocol name and description */
 316         proto_mactelnet = proto_register_protocol ("MikroTik MAC-Telnet Protocol", PROTO_TAG_MACTELNET, "mactelnet");
 317
 318         /* Required function calls to register the header fields and subtrees used */
 319         proto_register_field_array (proto_mactelnet, hf, array_length (hf));
 320         proto_register_subtree_array (ett, array_length (ett));
 321
 322         mactelnet_module = prefs_register_protocol(proto_mactelnet, proto_reg_handoff_mactelnet);
 323
 324         prefs_register_uint_preference(mactelnet_module, "port", "UDP Port",
 325                                        "MAC-Telnet UDP port if other than the default",
 326                                        10, &global_mactelnet_port);
 327 }
 328
 329 void
 330 proto_reg_handoff_mactelnet(void)
 331 {
 332         static gboolean initialized = FALSE;
 333         static guint current_port;
 334         static dissector_handle_t mactelnet_handle;
 335
 336         if (!initialized) {
 337                 mactelnet_handle = new_create_dissector_handle(dissect_mactelnet, proto_mactelnet);
 338                 data_handle = find_dissector("data");
 339                 initialized = TRUE;
 340         } else {
 341                 dissector_delete_uint("udp.port", current_port, mactelnet_handle);
 342         }
 343
 344         current_port = global_mactelnet_port;
 345         dissector_add_uint("udp.port", current_port, mactelnet_handle);
 346 }