2 * Routines for AIM Instant Messenger (OSCAR) dissection
3 * Copyright 2000, Ralf Hoelzer <ralf@well.com>
4 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
5 * Copyright 2004, Devin Heitmueller <dheitmueller@netilla.com>
7 * $Id: packet-aim.c,v 1.44 2004/07/09 23:17:02 guy Exp $
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 #include <epan/packet.h>
42 #include <epan/strutil.h>
44 #include "packet-tcp.h"
45 #include "packet-aim.h"
48 #define TCP_PORT_AIM 5190
53 #define CHANNEL_NEW_CONN 0x01
54 #define CHANNEL_SNAC_DATA 0x02
55 #define CHANNEL_FLAP_ERR 0x03
56 #define CHANNEL_CLOSE_CONN 0x04
57 #define CHANNEL_KEEP_ALIVE 0x05
59 #define CLI_COOKIE 0x01
61 #define FAMILY_ALL_ERROR_INVALID_HEADER 0x0001
62 #define FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED 0x0002
63 #define FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED 0x0003
64 #define FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN 0x0004
65 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE 0x0005
66 #define FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED 0x0006
67 #define FAMILY_ALL_ERROR_OBSOLETE_SNAC 0x0007
68 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER 0x0008
69 #define FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT 0x0009
70 #define FAMILY_ALL_ERROR_REFUSED_BY_CLIENT 0x000a
71 #define FAMILY_ALL_ERROR_REPLY_TOO_BIG 0x000b
72 #define FAMILY_ALL_ERROR_RESPONSES_LOST 0x000c
73 #define FAMILY_ALL_ERROR_REQUEST_DENIED 0x000d
74 #define FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT 0x000e
75 #define FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS 0x000f
76 #define FAMILY_ALL_ERROR_RECIPIENT_BLOCKED 0x0010
77 #define FAMILY_ALL_ERROR_SENDER_TOO_EVIL 0x0011
78 #define FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL 0x0012
79 #define FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE 0x0013
80 #define FAMILY_ALL_ERROR_NO_MATCH 0x0014
81 #define FAMILY_ALL_ERROR_LIST_OVERFLOW 0x0015
82 #define FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS 0x0016
83 #define FAMILY_ALL_ERROR_SERVER_QUEUE_FULL 0x0017
84 #define FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL 0x0018
86 static const value_string aim_flap_channels[] = {
87 { CHANNEL_NEW_CONN, "New Connection" },
88 { CHANNEL_SNAC_DATA, "SNAC Data" },
89 { CHANNEL_FLAP_ERR, "FLAP-Level Error" },
90 { CHANNEL_CLOSE_CONN, "Close Connection" },
91 { CHANNEL_KEEP_ALIVE, "Keep Alive" },
95 static const value_string aim_snac_errors[] = {
96 { FAMILY_ALL_ERROR_INVALID_HEADER, "Invalid SNAC Header" },
97 { FAMILY_ALL_ERROR_SERVER_RATE_LIMIT_EXCEEDED, "Server rate limit exceeded" },
98 { FAMILY_ALL_ERROR_CLIENT_RATE_LIMIT_EXCEEDED, "Client rate limit exceeded" },
99 { FAMILY_ALL_ERROR_RECIPIENT_NOT_LOGGED_IN, "Recipient not logged in" },
100 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_UNAVAILABLE, "Requested service unavailable" },
101 { FAMILY_ALL_ERROR_REQUESTED_SERVICE_NOT_DEFINED, "Requested service not defined" },
102 { FAMILY_ALL_ERROR_OBSOLETE_SNAC, "Obsolete SNAC issued" },
103 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_SERVER, "Not supported by server" },
104 { FAMILY_ALL_ERROR_NOT_SUPPORTED_BY_CLIENT, "Not supported by client" },
105 { FAMILY_ALL_ERROR_REFUSED_BY_CLIENT, "Refused by client" },
106 { FAMILY_ALL_ERROR_REPLY_TOO_BIG, "Reply too big" },
107 { FAMILY_ALL_ERROR_RESPONSES_LOST, "Responses lost" },
108 { FAMILY_ALL_ERROR_REQUEST_DENIED, "Request denied" },
109 { FAMILY_ALL_ERROR_INCORRECT_SNAC_FORMAT, "Incorrect SNAC format" },
110 { FAMILY_ALL_ERROR_INSUFFICIENT_RIGHTS, "Insufficient rights" },
111 { FAMILY_ALL_ERROR_RECIPIENT_BLOCKED, "Recipient blocked" },
112 { FAMILY_ALL_ERROR_SENDER_TOO_EVIL, "Sender too evil" },
113 { FAMILY_ALL_ERROR_RECEIVER_TOO_EVIL, "Receiver too evil" },
114 { FAMILY_ALL_ERROR_USER_TEMP_UNAVAILABLE, "User temporarily unavailable" },
115 { FAMILY_ALL_ERROR_NO_MATCH, "No match" },
116 { FAMILY_ALL_ERROR_LIST_OVERFLOW, "List overflow" },
117 { FAMILY_ALL_ERROR_REQUEST_AMBIGUOUS, "Request ambiguous" },
118 { FAMILY_ALL_ERROR_SERVER_QUEUE_FULL, "Server queue full" },
119 { FAMILY_ALL_ERROR_NOT_WHILE_ON_AOL, "Not while on AOL" },
123 #define AIM_CLIENT_TLV_SCREEN_NAME 0x0001
124 #define AIM_CLIENT_TLV_ROASTED_PASSWORD 0x0002
125 #define AIM_CLIENT_TLV_CLIENT_ID_STRING 0x0003
126 #define AIM_CLIENT_TLV_ERRORURL 0x0004
127 #define AIM_CLIENT_TLV_BOS_SERVER_STRING 0x0005
128 #define AIM_CLIENT_TLV_AUTH_COOKIE 0x0006
129 #define AIM_CLIENT_TLV_ERRORCODE 0x0008
130 #define AIM_CLIENT_TLV_GENERIC_SERVICE_ID 0x000d
131 #define AIM_CLIENT_TLV_CLIENT_COUNTRY 0x000e
132 #define AIM_CLIENT_TLV_CLIENT_LANGUAGE 0x000f
133 #define AIM_CLIENT_TLV_EMAILADDR 0x0011
134 #define AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD 0x0012
135 #define AIM_CLIENT_TLV_REGSTATUS 0x0013
136 #define AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM 0x0014
137 #define AIM_CLIENT_TLV_INVITEMESSAGE 0x0015
138 #define AIM_CLIENT_TLV_CLIENT_ID 0x0016
139 #define AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION 0x0017
140 #define AIM_CLIENT_TLV_CLIENT_MINOR_VERSION 0x0018
141 #define AIM_CLIENT_TLV_CLIENT_LESSER_VERSION 0x0019
142 #define AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER 0x001a
143 #define AIM_CLIENT_TLV_PASSWORD 0x0025
144 #define AIM_CLIENT_TLV_LATESTBETABUILD 0x0040
145 #define AIM_CLIENT_TLV_LATESTBETAURL 0x0041
146 #define AIM_CLIENT_TLV_LATESTBETAINFO 0x0042
147 #define AIM_CLIENT_TLV_LATESTBETANAME 0x0043
148 #define AIM_CLIENT_TLV_LATESTRELEASEBUILD 0x0044
149 #define AIM_CLIENT_TLV_LATESTRELEASEURL 0x0045
150 #define AIM_CLIENT_TLV_LATESTRELEASEINFO 0x0046
151 #define AIM_CLIENT_TLV_LATESTRELEASENAME 0x0047
152 #define AIM_CLIENT_TLV_CLIENTUSESSI 0x004a
153 #define AIM_CLIENT_TLV_CHANGE_PASSWORD_URL 0x0054
155 const aim_tlv client_tlvs[] = {
156 { AIM_CLIENT_TLV_SCREEN_NAME, "Screen name", dissect_aim_tlv_value_string },
157 { AIM_CLIENT_TLV_ROASTED_PASSWORD, "Roasted password array", dissect_aim_tlv_value_bytes },
158 { AIM_CLIENT_TLV_OLD_ROASTED_PASSWORD, "Old roasted password array", dissect_aim_tlv_value_bytes },
159 { AIM_CLIENT_TLV_CLIENT_ID_STRING, "Client id string (name, version)", dissect_aim_tlv_value_string },
160 { AIM_CLIENT_TLV_CLIENT_ID, "Client id number", dissect_aim_tlv_value_uint16 },
161 { AIM_CLIENT_TLV_CLIENT_MAJOR_VERSION, "Client major version", dissect_aim_tlv_value_uint16 },
162 { AIM_CLIENT_TLV_CLIENT_MINOR_VERSION, "Client minor version", dissect_aim_tlv_value_uint16 },
163 { AIM_CLIENT_TLV_CLIENT_LESSER_VERSION, "Client lesser version", dissect_aim_tlv_value_uint16 },
164 { AIM_CLIENT_TLV_CLIENT_BUILD_NUMBER, "Client build number", dissect_aim_tlv_value_uint16 },
165 { AIM_CLIENT_TLV_CLIENT_DISTRIBUTION_NUM, "Client distribution number", dissect_aim_tlv_value_uint16 },
166 { AIM_CLIENT_TLV_CLIENT_LANGUAGE, "Client language", dissect_aim_tlv_value_string },
167 { AIM_CLIENT_TLV_CLIENT_COUNTRY, "Client country", dissect_aim_tlv_value_string },
168 { AIM_CLIENT_TLV_BOS_SERVER_STRING, "BOS server string", dissect_aim_tlv_value_string },
169 { AIM_CLIENT_TLV_AUTH_COOKIE, "Authorization cookie", dissect_aim_tlv_value_bytes },
170 { AIM_CLIENT_TLV_ERRORURL, "Error URL", dissect_aim_tlv_value_string },
171 { AIM_CLIENT_TLV_ERRORCODE, "Error Code", dissect_aim_tlv_value_uint16 }, /* FIXME: Decode error codes too */
172 { AIM_CLIENT_TLV_EMAILADDR, "Account Email address", dissect_aim_tlv_value_string },
173 { AIM_CLIENT_TLV_REGSTATUS, "Registration Status", dissect_aim_tlv_value_uint16 },
174 { AIM_CLIENT_TLV_LATESTBETABUILD, "Latest Beta Build", dissect_aim_tlv_value_uint32 },
175 { AIM_CLIENT_TLV_LATESTBETAURL, "Latest Beta URL", dissect_aim_tlv_value_string },
176 { AIM_CLIENT_TLV_LATESTBETAINFO, "Latest Beta Info", dissect_aim_tlv_value_string },
177 { AIM_CLIENT_TLV_LATESTBETANAME, "Latest Beta Name", dissect_aim_tlv_value_string },
178 { AIM_CLIENT_TLV_LATESTRELEASEBUILD, "Latest Release Build", dissect_aim_tlv_value_uint32 },
179 { AIM_CLIENT_TLV_LATESTRELEASEURL, "Latest Release URL", dissect_aim_tlv_value_string },
180 { AIM_CLIENT_TLV_LATESTRELEASEINFO, "Latest Release Info", dissect_aim_tlv_value_string },
181 { AIM_CLIENT_TLV_LATESTRELEASENAME, "Latest Release Name", dissect_aim_tlv_value_string },
182 { AIM_CLIENT_TLV_CLIENTUSESSI, "Use SSI", dissect_aim_tlv_value_uint8 },
183 { AIM_CLIENT_TLV_GENERIC_SERVICE_ID, "Service (Family) ID", dissect_aim_tlv_value_uint16 },
184 { AIM_CLIENT_TLV_CHANGE_PASSWORD_URL, "Change password url", dissect_aim_tlv_value_string },
185 { 0, "Unknown", NULL },
189 static int dissect_aim_tlv_value_userstatus(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb);
190 static int dissect_aim_tlv_value_dcinfo(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb);
192 #define AIM_ONLINEBUDDY_USERCLASS 0x0001
193 #define AIM_ONLINEBUDDY_ONSINCE 0x0003
194 #define AIM_ONLINEBUDDY_IDLETIME 0x0004
195 #define AIM_ONLINEBUDDY_MEMBERSINCE 0x0005
196 #define AIM_ONLINEBUDDY_STATUS 0x0006
197 #define AIM_ONLINEBUDDY_TIMEUPDATE 0x0011
198 #define AIM_ONLINEBUDDY_IPADDR 0x000a
199 #define AIM_ONLINEBUDDY_DCINFO 0x000c
200 #define AIM_ONLINEBUDDY_CAPINFO 0x000d
201 #define AIM_ONLINEBUDDY_UNKNOWN 0x000e
202 #define AIM_ONLINEBUDDY_SESSIONLEN 0x000f
203 #define AIM_ONLINEBUDDY_ICQSESSIONLEN 0x0010
205 const aim_tlv onlinebuddy_tlvs[] = {
206 { AIM_ONLINEBUDDY_USERCLASS, "User class", dissect_aim_tlv_value_userclass },
207 { AIM_ONLINEBUDDY_ONSINCE, "Online since", dissect_aim_tlv_value_uint32 },
208 { AIM_ONLINEBUDDY_IDLETIME, "Idle time (sec)", dissect_aim_tlv_value_uint16 },
209 { AIM_ONLINEBUDDY_STATUS, "Online status", dissect_aim_tlv_value_userstatus },
210 { AIM_ONLINEBUDDY_IPADDR, "User IP Address", dissect_aim_tlv_value_ipv4 },
211 { AIM_ONLINEBUDDY_DCINFO, "DC Info", dissect_aim_tlv_value_dcinfo},
212 { AIM_ONLINEBUDDY_CAPINFO, "Capability Info", dissect_aim_tlv_value_bytes },
213 { AIM_ONLINEBUDDY_MEMBERSINCE, "Member since", dissect_aim_tlv_value_time },
214 { AIM_ONLINEBUDDY_UNKNOWN, "Unknown", dissect_aim_tlv_value_uint16 },
215 { AIM_ONLINEBUDDY_TIMEUPDATE, "Time update", dissect_aim_tlv_value_bytes },
216 { AIM_ONLINEBUDDY_SESSIONLEN, "Session Length (sec)", dissect_aim_tlv_value_uint32 },
217 { AIM_ONLINEBUDDY_ICQSESSIONLEN, "ICQ Session Length (sec)", dissect_aim_tlv_value_uint32 },
218 { 0, "Unknown", NULL }
224 const value_string *subtypes;
227 static GList *families = NULL;
229 #define AIM_MOTD_TLV_MOTD 0x000B
231 const aim_tlv motd_tlvs[] = {
232 { AIM_MOTD_TLV_MOTD, "Message of the day message", dissect_aim_tlv_value_string },
233 { 0, "Unknown", NULL }
236 #define FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS 0x0005
237 #define FAMILY_GENERIC_REDIRECT_AUTH_COOKIE 0x0006
238 #define FAMILY_GENERIC_REDIRECT_FAMILY_ID 0x000D
240 static const aim_tlv aim_fnac_family_generic_redirect_tlv[] = {
241 { FAMILY_GENERIC_REDIRECT_SERVER_ADDRESS, "Server address and (optional) port", dissect_aim_tlv_value_string },
242 { FAMILY_GENERIC_REDIRECT_AUTH_COOKIE, "Authorization cookie", dissect_aim_tlv_value_string },
243 { FAMILY_GENERIC_REDIRECT_FAMILY_ID, "Family ID", dissect_aim_tlv_value_uint16 },
244 { 0, "Unknown", NULL }
247 #define FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE 0x0001
248 #define FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE 0x0002
249 #define FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN 0x0003
250 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL 0x0004
251 #define FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS 0x0006
253 static const value_string aim_snac_generic_motd_motdtypes[] = {
254 { FAMILY_GENERIC_MOTD_MOTDTYPE_MDT_UPGRADE, "Mandatory Upgrade Needed Notice" },
255 { FAMILY_GENERIC_MOTD_MOTDTYPE_ADV_UPGRADE, "Advisable Upgrade Notice" },
256 { FAMILY_GENERIC_MOTD_MOTDTYPE_SYS_BULLETIN, "AIM/ICQ Service System Announcements" },
257 { FAMILY_GENERIC_MOTD_MOTDTYPE_NORMAL, "Standard Notice" },
258 { FAMILY_GENERIC_MOTD_MOTDTYPE_NEWS, "News from AOL service" },
262 #define CLASS_UNCONFIRMED 0x0001
263 #define CLASS_ADMINISTRATOR 0x0002
264 #define CLASS_AOL 0x0004
265 #define CLASS_COMMERCIAL 0x0008
266 #define CLASS_FREE 0x0010
267 #define CLASS_AWAY 0x0020
268 #define CLASS_ICQ 0x0040
269 #define CLASS_WIRELESS 0x0080
270 #define CLASS_UNKNOWN100 0x0100
271 #define CLASS_UNKNOWN200 0x0200
272 #define CLASS_UNKNOWN400 0x0400
273 #define CLASS_UNKNOWN800 0x0800
275 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
276 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset);
277 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
279 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree);
280 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
281 int offset, proto_tree *tree, proto_tree *root_tree);
282 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
283 int offset, proto_tree *tree);
284 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
285 int offset, proto_tree *tree);
286 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
287 int offset, proto_tree *tree);
288 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
289 int offset, proto_tree *tree);
291 static dissector_table_t subdissector_table;
293 /* Initialize the protocol and registered fields */
294 static int proto_aim = -1;
295 static int hf_aim_cmd_start = -1;
296 static int hf_aim_channel = -1;
297 static int hf_aim_seqno = -1;
298 static int hf_aim_data = -1;
299 static int hf_aim_data_len = -1;
300 static int hf_aim_signon_challenge_len = -1;
301 static int hf_aim_signon_challenge = -1;
302 static int hf_aim_fnac_family = -1;
303 static int hf_aim_fnac_subtype = -1;
304 static int hf_aim_fnac_flags = -1;
305 static int hf_aim_fnac_id = -1;
306 static int hf_aim_infotype = -1;
307 static int hf_aim_buddyname_len = -1;
308 static int hf_aim_buddyname = -1;
309 static int hf_aim_userinfo_warninglevel = -1;
310 static int hf_aim_snac_error = -1;
311 static int hf_aim_tlvcount = -1;
312 static int hf_aim_authcookie = -1;
313 static int hf_aim_userclass_unconfirmed = -1;
314 static int hf_aim_userclass_administrator = -1;
315 static int hf_aim_userclass_aol = -1;
316 static int hf_aim_userclass_commercial = -1;
317 static int hf_aim_userclass_free = -1;
318 static int hf_aim_userclass_away = -1;
319 static int hf_aim_userclass_icq = -1;
320 static int hf_aim_userclass_wireless = -1;
321 static int hf_aim_userclass_unknown100 = -1;
322 static int hf_aim_userclass_unknown200 = -1;
323 static int hf_aim_userclass_unknown400 = -1;
324 static int hf_aim_userclass_unknown800 = -1;
325 static int hf_aim_messageblock_featuresdes = -1;
326 static int hf_aim_messageblock_featureslen = -1;
327 static int hf_aim_messageblock_features = -1;
328 static int hf_aim_messageblock_info = -1;
329 static int hf_aim_messageblock_len = -1;
330 static int hf_aim_messageblock_charset = -1;
331 static int hf_aim_messageblock_charsubset = -1;
332 static int hf_aim_messageblock_message = -1;
335 /* Initialize the subtree pointers */
336 static gint ett_aim = -1;
337 static gint ett_aim_buddyname= -1;
338 static gint ett_aim_fnac = -1;
339 static gint ett_aim_tlv = -1;
340 static gint ett_aim_userclass = -1;
341 static gint ett_aim_messageblock = -1;
343 /* desegmentation of AIM over TCP */
344 static gboolean aim_desegment = TRUE;
346 /* Code to actually dissect the packets */
347 static int dissect_aim(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
349 /* check, if this is really an AIM packet, they start with 0x2a */
350 /* XXX - I've seen some stuff starting with 0x5a followed by 0x2a */
352 if(tvb_bytes_exist(tvb, 0, 1) && tvb_get_guint8(tvb, 0) != 0x2a) {
353 /* Not an instant messenger packet, just happened to use the same port */
354 /* XXX - if desegmentation disabled, this might be a continuation
355 packet, not a non-AIM packet */
359 tcp_dissect_pdus(tvb, pinfo, tree, aim_desegment, 6, get_aim_pdu_len,
361 return tvb_length(tvb);
364 static guint get_aim_pdu_len(tvbuff_t *tvb, int offset)
369 * Get the length of the AIM packet.
371 plen = tvb_get_ntohs(tvb, offset + 4);
374 * That length doesn't include the length of the header itself; add that in.
379 static void dissect_aim_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
382 unsigned char hdr_channel; /* channel ID */
383 unsigned short hdr_sequence_no; /* Internal frame sequence number, not needed */
384 unsigned short hdr_data_field_length; /* length of data within frame */
388 /* Set up structures we will need to add the protocol subtree and manage it */
390 proto_tree *aim_tree = NULL;
392 /* Make entries in Protocol column and Info column on summary display */
393 if (check_col(pinfo->cinfo, COL_PROTOCOL))
394 col_set_str(pinfo->cinfo, COL_PROTOCOL, "AIM");
396 if (check_col(pinfo->cinfo, COL_INFO))
397 col_add_str(pinfo->cinfo, COL_INFO, "AOL Instant Messenger");
399 /* get relevant header information */
400 offset += 1; /* XXX - put the identifier into the tree? */
401 hdr_channel = tvb_get_guint8(tvb, offset);
403 hdr_sequence_no = tvb_get_ntohs(tvb, offset);
405 hdr_data_field_length = tvb_get_ntohs(tvb, offset);
408 /* In the interest of speed, if "tree" is NULL, don't do any work not
409 necessary to generate protocol tree items. */
411 ti = proto_tree_add_item(tree, proto_aim, tvb, 0, -1, FALSE);
412 aim_tree = proto_item_add_subtree(ti, ett_aim);
413 proto_tree_add_uint(aim_tree, hf_aim_cmd_start, tvb, 0, 1, '*');
414 proto_tree_add_item(aim_tree, hf_aim_channel, tvb, 1, 1, FALSE);
415 proto_tree_add_uint(aim_tree, hf_aim_seqno, tvb, 2, 2, hdr_sequence_no);
416 proto_tree_add_uint(aim_tree, hf_aim_data_len, tvb, 4, 2, hdr_data_field_length);
422 case CHANNEL_NEW_CONN:
423 dissect_aim_newconn(tvb, pinfo, offset, aim_tree);
425 case CHANNEL_SNAC_DATA:
426 dissect_aim_snac(tvb, pinfo, offset, aim_tree, tree);
428 case CHANNEL_FLAP_ERR:
429 dissect_aim_flap_err(tvb, pinfo, offset, aim_tree);
431 case CHANNEL_CLOSE_CONN:
432 dissect_aim_close_conn(tvb, pinfo, offset, aim_tree);
434 case CHANNEL_KEEP_ALIVE:
435 dissect_aim_keep_alive(tvb, pinfo, offset, aim_tree);
438 dissect_aim_unknown_channel(tvb, pinfo, offset, aim_tree);
444 const char *aim_get_subtypename( guint16 famnum, guint16 subtype )
446 GList *gl = families;
448 struct aim_family *fam = gl->data;
449 if(fam->family == famnum) return match_strval(subtype, fam->subtypes);
457 const char *aim_get_familyname( guint16 famnum )
459 GList *gl = families;
461 struct aim_family *fam = gl->data;
462 if(fam->family == famnum) return fam->name;
469 int aim_get_buddyname( char *name, tvbuff_t *tvb, int len_offset, int name_offset)
471 guint8 buddyname_length;
473 buddyname_length = tvb_get_guint8(tvb, len_offset);
475 if(buddyname_length > MAX_BUDDYNAME_LENGTH ) buddyname_length = MAX_BUDDYNAME_LENGTH;
476 tvb_get_nstringz0(tvb, name_offset, buddyname_length + 1, name);
478 return buddyname_length;
482 void aim_get_message( guchar *msg, tvbuff_t *tvb, int msg_offset, int msg_length)
486 int max, tagchars = 0;
487 int new_offset = msg_offset;
488 int new_length = msg_length;
492 /* make sure nothing bigger than 1000 bytes is printed */
493 if( msg_length > 999 ) return;
495 memset( msg, '\0', 1000);
499 /* loop until HTML tag is reached - quick&dirty way to find start of message
500 * (it is nearly impossible to find the correct start offset for all client versions) */
501 while( (tagchars < 6) && (new_length > 5) )
503 j = tvb_get_guint8(tvb, new_offset);
504 if( ( (j == '<') && (tagchars == 0) ) ||
505 ( (j == 'h') && (tagchars == 1) ) ||
506 ( (j == 'H') && (tagchars == 1) ) ||
507 ( (j == 't') && (tagchars == 2) ) ||
508 ( (j == 'T') && (tagchars == 2) ) ||
509 ( (j == 'm') && (tagchars == 3) ) ||
510 ( (j == 'M') && (tagchars == 3) ) ||
511 ( (j == 'l') && (tagchars == 4) ) ||
512 ( (j == 'L') && (tagchars == 4) ) ||
513 ( (j == '>') && (tagchars == 5) ) ) tagchars++;
518 /* set offset and length of message to after the first HTML tag */
519 msg_offset = new_offset;
520 msg_length = new_length;
521 max = msg_length - 1;
524 /* find the rest of the message until either a </html> is reached or the end of the frame.
525 * All other HTML tags are stripped to display only the raw message (printable characters) */
526 while( (c < max) && (tagchars < 7) )
528 j = tvb_get_guint8(tvb, msg_offset+c);
531 /* make sure this is an HTML tag by checking the order of the chars */
532 if( ( (j == '<') && (tagchars == 0) ) ||
533 ( (j == '/') && (tagchars == 1) ) ||
534 ( (j == 'h') && (tagchars == 2) ) ||
535 ( (j == 'H') && (tagchars == 2) ) ||
536 ( (j == 't') && (tagchars == 3) ) ||
537 ( (j == 'T') && (tagchars == 3) ) ||
538 ( (j == 'm') && (tagchars == 4) ) ||
539 ( (j == 'M') && (tagchars == 4) ) ||
540 ( (j == 'l') && (tagchars == 5) ) ||
541 ( (j == 'L') && (tagchars == 5) ) ||
542 ( (j == '>') && (tagchars == 6) ) ) tagchars++;
545 if( j == '<' ) bracket = TRUE;
546 if( j == '>' ) bracket = FALSE;
547 if( (isprint(j) ) && (bracket == FALSE) && (j != '>'))
559 void aim_init_family(guint16 family, const char *name, const value_string *subtypes)
561 struct aim_family *fam = g_new(struct aim_family, 1);
562 fam->name = g_strdup(name);
563 fam->family = family;
564 fam->subtypes = subtypes;
565 families = g_list_append(families, fam);
568 static void dissect_aim_newconn(tvbuff_t *tvb, packet_info *pinfo,
569 int offset, proto_tree *tree)
571 if (check_col(pinfo->cinfo, COL_INFO))
572 col_add_fstr(pinfo->cinfo, COL_INFO, "New Connection");
574 if (tvb_length_remaining(tvb, offset) > 0) {
575 proto_tree_add_item(tree, hf_aim_authcookie, tvb, offset, 4, FALSE);
577 while(tvb_reported_length_remaining(tvb, offset) > 0) {
578 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, client_tlvs);
582 if (tvb_length_remaining(tvb, offset) > 0)
583 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
587 int dissect_aim_snac_error(tvbuff_t *tvb, packet_info *pinfo,
588 int offset, proto_tree *aim_tree)
591 if ((name = match_strval(tvb_get_ntohs(tvb, offset), aim_snac_errors)) != NULL) {
592 if (check_col(pinfo->cinfo, COL_INFO))
593 col_add_fstr(pinfo->cinfo, COL_INFO, name);
596 proto_tree_add_item (aim_tree, hf_aim_snac_error,
597 tvb, offset, 2, FALSE);
598 return tvb_length_remaining(tvb, 2);
601 int dissect_aim_userinfo(tvbuff_t *tvb, packet_info *pinfo,
602 int offset, proto_tree *tree)
604 offset = dissect_aim_buddyname(tvb, pinfo, offset, tree);
606 proto_tree_add_item(tree, hf_aim_userinfo_warninglevel, tvb, offset, 2, FALSE);
609 return dissect_aim_tlv_list(tvb, pinfo, offset, tree, onlinebuddy_tlvs);
612 static void dissect_aim_snac(tvbuff_t *tvb, packet_info *pinfo,
613 int offset, proto_tree *aim_tree, proto_tree *root_tree)
620 struct aiminfo aiminfo;
621 const char *fam_name, *subtype_name;
622 proto_tree *aim_tree_fnac = NULL;
626 orig_offset = offset;
627 family = tvb_get_ntohs(tvb, offset);
628 fam_name = aim_get_familyname(family);
630 subtype = tvb_get_ntohs(tvb, offset);
631 subtype_name = aim_get_subtypename(family, subtype);
633 flags = tvb_get_ntohs(tvb, offset);
635 id = tvb_get_ntohl(tvb, offset);
638 if (check_col(pinfo->cinfo, COL_INFO)) {
639 col_add_fstr(pinfo->cinfo, COL_INFO, "SNAC data");
644 offset = orig_offset;
645 ti1 = proto_tree_add_text(aim_tree, tvb, 6, 10, "FNAC");
646 aim_tree_fnac = proto_item_add_subtree(ti1, ett_aim_fnac);
648 proto_tree_add_text (aim_tree_fnac,
649 tvb, offset, 2, "Family: %s (0x%04x)", fam_name?fam_name:"Unknown", family);
652 proto_tree_add_text (aim_tree_fnac,
653 tvb, offset, 2, "Subtype: %s (0x%04x)", subtype_name?subtype_name:"Unknown", subtype);
656 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_flags, tvb, offset,
659 proto_tree_add_uint(aim_tree_fnac, hf_aim_fnac_id, tvb, offset,
664 subtvb = tvb_new_subset(tvb, offset, -1, -1);
665 aiminfo.tcpinfo = pinfo->private_data;
666 aiminfo.family = family;
667 aiminfo.subtype = subtype;
668 pinfo->private_data = &aiminfo;
670 if (check_col(pinfo->cinfo, COL_INFO)) {
671 if(fam_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", fam_name);
672 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Family: 0x%04x", family);
673 if(subtype_name) col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", subtype_name);
674 else col_append_fstr(pinfo->cinfo, COL_INFO, ", Subtype: 0x%04x", subtype);
677 if(tvb_length_remaining(tvb, offset) == 0 || !dissector_try_port(subdissector_table, family, subtvb, pinfo, root_tree)) {
678 /* Show the undissected payload */
679 if (tvb_length_remaining(tvb, offset) > 0)
680 proto_tree_add_item(aim_tree, hf_aim_data, tvb, offset, -1, FALSE);
684 static void dissect_aim_flap_err(tvbuff_t *tvb, packet_info *pinfo,
685 int offset, proto_tree *tree)
687 if (check_col(pinfo->cinfo, COL_INFO)) {
688 col_add_fstr(pinfo->cinfo, COL_INFO, "FLAP error");
691 /* Show the undissected payload */
692 if (tvb_length_remaining(tvb, offset) > 0)
693 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
696 static void dissect_aim_keep_alive(tvbuff_t *tvb, packet_info *pinfo,
697 int offset, proto_tree *tree)
699 if (check_col(pinfo->cinfo, COL_INFO)) {
700 col_add_fstr(pinfo->cinfo, COL_INFO, "Keep Alive");
703 /* Show the undissected payload */
704 if (tvb_length_remaining(tvb, offset) > 0)
705 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
708 static void dissect_aim_close_conn(tvbuff_t *tvb, packet_info *pinfo,
709 int offset, proto_tree *tree)
711 if (check_col(pinfo->cinfo, COL_INFO)) {
712 col_add_fstr(pinfo->cinfo, COL_INFO, "Close Connection");
715 while(tvb_reported_length_remaining(tvb, offset) > 0) {
716 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, client_tlvs);
720 static void dissect_aim_unknown_channel(tvbuff_t *tvb, packet_info *pinfo,
721 int offset, proto_tree *tree)
723 if (check_col(pinfo->cinfo, COL_INFO)) {
724 col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown Channel");
727 /* Show the undissected payload */
728 if (tvb_length_remaining(tvb, offset) > 0)
729 proto_tree_add_item(tree, hf_aim_data, tvb, offset, -1, FALSE);
732 int dissect_aim_buddyname(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
735 guint8 buddyname_length = 0;
737 proto_item *ti = NULL;
738 proto_tree *buddy_tree = NULL;
740 buddyname_length = tvb_get_guint8(tvb, offset);
742 buddyname = tvb_get_string(tvb, offset, buddyname_length);
745 ti = proto_tree_add_text(tree, tvb, offset-1, 1+buddyname_length,
747 format_text(buddyname, buddyname_length));
748 buddy_tree = proto_item_add_subtree(ti, ett_aim_buddyname);
751 proto_tree_add_item(buddy_tree, hf_aim_buddyname_len, tvb, offset-1, 1, FALSE);
752 proto_tree_add_item(buddy_tree, hf_aim_buddyname, tvb, offset, buddyname_length, FALSE);
753 return offset+buddyname_length;
757 int dissect_aim_tlv_value_client_capabilities(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
760 return tvb_length(tvb);
763 int dissect_aim_tlv_value_time(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
766 return tvb_length(tvb);
769 int dissect_aim_userclass(tvbuff_t *tvb, int offset, int len, proto_item *ti, guint32 flags)
773 entry = proto_item_add_subtree(ti, ett_aim_userclass);
774 proto_tree_add_boolean(entry, hf_aim_userclass_unconfirmed, tvb, offset, len, flags);
775 proto_tree_add_boolean(entry, hf_aim_userclass_administrator, tvb, offset, len, flags);
776 proto_tree_add_boolean(entry, hf_aim_userclass_aol, tvb, offset, len, flags);
777 proto_tree_add_boolean(entry, hf_aim_userclass_commercial, tvb, offset, len, flags);
778 proto_tree_add_boolean(entry, hf_aim_userclass_free, tvb, offset, len, flags);
779 proto_tree_add_boolean(entry, hf_aim_userclass_away, tvb, offset, len, flags);
780 proto_tree_add_boolean(entry, hf_aim_userclass_icq, tvb, offset, len, flags);
781 proto_tree_add_boolean(entry, hf_aim_userclass_wireless, tvb, offset, len, flags);
782 proto_tree_add_boolean(entry, hf_aim_userclass_unknown100, tvb, offset, len, flags);
783 proto_tree_add_boolean(entry, hf_aim_userclass_unknown200, tvb, offset, len, flags);
784 proto_tree_add_boolean(entry, hf_aim_userclass_unknown400, tvb, offset, len, flags);
785 proto_tree_add_boolean(entry, hf_aim_userclass_unknown800, tvb, offset, len, flags);
789 int dissect_aim_tlv_value_userclass(proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb)
791 guint16 value16 = tvb_get_ntohs(tvb, 0);
792 proto_item_set_text(ti, "Value: 0x%04x", value16);
793 return dissect_aim_userclass(tvb, 0, 2, ti, value16);
796 static int dissect_aim_tlv_value_userstatus(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
799 return tvb_length(tvb);
802 static int dissect_aim_tlv_value_dcinfo(proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb)
805 return tvb_length(tvb);
808 int dissect_aim_tlv_value_string (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb)
813 string_len = tvb_length(tvb);
814 buf = tvb_get_string(tvb, 0, string_len);
815 proto_item_set_text(ti, "Value: %s", format_text(buf, string_len));
820 int dissect_aim_tlv_value_bytes (proto_item *ti _U_, guint16 valueid _U_, tvbuff_t *tvb _U_)
822 return tvb_length(tvb);
825 int dissect_aim_tlv_value_uint8 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
826 guint8 value8 = tvb_get_guint8(tvb, 0);
827 proto_item_set_text(ti, "Value: %d", value8);
831 int dissect_aim_tlv_value_uint16 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
832 guint16 value16 = tvb_get_ntohs(tvb, 0);
833 proto_item_set_text(ti, "Value: %d", value16);
837 int dissect_aim_tlv_value_ipv4 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
838 /* FIXME: Somewhat more readable format ? */
839 guint32 value32 = tvb_get_ntoh24(tvb, 0);
840 proto_item_set_text(ti, "Value: %d", value32);
844 int dissect_aim_tlv_value_uint32 (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
845 guint32 value32 = tvb_get_ntoh24(tvb, 0);
846 proto_item_set_text(ti, "Value: %d", value32);
850 int dissect_aim_tlv_value_messageblock (proto_item *ti, guint16 valueid _U_, tvbuff_t *tvb){
857 /* Setup a new subtree */
858 entry = proto_item_add_subtree(ti, ett_aim_messageblock);
860 /* Features descriptor */
861 proto_tree_add_item(entry, hf_aim_messageblock_featuresdes, tvb, offset, 2,
865 /* Features Length */
866 featurelen = tvb_get_ntohs(tvb, offset);
867 proto_tree_add_item(entry, hf_aim_messageblock_featureslen, tvb, offset, 2,
871 /* Features (should be expanded further @@@@@@@ ) */
872 proto_tree_add_item(entry, hf_aim_messageblock_features, tvb, offset,
874 offset += featurelen;
876 /* There can be multiple messages in this message block */
877 while (tvb_length_remaining(tvb, offset) > 0) {
879 proto_tree_add_item(entry, hf_aim_messageblock_info, tvb, offset, 2,
883 /* Block length (includes charset and charsubset) */
884 blocklen = tvb_get_ntohs(tvb, offset);
885 proto_tree_add_item(entry, hf_aim_messageblock_len, tvb, offset, 2,
890 proto_tree_add_item(entry, hf_aim_messageblock_charset, tvb, offset, 2,
894 /* Character subset */
895 proto_tree_add_item(entry, hf_aim_messageblock_charsubset, tvb, offset, 2,
899 /* The actual message */
900 buf = tvb_get_string(tvb, offset, blocklen - 4 );
901 proto_item_set_text(ti, "Message: %s",
902 format_text(buf, blocklen - 4));
903 proto_tree_add_item(entry, hf_aim_messageblock_message, tvb, offset,
906 offset += tvb_length_remaining(tvb, offset);
913 /* Dissect a TLV value */
914 int dissect_aim_tlv(tvbuff_t *tvb, packet_info *pinfo _U_,
915 int offset, proto_tree *tree, const aim_tlv *tlv)
922 proto_tree *tlv_tree;
925 /* Record the starting offset so we can reuse it at the second pass */
926 orig_offset = offset;
928 /* Get the value ID */
929 valueid = tvb_get_ntohs(tvb, offset);
932 /* Figure out which entry applies from the tlv list */
934 while (tmp[i].valueid) {
935 if (tmp[i].valueid == valueid) {
936 /* We found a match */
942 /* At this point, we are either pointing at the correct record, or
943 we didn't find the record, and are pointing at the last item in the
946 length = tvb_get_ntohs(tvb, offset);
951 offset = orig_offset;
953 ti1 = proto_tree_add_text(tree, tvb, offset, length + 4, "TLV: %s", tmp[i].desc);
955 tlv_tree = proto_item_add_subtree(ti1, ett_aim_tlv);
957 proto_tree_add_text(tlv_tree, tvb, offset, 2,
958 "Value ID: %s (0x%04x)", tmp[i].desc, valueid);
961 proto_tree_add_text(tlv_tree, tvb, offset, 2,
962 "Length: %d", length);
965 ti1 = proto_tree_add_text(tlv_tree, tvb, offset, length,
968 if (tmp[i].dissector) {
969 tmp[i].dissector(ti1, valueid, tvb_new_subset(tvb, offset, length, length));
975 /* Return the new length */
979 int dissect_aim_tlv_list(tvbuff_t *tvb, packet_info *pinfo _U_,
980 int offset, proto_tree *tree, const aim_tlv *tlv_table)
982 guint16 i, tlv_count = tvb_get_ntohs(tvb, offset);
984 proto_tree_add_item(tree, hf_aim_tlvcount, tvb, offset, 2, FALSE);
987 for(i = 0; i < tlv_count; i++) {
988 offset = dissect_aim_tlv(tvb, pinfo, offset, tree, tlv_table);
993 /* Register the protocol with Ethereal */
995 proto_register_aim(void)
998 /* Setup list of header fields */
999 static hf_register_info hf[] = {
1000 { &hf_aim_cmd_start,
1001 { "Command Start", "aim.cmd_start", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }
1004 { "Channel ID", "aim.channel", FT_UINT8, BASE_HEX, VALS(aim_flap_channels), 0x0, "", HFILL }
1007 { "Sequence Number", "aim.seqno", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1009 { &hf_aim_authcookie,
1010 { "Authentication Cookie", "aim.authcookie", FT_BYTES, BASE_DEC, NULL, 0x0, "", HFILL },
1013 { "Data Field Length", "aim.datalen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1016 { "Data", "aim.data", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }
1018 { &hf_aim_signon_challenge_len,
1019 { "Signon challenge length", "aim.signon.challengelen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
1021 { &hf_aim_signon_challenge,
1022 { "Signon challenge", "aim.signon.challenge", FT_STRING, BASE_HEX, NULL, 0x0, "", HFILL }
1024 { &hf_aim_fnac_family,
1025 { "FNAC Family ID", "aim.fnac.family", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1027 { &hf_aim_fnac_subtype,
1028 { "FNAC Subtype ID", "aim.fnac.subtype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1030 { &hf_aim_fnac_flags,
1031 { "FNAC Flags", "aim.fnac.flags", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1034 { "FNAC ID", "aim.fnac.id", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }
1037 { "Infotype", "aim.infotype", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }
1039 { &hf_aim_buddyname_len,
1040 { "Buddyname len", "aim.buddynamelen", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
1042 { &hf_aim_buddyname,
1043 { "Buddy Name", "aim.buddyname", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }
1046 { "TLV Count", "aim.tlvcount", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1048 { &hf_aim_snac_error,
1049 { "SNAC Error", "aim.snac.error", FT_UINT16,
1050 BASE_HEX, VALS(aim_snac_errors), 0x0, "", HFILL },
1052 { &hf_aim_userclass_unconfirmed,
1053 { "AOL Unconfirmed user flag", "aim.userclass.unconfirmed", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNCONFIRMED, "", HFILL },
1055 { &hf_aim_userclass_administrator,
1056 { "AOL Administrator flag", "aim.userclass.administrator", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_ADMINISTRATOR, "", HFILL },
1058 { &hf_aim_userclass_aol,
1059 { "AOL Staff User Flag", "aim.userclass.staff", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_AOL, "", HFILL },
1061 { &hf_aim_userclass_commercial,
1062 { "AOL commercial account flag", "aim.userclass.commercial", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_COMMERCIAL, "", HFILL },
1064 { &hf_aim_userclass_free,
1065 { "ICQ non-commercial account flag", "aim.userclass.noncommercial", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_FREE, "", HFILL },
1067 { &hf_aim_userclass_away,
1068 { "AOL away status flag", "aim.userclass.away", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_AWAY, "", HFILL },
1070 { &hf_aim_userclass_icq,
1071 { "ICQ user sign", "aim.userclass.icq", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_ICQ, "", HFILL },
1073 { &hf_aim_userclass_wireless,
1074 { "AOL wireless user", "aim.userclass.wireless", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_WIRELESS, "", HFILL },
1076 { &hf_aim_userclass_unknown100,
1077 { "Unknown bit", "aim.userclass.unknown100", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN100, "", HFILL },
1079 { &hf_aim_userclass_unknown200,
1080 { "Unknown bit", "aim.userclass.unknown200", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN200, "", HFILL },
1082 { &hf_aim_userclass_unknown400,
1083 { "Unknown bit", "aim.userclass.unknown400", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN400, "", HFILL },
1085 { &hf_aim_userclass_unknown800,
1086 { "Unknown bit", "aim.userclass.unknown800", FT_BOOLEAN, 32, TFS(&flags_set_truth), CLASS_UNKNOWN800, "", HFILL },
1088 { &hf_aim_userinfo_warninglevel,
1089 { "Warning Level", "aim.userinfo.warninglevel", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1091 { &hf_aim_messageblock_featuresdes,
1092 { "Features", "aim.messageblock.featuresdes", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1094 { &hf_aim_messageblock_featureslen,
1095 { "Features Length", "aim.messageblock.featureslen", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1097 { &hf_aim_messageblock_features,
1098 { "Features", "aim.messageblock.features", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL },
1100 { &hf_aim_messageblock_info,
1101 { "Block info", "aim.messageblock.info", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1103 { &hf_aim_messageblock_len,
1104 { "Block length", "aim.messageblock.length", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
1106 { &hf_aim_messageblock_charset,
1107 { "Block Character set", "aim.messageblock.charset", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1109 { &hf_aim_messageblock_charsubset,
1110 { "Block Character subset", "aim.messageblock.charsubset", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL },
1112 { &hf_aim_messageblock_message,
1113 { "Message", "aim.messageblock.message", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL },
1117 /* Setup protocol subtree array */
1118 static gint *ett[] = {
1124 &ett_aim_messageblock
1126 module_t *aim_module;
1128 /* Register the protocol name and description */
1129 proto_aim = proto_register_protocol("AOL Instant Messenger", "AIM", "aim");
1131 /* Required function calls to register the header fields and subtrees used */
1132 proto_register_field_array(proto_aim, hf, array_length(hf));
1133 proto_register_subtree_array(ett, array_length(ett));
1135 aim_module = prefs_register_protocol(proto_aim, NULL);
1136 prefs_register_bool_preference(aim_module, "desegment",
1137 "Desegment all AIM messages spanning multiple TCP segments",
1138 "Whether the AIM dissector should desegment all messages spanning multiple TCP segments",
1141 subdissector_table = register_dissector_table("aim.family",
1142 "Family ID", FT_UINT16, BASE_HEX);
1146 proto_reg_handoff_aim(void)
1148 dissector_handle_t aim_handle;
1150 aim_handle = new_create_dissector_handle(dissect_aim, proto_aim);
1151 dissector_add("tcp.port", TCP_PORT_AIM, aim_handle);