2 * Routines for Telnet packet dissection; see RFC 854 and RFC 855
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /* Telnet authentication options as per RFC2941
28 * Kerberos v5 telnet authentication as per RFC2942
38 #include <epan/packet.h>
39 #include <epan/strutil.h>
40 #include <epan/emem.h>
41 #include <epan/asn1.h>
42 #include "packet-kerberos.h"
44 static int proto_telnet = -1;
45 static int hf_telnet_auth_cmd = -1;
46 static int hf_telnet_auth_name = -1;
47 static int hf_telnet_auth_type = -1;
48 static int hf_telnet_auth_mod_who = -1;
49 static int hf_telnet_auth_mod_how = -1;
50 static int hf_telnet_auth_mod_cred_fwd = -1;
51 static int hf_telnet_auth_mod_enc = -1;
52 static int hf_telnet_auth_krb5_type = -1;
54 static int hf_telnet_enc_cmd = -1;
55 static int hf_telnet_enc_type = -1;
57 static gint ett_telnet = -1;
58 static gint ett_telnet_subopt = -1;
59 static gint ett_status_subopt = -1;
60 static gint ett_rcte_subopt = -1;
61 static gint ett_olw_subopt = -1;
62 static gint ett_ops_subopt = -1;
63 static gint ett_crdisp_subopt = -1;
64 static gint ett_htstops_subopt = -1;
65 static gint ett_htdisp_subopt = -1;
66 static gint ett_ffdisp_subopt = -1;
67 static gint ett_vtstops_subopt = -1;
68 static gint ett_vtdisp_subopt = -1;
69 static gint ett_lfdisp_subopt = -1;
70 static gint ett_extasc_subopt = -1;
71 static gint ett_bytemacro_subopt = -1;
72 static gint ett_det_subopt = -1;
73 static gint ett_supdupout_subopt = -1;
74 static gint ett_sendloc_subopt = -1;
75 static gint ett_termtype_subopt = -1;
76 static gint ett_tacacsui_subopt = -1;
77 static gint ett_outmark_subopt = -1;
78 static gint ett_tlocnum_subopt = -1;
79 static gint ett_tn3270reg_subopt = -1;
80 static gint ett_x3pad_subopt = -1;
81 static gint ett_naws_subopt = -1;
82 static gint ett_tspeed_subopt = -1;
83 static gint ett_rfc_subopt = -1;
84 static gint ett_linemode_subopt = -1;
85 static gint ett_xdpyloc_subopt = -1;
86 static gint ett_env_subopt = -1;
87 static gint ett_auth_subopt = -1;
88 static gint ett_enc_subopt = -1;
89 static gint ett_newenv_subopt = -1;
90 static gint ett_tn3270e_subopt = -1;
91 static gint ett_xauth_subopt = -1;
92 static gint ett_charset_subopt = -1;
93 static gint ett_rsp_subopt = -1;
94 static gint ett_comport_subopt = -1;
97 /* Some defines for Telnet */
99 #define TCP_PORT_TELNET 23
124 NO_LENGTH, /* option has no data, hence no length */
125 FIXED_LENGTH, /* option always has the same length */
126 VARIABLE_LENGTH /* option is variable-length - optlen is minimum */
129 /* Member of table of IP or TCP options. */
130 typedef struct tn_opt {
131 const char *name; /* name of option */
132 gint *subtree_index; /* pointer to subtree index for option */
133 tn_opt_len_type len_type; /* type of option length field */
134 int optlen; /* value length should be (minimum if VARIABLE) */
135 void (*dissect)(packet_info *pinfo, const char *, tvbuff_t *, int, int, proto_tree *);
136 /* routine to dissect option */
140 dissect_string_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
145 cmd = tvb_get_guint8(tvb, offset);
149 proto_tree_add_text(tree, tvb, offset, 1, "Here's my %s", optname);
153 proto_tree_add_text(tree, tvb, offset, len, "Value: %s",
154 tvb_format_text(tvb, offset, len));
159 proto_tree_add_text(tree, tvb, offset, 1, "Send your %s", optname);
163 proto_tree_add_text(tree, tvb, offset, len, "Extra data");
167 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
172 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
178 dissect_outmark_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
179 int len, proto_tree *tree)
182 int gs_offset, datalen;
185 cmd = tvb_get_guint8(tvb, offset);
189 proto_tree_add_text(tree, tvb, offset, 1, "ACK");
193 proto_tree_add_text(tree, tvb, offset, 1, "NAK");
197 proto_tree_add_text(tree, tvb, offset, 1, "Default");
201 proto_tree_add_text(tree, tvb, offset, 1, "Top");
205 proto_tree_add_text(tree, tvb, offset, 1, "Bottom");
209 proto_tree_add_text(tree, tvb, offset, 1, "Left");
213 proto_tree_add_text(tree, tvb, offset, 1, "Right");
217 proto_tree_add_text(tree, tvb, offset, 1, "Bogus value: %u", cmd);
224 gs_offset = tvb_find_guint8(tvb, offset, len, 29);
225 if (gs_offset == -1) {
226 /* None found - run to the end of the packet. */
227 gs_offset = offset + len;
229 datalen = gs_offset - offset;
231 proto_tree_add_text(tree, tvb, offset, datalen, "Banner: %s",
232 tvb_format_text(tvb, offset, datalen));
240 dissect_htstops_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
246 cmd = tvb_get_guint8(tvb, offset);
250 proto_tree_add_text(tree, tvb, offset, 1, "Here's my %s", optname);
256 proto_tree_add_text(tree, tvb, offset, 1, "Send your %s", optname);
262 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
267 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
272 tabval = tvb_get_guint8(tvb, offset);
276 proto_tree_add_text(tree, tvb, offset, 1,
277 "Sender wants to handle tab stops");
281 proto_tree_add_text(tree, tvb, offset, 1,
282 "Sender wants receiver to handle tab stop at %u",
290 proto_tree_add_text(tree, tvb, offset, 1,
291 "Invalid value: %u", tabval);
295 proto_tree_add_text(tree, tvb, offset, 1,
296 "Sender wants receiver to handle tab stops");
305 dissect_naws_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
306 int len _U_, proto_tree *tree)
308 proto_tree_add_text(tree, tvb, offset, 2, "Width: %u",
309 tvb_get_ntohs(tvb, offset));
311 proto_tree_add_text(tree, tvb, offset, 2, "Height: %u",
312 tvb_get_ntohs(tvb, offset));
315 /* BEGIN RFC-2217 (COM Port Control) Definitions */
317 #define TNCOMPORT_SIGNATURE 0
318 #define TNCOMPORT_SETBAUDRATE 1
319 #define TNCOMPORT_SETDATASIZE 2
320 #define TNCOMPORT_SETPARITY 3
321 #define TNCOMPORT_SETSTOPSIZE 4
322 #define TNCOMPORT_SETCONTROL 5
323 #define TNCOMPORT_NOTIFYLINESTATE 6
324 #define TNCOMPORT_NOTIFYMODEMSTATE 7
325 #define TNCOMPORT_FLOWCONTROLSUSPEND 8
326 #define TNCOMPORT_FLOWCONTROLRESUME 9
327 #define TNCOMPORT_SETLINESTATEMASK 10
328 #define TNCOMPORT_SETMODEMSTATEMASK 11
329 #define TNCOMPORT_PURGEDATA 12
331 /* END RFC-2217 (COM Port Control) Definitions */
334 dissect_comport_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
336 {static const char *datasizes[] = {
347 static const char *parities[] = {
355 static const char *stops[] = {
361 static const char *control[] = {
362 "Output Flow Control Request",
364 "Output Flow: XON/XOFF",
365 "Output Flow: CTS/RTS",
375 "Input Flow Control Request",
377 "Input Flow: XON/XOFF",
378 "Input Flow: CTS/RTS",
383 static const char *linestate_bits[] = {
389 "Transfer Holding Register Empty",
390 "Transfer Shift Register Empty",
393 static const char *modemstate_bits[] = {
403 static const char *purges[] = {
414 cmd = tvb_get_guint8(tvb, offset);
415 isservercmd = cmd > 99;
416 cmd = (isservercmd) ? (cmd - 100) : cmd;
417 source = (isservercmd) ? "Server" : "Client";
420 case TNCOMPORT_SIGNATURE:
423 proto_tree_add_text(tree, tvb, offset, 1, "%s Requests Signature",source);
425 guint8 *sig = tvb_get_ephemeral_string(tvb, offset + 1, len);
426 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s Signature: %s",source, sig);
430 case TNCOMPORT_SETBAUDRATE:
433 guint32 baud = tvb_get_ntohl(tvb, offset+1);
435 proto_tree_add_text(tree, tvb, offset, 5, "%s Requests Baud Rate",source);
437 proto_tree_add_text(tree, tvb, offset, 5, "%s Baud Rate: %d",source,baud);
440 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Baud Rate Packet>",source);
444 case TNCOMPORT_SETDATASIZE:
447 guint8 datasize = tvb_get_guint8(tvb, offset+1);
448 const char *ds = (datasize > 8) ? "<invalid>" : datasizes[datasize];
449 proto_tree_add_text(tree, tvb, offset, 2, "%s Data Size: %s",source,ds);
451 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Data Size Packet>",source);
455 case TNCOMPORT_SETPARITY:
458 guint8 parity = tvb_get_guint8(tvb, offset+1);
459 const char *pr = (parity > 5) ? "<invalid>" : parities[parity];
460 proto_tree_add_text(tree, tvb, offset, 2, "%s Parity: %s",source,pr);
462 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Parity Packet>",source);
466 case TNCOMPORT_SETSTOPSIZE:
469 guint8 stop = tvb_get_guint8(tvb, offset+1);
470 const char *st = (stop > 3) ? "<invalid>" : stops[stop];
471 proto_tree_add_text(tree, tvb, offset, 2, "%s Stop: %s",source,st);
473 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Stop Packet>",source);
477 case TNCOMPORT_SETCONTROL:
480 guint8 crt = tvb_get_guint8(tvb, offset+1);
481 const char *c = (crt > 19) ? "Control: <invalid>" : control[crt];
482 proto_tree_add_text(tree, tvb, offset, 2, "%s %s",source,c);
484 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Control Packet>",source);
488 case TNCOMPORT_SETLINESTATEMASK:
489 case TNCOMPORT_NOTIFYLINESTATE:
492 const char *print_pattern = (cmd == TNCOMPORT_SETLINESTATEMASK) ?
493 "%s Set Linestate Mask: %s" : "%s Linestate: %s";
495 guint8 ls = tvb_get_guint8(tvb, offset+1);
499 for (idx = 0; idx < 8; idx++) {
502 if (print_count != 0) {
503 g_strlcat(ls_buffer,", ",512);
505 g_strlcat(ls_buffer,linestate_bits[idx], 512);
510 proto_tree_add_text(tree, tvb, offset, 2, print_pattern, source, ls_buffer);
512 const char *print_pattern = (cmd == TNCOMPORT_SETLINESTATEMASK) ?
513 "%s <Invalid Linestate Mask>" : "%s <Invalid Linestate Packet>";
514 proto_tree_add_text(tree, tvb, offset, 1 + len, print_pattern, source);
518 case TNCOMPORT_SETMODEMSTATEMASK:
519 case TNCOMPORT_NOTIFYMODEMSTATE:
522 const char *print_pattern = (cmd == TNCOMPORT_SETMODEMSTATEMASK) ?
523 "%s Set Modemstate Mask: %s" : "%s Modemstate: %s";
525 guint8 ms = tvb_get_guint8(tvb, offset+1);
529 for (idx = 0; idx < 8; idx++) {
532 if (print_count != 0) {
533 g_strlcat(ms_buffer,", ",256);
535 g_strlcat(ms_buffer,modemstate_bits[idx],256);
540 proto_tree_add_text(tree, tvb, offset, 2, print_pattern, source, ms_buffer);
542 const char *print_pattern = (cmd == TNCOMPORT_SETMODEMSTATEMASK) ?
543 "%s <Invalid Modemstate Mask>" : "%s <Invalid Modemstate Packet>";
544 proto_tree_add_text(tree, tvb, offset, 1 + len, print_pattern, source);
548 case TNCOMPORT_FLOWCONTROLSUSPEND:
550 proto_tree_add_text(tree, tvb, offset, 1, "%s Flow Control Suspend",source);
553 case TNCOMPORT_FLOWCONTROLRESUME:
555 proto_tree_add_text(tree, tvb, offset, 1, "%s Flow Control Resume",source);
558 case TNCOMPORT_PURGEDATA:
561 guint8 purge = tvb_get_guint8(tvb, offset+1);
562 const char *p = (purge > 3) ? "<Purge invalid>" : purges[purge];
563 proto_tree_add_text(tree, tvb, offset, 2, "%s %s",source,p);
565 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Purge Packet>",source);
570 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
575 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
581 static const value_string rfc_opt_vals[] = {
584 { 2, "RESTART-ANY" },
585 { 3, "RESTART-XON" },
590 dissect_rfc_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
591 int len _U_, proto_tree *tree)
595 cmd = tvb_get_guint8(tvb, offset);
596 proto_tree_add_text(tree, tvb, offset, 2, "%s",
597 val_to_str(cmd, rfc_opt_vals, "Unknown (%u)"));
601 #define TN_ENC_SUPPORT 1
602 #define TN_ENC_REPLY 2
603 #define TN_ENC_START 3
605 #define TN_ENC_REQUEST_START 5
606 #define TN_ENC_REQUEST_END 6
607 #define TN_ENC_ENC_KEYID 7
608 #define TN_ENC_DEC_KEYID 8
609 static const value_string enc_cmd_vals[] = {
611 { TN_ENC_SUPPORT, "SUPPORT" },
612 { TN_ENC_REPLY, "REPLY" },
613 { TN_ENC_START, "START" },
614 { TN_ENC_END, "END" },
615 { TN_ENC_REQUEST_START, "REQUEST-START" },
616 { TN_ENC_REQUEST_END, "REQUEST-END" },
617 { TN_ENC_ENC_KEYID, "ENC_KEYID" },
618 { TN_ENC_DEC_KEYID, "DEC_KEYID" },
622 #define TN_ENCTYPE_NULL 0
623 #define TN_ENCTYPE_DES_CFB64 1
624 #define TN_ENCTYPE_DES_OFB64 2
625 #define TN_ENCTYPE_DES3_CFB64 3
626 #define TN_ENCTYPE_DES3_OFB64 4
627 #define TN_ENCTYPE_CAST5_40_CFB64 8
628 #define TN_ENCTYPE_CAST5_40_OFB64 9
629 #define TN_ENCTYPE_CAST128_CFB64 10
630 #define TN_ENCTYPE_CAST128_OFB64 11
631 static const value_string enc_type_vals[] = {
632 { TN_ENCTYPE_NULL, "NULL" },
633 { TN_ENCTYPE_DES_CFB64, "DES_CFB64" },
634 { TN_ENCTYPE_DES_OFB64, "DES_OFB64" },
635 { TN_ENCTYPE_DES3_CFB64, "DES3_CFB64" },
636 { TN_ENCTYPE_DES3_OFB64, "DES3_OFB64" },
637 { TN_ENCTYPE_CAST5_40_CFB64, "CAST5_40_CFB64" },
638 { TN_ENCTYPE_CAST5_40_OFB64, "CAST5_40_OFB64" },
639 { TN_ENCTYPE_CAST128_CFB64, "CAST128_CFB64" },
640 { TN_ENCTYPE_CAST128_OFB64, "CAST128_OFB64" },
647 #define TN_AC_REPLY 2
649 static const value_string auth_cmd_vals[] = {
651 { TN_AC_SEND, "SEND" },
652 { TN_AC_REPLY, "REPLY" },
653 { TN_AC_NAME, "NAME" },
665 #define TN_AT_LOKI 10
667 #define TN_AT_KEA_SJ 12
668 #define TN_AT_KEA_SJ_INTEG 13
670 #define TN_AT_NTLM 15
671 static const value_string auth_type_vals[] = {
672 { TN_AT_NULL, "NULL" },
673 { TN_AT_KRB4, "Kerberos v4" },
674 { TN_AT_KRB5, "Kerberos v5" },
675 { TN_AT_SPX, "SPX" },
676 { TN_AT_MINK, "MINK" },
677 { TN_AT_SRP, "SRP" },
678 { TN_AT_RSA, "RSA" },
679 { TN_AT_SSL, "SSL" },
680 { TN_AT_LOKI, "LOKI" },
681 { TN_AT_SSA, "SSA" },
682 { TN_AT_KEA_SJ, "KEA_SJ" },
683 { TN_AT_KEA_SJ_INTEG, "KEA_SJ_INTEG" },
684 { TN_AT_DSS, "DSS" },
685 { TN_AT_NTLM, "NTLM" },
688 static const true_false_string auth_mod_cred_fwd = {
689 "Client WILL forward auth creds",
690 "Client will NOT forward auth creds"
692 static const true_false_string auth_mod_who = {
693 "Mask server to client",
694 "Mask client to server"
696 static const true_false_string auth_mod_how = {
697 "MUTUAL authentication",
698 "One Way authentication"
700 #define TN_AM_OFF 0x00
701 #define TN_AM_USING_TELOPT 0x01
702 #define TN_AM_AFTER_EXCHANGE 0x02
703 #define TN_AM_RESERVED 0x04
704 static const value_string auth_mod_enc[] = {
705 { TN_AM_OFF, "Off" },
706 { TN_AM_USING_TELOPT, "Telnet Options" },
707 { TN_AM_AFTER_EXCHANGE, "After Exchange" },
708 { TN_AM_RESERVED, "Reserved" },
711 #define TN_KRB5_TYPE_AUTH 0
712 #define TN_KRB5_TYPE_REJECT 1
713 #define TN_KRB5_TYPE_ACCEPT 2
714 #define TN_KRB5_TYPE_RESPONSE 3
715 #define TN_KRB5_TYPE_FORWARD 4
716 #define TN_KRB5_TYPE_FORWARD_ACCEPT 5
717 #define TN_KRB5_TYPE_FORWARD_REJECT 6
718 static const value_string auth_krb5_types[] = {
719 { TN_KRB5_TYPE_AUTH, "Auth" },
720 { TN_KRB5_TYPE_REJECT, "Reject" },
721 { TN_KRB5_TYPE_ACCEPT, "Accept" },
722 { TN_KRB5_TYPE_RESPONSE, "Response" },
723 { TN_KRB5_TYPE_FORWARD, "Forward" },
724 { TN_KRB5_TYPE_FORWARD_ACCEPT, "Forward Accept" },
725 { TN_KRB5_TYPE_FORWARD_REJECT, "Forward Reject" },
729 dissect_authentication_type_pair(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, proto_tree *tree)
733 type=tvb_get_guint8(tvb, offset);
734 proto_tree_add_uint(tree, hf_telnet_auth_type, tvb, offset, 1, type);
736 mod=tvb_get_guint8(tvb, offset+1);
737 proto_tree_add_uint(tree, hf_telnet_auth_mod_enc, tvb, offset+1, 1, mod);
738 proto_tree_add_boolean(tree, hf_telnet_auth_mod_cred_fwd, tvb, offset+1, 1, mod);
739 proto_tree_add_boolean(tree, hf_telnet_auth_mod_how, tvb, offset+1, 1, mod);
740 proto_tree_add_boolean(tree, hf_telnet_auth_mod_who, tvb, offset+1, 1, mod);
743 /* no kerberos blobs are ever >10kb ? (arbitrary limit) */
744 #define MAX_KRB5_BLOB_LEN 10240
747 unescape_and_tvbuffify_telnet_option(packet_info *pinfo, tvbuff_t *tvb, int offset, int len)
755 if(len>=MAX_KRB5_BLOB_LEN)
758 spos=tvb_get_ptr(tvb, offset, len);
764 if((spos[0]==0xff) && (spos[1]==0xff)){
774 krb5_tvb = tvb_new_real_data(buf, len-skip, len-skip);
775 tvb_set_free_cb(krb5_tvb, g_free);
776 tvb_set_child_real_data_tvbuff(tvb, krb5_tvb);
777 add_new_data_source(pinfo, krb5_tvb, "Unpacked Telnet Uption");
785 dissect_krb5_authentication_data(packet_info *pinfo, tvbuff_t *tvb, int offset, int len, proto_tree *tree, guint8 acmd)
790 dissect_authentication_type_pair(pinfo, tvb, offset, tree);
795 krb5_cmd=tvb_get_guint8(tvb, offset);
796 proto_tree_add_uint(tree, hf_telnet_auth_krb5_type, tvb, offset, 1, krb5_cmd);
801 /* IAC SB AUTHENTICATION IS <authentication-type-pair> AUTH <Kerberos V5 KRB_AP_REQ message> IAC SE */
802 if((acmd==TN_AC_IS)&&(krb5_cmd==TN_KRB5_TYPE_AUTH)){
804 krb5_tvb=unescape_and_tvbuffify_telnet_option(pinfo, tvb, offset, len);
806 dissect_kerberos_main(krb5_tvb, pinfo, tree, FALSE, NULL);
808 proto_tree_add_text(tree, tvb, offset, len, "Kerberos blob (too long to dissect - length %u > %u",
809 len, MAX_KRB5_BLOB_LEN);
815 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> ACCEPT IAC SE */
816 /* nothing more to dissect */
820 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> REJECT <optional reason for rejection> IAC SE*/
824 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> RESPONSE <KRB_AP_REP message> IAC SE */
825 if((acmd==TN_AC_REPLY)&&(krb5_cmd==TN_KRB5_TYPE_RESPONSE)){
827 krb5_tvb=unescape_and_tvbuffify_telnet_option(pinfo, tvb, offset, len);
828 dissect_kerberos_main(krb5_tvb, pinfo, tree, FALSE, NULL);
833 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD <KRB_CRED message> IAC SE */
834 /* XXX unclear what this one looks like */
837 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_ACCEPT IAC SE */
838 /* nothing more to dissect */
842 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_REJECT */
843 /* nothing more to dissect */
847 dissect_authentication_subopt(packet_info *pinfo, const char *optname _U_, tvbuff_t *tvb, int offset, int len, proto_tree *tree)
852 /* XXX here we should really split it up in a conversation struct keeping
853 track of what method we actually use and not just assume it is always
856 acmd=tvb_get_guint8(tvb, offset);
857 proto_tree_add_uint(tree, hf_telnet_auth_cmd, tvb, offset, 1, acmd);
864 /* XXX here we shouldnt just assume it is krb5 */
865 dissect_krb5_authentication_data(pinfo, tvb, offset, len, tree, acmd);
869 dissect_authentication_type_pair(pinfo, tvb, offset, tree);
877 tvb_memcpy(tvb, (guint8*)name, offset, len);
880 name="<...name too long...>";
882 proto_tree_add_string(tree, hf_telnet_auth_name, tvb, offset, len, name);
887 /* This function only uses the octet in the buffer at 'offset' */
888 static void dissect_encryption_type(tvbuff_t *tvb, int offset, proto_tree *tree) {
890 etype = tvb_get_guint8(tvb, offset);
891 proto_tree_add_uint(tree, hf_telnet_enc_type, tvb, offset, 1, etype);
895 dissect_encryption_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset, int len, proto_tree *tree)
897 guint8 ecmd, key_first_octet;
899 ecmd = tvb_get_guint8(tvb, offset);
900 proto_tree_add_uint(tree, hf_telnet_enc_cmd, tvb, offset, 1, ecmd);
908 /* encryption type, type-specific data ... */
910 dissect_encryption_type(tvb, offset, tree);
913 proto_tree_add_text(tree, tvb, offset, len, "Type-specific data");
918 /* list of encryption types ... */
920 dissect_encryption_type(tvb, offset, tree);
929 key_first_octet = tvb_get_guint8(tvb, offset);
930 proto_tree_add_text(tree, tvb, offset, len, (key_first_octet == 0) ? "Default key" : "Key ID");
938 case TN_ENC_REQUEST_START:
939 /* (optional) keyid */
941 proto_tree_add_text(tree, tvb, offset, len, "Key ID (advisory)");
944 case TN_ENC_REQUEST_END:
948 case TN_ENC_ENC_KEYID:
949 case TN_ENC_DEC_KEYID:
950 /* (optional) keyid - if not supplied, there are no more known keys */
952 proto_tree_add_text(tree, tvb, offset, len, "Key ID");
956 proto_tree_add_text(tree, tvb, offset, len, "Unknown command");
960 static tn_opt options[] = {
962 "Binary Transmission", /* RFC 856 */
963 NULL, /* no suboption negotiation */
969 "Echo", /* RFC 857 */
970 NULL, /* no suboption negotiation */
976 "Reconnection", /* DOD Protocol Handbook */
983 "Suppress Go Ahead", /* RFC 858 */
984 NULL, /* no suboption negotiation */
990 "Approx Message Size Negotiation", /* Ethernet spec(!) */
997 "Status", /* RFC 859 */
1001 NULL /* XXX - fill me in */
1004 "Timing Mark", /* RFC 860 */
1005 NULL, /* no suboption negotiation */
1011 "Remote Controlled Trans and Echo", /* RFC 726 */
1015 NULL /* XXX - fill me in */
1018 "Output Line Width", /* DOD Protocol Handbook */
1020 VARIABLE_LENGTH, /* XXX - fill me in */
1021 0, /* XXX - fill me in */
1022 NULL /* XXX - fill me in */
1025 "Output Page Size", /* DOD Protocol Handbook */
1027 VARIABLE_LENGTH, /* XXX - fill me in */
1028 0, /* XXX - fill me in */
1029 NULL /* XXX - fill me in */
1032 "Output Carriage-Return Disposition", /* RFC 652 */
1036 NULL /* XXX - fill me in */
1039 "Output Horizontal Tab Stops", /* RFC 653 */
1040 &ett_htstops_subopt,
1043 dissect_htstops_subopt
1046 "Output Horizontal Tab Disposition", /* RFC 654 */
1050 NULL /* XXX - fill me in */
1053 "Output Formfeed Disposition", /* RFC 655 */
1057 NULL /* XXX - fill me in */
1060 "Output Vertical Tabstops", /* RFC 656 */
1061 &ett_vtstops_subopt,
1064 NULL /* XXX - fill me in */
1067 "Output Vertical Tab Disposition", /* RFC 657 */
1071 NULL /* XXX - fill me in */
1074 "Output Linefeed Disposition", /* RFC 658 */
1078 NULL /* XXX - fill me in */
1081 "Extended ASCII", /* RFC 698 */
1085 NULL /* XXX - fill me in */
1088 "Logout", /* RFC 727 */
1089 NULL, /* no suboption negotiation */
1095 "Byte Macro", /* RFC 735 */
1096 &ett_bytemacro_subopt,
1099 NULL /* XXX - fill me in */
1102 "Data Entry Terminal", /* RFC 732, RFC 1043 */
1106 NULL /* XXX - fill me in */
1109 "SUPDUP", /* RFC 734, RFC 736 */
1110 NULL, /* no suboption negotiation */
1116 "SUPDUP Output", /* RFC 749 */
1117 &ett_supdupout_subopt,
1120 NULL /* XXX - fill me in */
1123 "Send Location", /* RFC 779 */
1124 &ett_sendloc_subopt,
1127 NULL /* XXX - fill me in */
1130 "Terminal Type", /* RFC 1091 */
1131 &ett_termtype_subopt,
1134 dissect_string_subopt
1137 "End of Record", /* RFC 885 */
1138 NULL, /* no suboption negotiation */
1144 "TACACS User Identification", /* RFC 927 */
1145 &ett_tacacsui_subopt,
1148 NULL /* XXX - fill me in */
1151 "Output Marking", /* RFC 933 */
1152 &ett_outmark_subopt,
1155 dissect_outmark_subopt,
1158 "Terminal Location Number", /* RFC 946 */
1159 &ett_tlocnum_subopt,
1162 NULL /* XXX - fill me in */
1165 "Telnet 3270 Regime", /* RFC 1041 */
1166 &ett_tn3270reg_subopt,
1169 NULL /* XXX - fill me in */
1172 "X.3 PAD", /* RFC 1053 */
1176 NULL /* XXX - fill me in */
1179 "Negotiate About Window Size", /* RFC 1073, DW183 */
1186 "Terminal Speed", /* RFC 1079 */
1190 NULL /* XXX - fill me in */
1193 "Remote Flow Control", /* RFC 1372 */
1200 "Linemode", /* RFC 1184 */
1201 &ett_linemode_subopt,
1204 NULL /* XXX - fill me in */
1207 "X Display Location", /* RFC 1096 */
1208 &ett_xdpyloc_subopt,
1211 dissect_string_subopt
1214 "Environment Option", /* RFC 1408, RFC 1571 */
1218 NULL /* XXX - fill me in */
1221 "Authentication Option", /* RFC 2941 */
1225 dissect_authentication_subopt
1228 "Encryption Option", /* RFC 2946 */
1232 dissect_encryption_subopt
1235 "New Environment Option", /* RFC 1572 */
1239 NULL /* XXX - fill me in */
1242 "TN3270E", /* RFC 1647 */
1243 &ett_tn3270e_subopt,
1246 NULL /* XXX - fill me in */
1249 "XAUTH", /* XAUTH */
1253 NULL /* XXX - fill me in */
1256 "CHARSET", /* CHARSET */
1257 &ett_charset_subopt,
1260 NULL /* XXX - fill me in */
1263 "Remote Serial Port", /* Remote Serial Port */
1267 NULL /* XXX - fill me in */
1270 "COM Port Control", /* RFC 2217 */
1271 &ett_comport_subopt,
1274 dissect_comport_subopt
1279 #define NOPTIONS (sizeof options / sizeof options[0])
1282 telnet_sub_option(packet_info *pinfo, proto_tree *telnet_tree, tvbuff_t *tvb, int start_offset)
1284 proto_tree *ti, *option_tree;
1285 int offset = start_offset;
1289 gint ett = ett_telnet_subopt;
1292 void (*dissect)(packet_info *, const char *, tvbuff_t *, int, int, proto_tree *);
1297 * iac_data is a hack: as data with value iac (0xff) is possible,
1298 * this value must be escaped with iac (rfc 854). The proper way to
1299 * handle this would be to copy all data into a buffer with iac in
1300 * the data part removed and process it from there. For now, just
1301 * fix the sanity checks. This of course leaves the double iac
1302 * values in the decoded options.
1306 offset += 2; /* skip IAC and SB */
1308 /* Get the option code */
1309 opt_byte = tvb_get_guint8(tvb, offset);
1310 if (opt_byte >= NOPTIONS) {
1311 opt = "<unknown option>";
1314 opt = options[opt_byte].name;
1315 if (options[opt_byte].subtree_index != NULL)
1316 ett = *(options[opt_byte].subtree_index);
1317 dissect = options[opt_byte].dissect;
1321 /* Search for an unescaped IAC. */
1322 cur_offset = offset;
1324 len = tvb_length_remaining(tvb, offset);
1326 iac_offset = tvb_find_guint8(tvb, cur_offset, len, TN_IAC);
1328 if (iac_offset == -1) {
1329 /* None found - run to the end of the packet. */
1332 if (((guint)(iac_offset + 1) >= len) ||
1333 (tvb_get_guint8(tvb, iac_offset + 1) != TN_IAC)) {
1334 /* We really found a single IAC, so we're done */
1335 offset = iac_offset;
1338 * We saw an escaped IAC, so we have to move ahead to the
1342 cur_offset = iac_offset + 2;
1347 } while (!iac_found);
1349 subneg_len = offset - start_offset;
1351 ti = proto_tree_add_text(telnet_tree, tvb, start_offset, subneg_len,
1352 "Suboption Begin: %s", opt);
1353 option_tree = proto_item_add_subtree(ti, ett);
1354 start_offset += 3; /* skip IAC, SB, and option code */
1357 if (subneg_len > 0) {
1359 /* Now dissect the suboption parameters. */
1360 if (dissect != NULL) {
1362 switch (options[opt_byte].len_type) {
1365 /* There isn't supposed to *be* sub-option negotiation for this. */
1366 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1367 "Bogus suboption data");
1371 /* Make sure the length is what it's supposed to be. */
1372 if (subneg_len - iac_data != options[opt_byte].optlen) {
1373 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1374 "Suboption parameter length is %d, should be %d",
1375 subneg_len, options[opt_byte].optlen);
1380 case VARIABLE_LENGTH:
1381 /* Make sure the length is greater than the minimum. */
1382 if (subneg_len - iac_data < options[opt_byte].optlen) {
1383 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1384 "Suboption parameter length is %d, should be at least %d",
1385 subneg_len, options[opt_byte].optlen);
1391 /* We have a dissector for this suboption's parameters; call it. */
1392 (*dissect)(pinfo, opt, tvb, start_offset, subneg_len, option_tree);
1394 /* We don't have a dissector for them; just show them as data. */
1395 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1403 telnet_will_wont_do_dont(proto_tree *telnet_tree, tvbuff_t *tvb,
1404 int start_offset, const char *type)
1406 int offset = start_offset;
1410 offset += 2; /* skip IAC and WILL,WONT,DO,DONT} */
1411 opt_byte = tvb_get_guint8(tvb, offset);
1412 if (opt_byte >= NOPTIONS)
1413 opt = "<unknown option>";
1415 opt = options[opt_byte].name;
1418 proto_tree_add_text(telnet_tree, tvb, start_offset, 3,
1419 "Command: %s %s", type, opt);
1424 telnet_command(packet_info *pinfo, proto_tree *telnet_tree, tvbuff_t *tvb, int start_offset)
1426 int offset = start_offset;
1429 offset += 1; /* skip IAC */
1430 optcode = tvb_get_guint8(tvb, offset);
1435 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1436 "Command: End of File");
1440 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1441 "Command: Suspend Current Process");
1445 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1446 "Command: Abort Process");
1450 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1451 "Command: End of Record");
1455 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1456 "Command: Suboption End");
1460 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1461 "Command: No Operation");
1465 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1466 "Command: Data Mark");
1470 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1475 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1476 "Command: Interrupt Process");
1480 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1481 "Command: Abort Output");
1485 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1486 "Command: Are You There?");
1490 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1491 "Command: Escape Character");
1495 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1496 "Command: Erase Line");
1500 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1501 "Command: Go Ahead");
1505 offset = telnet_sub_option(pinfo, telnet_tree, tvb, start_offset);
1509 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1514 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1519 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1524 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1529 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1530 "Command: Unknown (0x%02x)", optcode);
1538 telnet_add_text(proto_tree *tree, tvbuff_t *tvb, int offset, int len)
1543 gboolean last_char_was_cr;
1545 while (len != 0 && tvb_offset_exists(tvb, offset)) {
1547 * Find the end of the line.
1549 linelen = tvb_find_line_end(tvb, offset, len, &next_offset, FALSE);
1550 len -= next_offset - offset; /* subtract out the line's characters */
1553 * In Telnet, CR NUL is the way you send a CR by itself in the
1554 * default ASCII mode; don't treat CR by itself as a line ending,
1555 * treat only CR NUL, CR LF, or LF by itself as a line ending.
1557 if (next_offset == offset + linelen + 1 && len >= 1) {
1559 * Well, we saw a one-character line ending, so either it's a CR
1560 * or an LF; we have at least two characters left, including the
1563 * If the line ending is a CR, skip all subsequent CRs; at
1564 * least one capture appeared to have multiple CRs at the end of
1567 if (tvb_get_guint8(tvb, offset + linelen) == '\r') {
1568 last_char_was_cr = TRUE;
1569 while (len != 0 && tvb_offset_exists(tvb, next_offset)) {
1570 c = tvb_get_guint8(tvb, next_offset);
1571 next_offset++; /* skip over that character */
1573 if (c == '\n' || (c == '\0' && last_char_was_cr)) {
1575 * LF is a line ending, whether preceded by CR or not.
1576 * NUL is a line ending if preceded by CR.
1580 last_char_was_cr = (c == '\r');
1586 * Now compute the length of the line *including* the end-of-line
1587 * indication, if any; we display it all.
1589 linelen = next_offset - offset;
1591 proto_tree_add_text(tree, tvb, offset, linelen,
1593 tvb_format_text(tvb, offset, linelen));
1594 offset = next_offset;
1599 dissect_telnet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1601 proto_tree *telnet_tree, *ti;
1604 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1605 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TELNET");
1607 if (check_col(pinfo->cinfo, COL_INFO))
1608 col_set_str(pinfo->cinfo, COL_INFO, "Telnet Data ...");
1616 ti = proto_tree_add_item(tree, proto_telnet, tvb, offset, -1, FALSE);
1617 telnet_tree = proto_item_add_subtree(ti, ett_telnet);
1620 * Scan through the buffer looking for an IAC byte.
1622 while ((len = tvb_length_remaining(tvb, offset)) > 0) {
1623 iac_offset = tvb_find_guint8(tvb, offset, len, TN_IAC);
1624 if (iac_offset != -1) {
1626 * We found an IAC byte.
1627 * If there's any data before it, add that data to the
1628 * tree, a line at a time.
1630 data_len = iac_offset - offset;
1632 telnet_add_text(telnet_tree, tvb, offset, data_len);
1635 * Now interpret the command.
1637 offset = telnet_command(pinfo, telnet_tree, tvb, iac_offset);
1641 * We found no IAC byte, so what remains in the buffer
1642 * is the last of the data in the packet.
1643 * Add it to the tree, a line at a time, and then quit.
1645 telnet_add_text(telnet_tree, tvb, offset, len);
1653 proto_register_telnet(void)
1655 static hf_register_info hf[] = {
1656 { &hf_telnet_auth_name,
1657 { "Name", "telnet.auth.name", FT_STRING, BASE_NONE,
1658 NULL, 0, "Name of user being authenticated", HFILL }},
1659 { &hf_telnet_auth_cmd,
1660 { "Auth Cmd", "telnet.auth.cmd", FT_UINT8, BASE_DEC,
1661 VALS(auth_cmd_vals), 0, "Authentication Command", HFILL }},
1662 { &hf_telnet_auth_type,
1663 { "Auth Type", "telnet.auth.type", FT_UINT8, BASE_DEC,
1664 VALS(auth_type_vals), 0, "Authentication Type", HFILL }},
1665 { &hf_telnet_auth_mod_cred_fwd,
1666 { "Cred Fwd", "telnet.auth.mod.cred_fwd", FT_BOOLEAN, 8,
1667 TFS(&auth_mod_cred_fwd), 0x08, "Modifier: Whether client will forward creds or not", HFILL }},
1668 { &hf_telnet_auth_mod_who,
1669 { "Who", "telnet.auth.mod.who", FT_BOOLEAN, 8,
1670 TFS(&auth_mod_who), 0x01, "Modifier: Who to mask", HFILL }},
1671 { &hf_telnet_auth_mod_how,
1672 { "How", "telnet.auth.mod.how", FT_BOOLEAN, 8,
1673 TFS(&auth_mod_how), 0x02, "Modifier: How to mask", HFILL }},
1674 { &hf_telnet_auth_mod_enc,
1675 { "Encrypt", "telnet.auth.mod.enc", FT_UINT8, BASE_DEC,
1676 VALS(auth_mod_enc), 0x14, "Modifier: How to enable Encryption", HFILL }},
1677 { &hf_telnet_auth_krb5_type,
1678 { "Command", "telnet.auth.krb5.cmd", FT_UINT8, BASE_DEC,
1679 VALS(auth_krb5_types), 0, "Krb5 Authentication sub-command", HFILL }},
1680 { &hf_telnet_enc_cmd,
1681 { "Enc Cmd", "telnet.enc.cmd", FT_UINT8, BASE_DEC,
1682 VALS(enc_cmd_vals), 0, "Encryption command", HFILL }},
1683 { &hf_telnet_enc_type,
1684 { "Enc Type", "telnet.enc.type", FT_UINT8, BASE_DEC,
1685 VALS(enc_type_vals), 0, "Encryption type", HFILL }},
1687 static gint *ett[] = {
1695 &ett_htstops_subopt,
1698 &ett_vtstops_subopt,
1702 &ett_bytemacro_subopt,
1704 &ett_supdupout_subopt,
1705 &ett_sendloc_subopt,
1706 &ett_termtype_subopt,
1707 &ett_tacacsui_subopt,
1708 &ett_outmark_subopt,
1709 &ett_tlocnum_subopt,
1710 &ett_tn3270reg_subopt,
1715 &ett_linemode_subopt,
1716 &ett_xdpyloc_subopt,
1721 &ett_tn3270e_subopt,
1723 &ett_charset_subopt,
1728 proto_telnet = proto_register_protocol("Telnet", "TELNET", "telnet");
1729 proto_register_field_array(proto_telnet, hf, array_length(hf));
1730 proto_register_subtree_array(ett, array_length(ett));
1734 proto_reg_handoff_telnet(void)
1736 dissector_handle_t telnet_handle;
1738 telnet_handle = create_dissector_handle(dissect_telnet, proto_telnet);
1739 dissector_add("tcp.port", TCP_PORT_TELNET, telnet_handle);