packet-ftp.c

   1 /* packet-ftp.c
   2  * Routines for ftp packet dissection
   3  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
   4  * Copyright 2001, Juan Toledo <toledo@users.sourceforge.net> (Passive FTP)
   5  *
   6  * $Id: packet-ftp.c,v 1.30 2001/06/18 02:17:46 guy Exp $
   7  *
   8  * Ethereal - Network traffic analyzer
   9  * By Gerald Combs <gerald@ethereal.com>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  * Copied from packet-pop.c
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  27  */
  28
  29 #ifdef HAVE_CONFIG_H
  30 # include "config.h"
  31 #endif
  32
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35
  36 #ifdef HAVE_SYS_TYPES_H
  37 # include <sys/types.h>
  38 #endif
  39
  40 #ifdef HAVE_NETINET_IN_H
  41 # include <netinet/in.h>
  42 #endif
  43
  44 #include <string.h>
  45 #include <glib.h>
  46 #include "packet.h"
  47 #include "strutil.h"
  48 #include "conversation.h"
  49
  50 static int proto_ftp = -1;
  51 static int proto_ftp_data = -1;
  52 static int hf_ftp_response = -1;
  53 static int hf_ftp_request = -1;
  54 static int hf_ftp_request_command = -1;
  55 static int hf_ftp_request_data = -1;
  56 static int hf_ftp_response_code = -1;
  57 static int hf_ftp_response_data = -1;
  58
  59 static gint ett_ftp = -1;
  60 static gint ett_ftp_data = -1;
  61
  62 #define TCP_PORT_FTPDATA                20
  63 #define TCP_PORT_FTP                    21
  64
  65 static void
  66 dissect_ftpdata(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
  67
  68 static void
  69 dissect_ftp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
  70 {
  71         gboolean        is_request;
  72         proto_tree      *ftp_tree;
  73         proto_item      *ti;
  74         gint            offset = 0;
  75         const u_char    *line;
  76         guint16         passive_port = 0;
  77         gint            next_offset;
  78         int             linelen;
  79         int             tokenlen;
  80         const u_char    *next_token;
  81
  82         if (pinfo->match_port == pinfo->destport)
  83                 is_request = TRUE;
  84         else
  85                 is_request = FALSE;
  86
  87         if (check_col(pinfo->fd, COL_PROTOCOL))
  88                 col_set_str(pinfo->fd, COL_PROTOCOL, "FTP");
  89
  90         /*
  91          * Find the end of the first line.
  92          *
  93          * Note that "tvb_find_line_end()" will return a value that is
  94          * not longer than what's in the buffer, so the "tvb_get_ptr()"
  95          * call won't throw an exception.
  96          */
  97         linelen = tvb_find_line_end(tvb, offset, -1, &next_offset);
  98         line = tvb_get_ptr(tvb, offset, linelen);
  99
 100         if (check_col(pinfo->fd, COL_INFO)) {
 101                 /*
 102                  * Put the first line from the buffer into the summary
 103                  * (but leave out the line terminator).
 104                  */
 105                 col_add_fstr(pinfo->fd, COL_INFO, "%s: %s",
 106                     is_request ? "Request" : "Response",
 107                     format_text(line, linelen));
 108         }
 109
 110         /*
 111          * Check for passive ftp response. Such response is in the form
 112          * 227 some_text (a,b,c,d,p1,p2) , where a.b.c.d is the IP address
 113          * of the server, and p1, p2 are the hi and low bytes of the tcp
 114          * port the server will open for the client to connect to.
 115          */
 116         tokenlen = get_token_len(line, line + linelen, &next_token);
 117         if (tokenlen!=0 && !strcmp ("227", format_text (line, tokenlen)))
 118           {
 119                 u_char          *token;
 120                 gint            hi_byte;
 121                 gint            low_byte;
 122                 guint8          i;
 123
 124                 strtok (format_text(line, linelen), "(,)");
 125                 for (i = 1; i <= 4; i++)
 126                   strtok (NULL, "(,)");
 127
 128                 if ( (token = strtok (NULL, "(,)")) && sscanf (token, "%d", &hi_byte)
 129                   && (token = strtok (NULL, "(,)")) && sscanf (token, "%d", &low_byte) )
 130                   passive_port = hi_byte * 256 + low_byte;
 131           }
 132
 133         /*
 134          * If a passive response has been found and a conversation,
 135          * was not registered already, register the new conversation
 136          * and dissector
 137          */
 138         if (passive_port && !find_conversation(&pinfo->src, &pinfo->dst, PT_TCP,
 139                                                passive_port, 0, NO_PORT_B))
 140           {
 141                 conversation_t  *conversation;
 142
 143                 conversation = conversation_new(&pinfo->src, &pinfo->dst, PT_TCP,
 144                                                   passive_port, 0, NULL,
 145                                                   NO_PORT2);
 146                 conversation_set_dissector(conversation, dissect_ftpdata);
 147
 148           }
 149
 150         if (tree) {
 151                 ti = proto_tree_add_item(tree, proto_ftp, tvb, offset,
 152                     tvb_length_remaining(tvb, offset), FALSE);
 153                 ftp_tree = proto_item_add_subtree(ti, ett_ftp);
 154
 155                 if (is_request) {
 156                         proto_tree_add_boolean_hidden(ftp_tree,
 157                             hf_ftp_request, tvb, 0, 0, TRUE);
 158                         proto_tree_add_boolean_hidden(ftp_tree,
 159                             hf_ftp_response, tvb, 0, 0, FALSE);
 160                 } else {
 161                         proto_tree_add_boolean_hidden(ftp_tree,
 162                             hf_ftp_request, tvb, 0, 0, FALSE);
 163                         proto_tree_add_boolean_hidden(ftp_tree,
 164                             hf_ftp_response, tvb, 0, 0, TRUE);
 165                 }
 166
 167                 /*
 168                  * Extract the first token, and, if there is a first
 169                  * token, add it as the request or reply code.
 170                  */
 171                 tokenlen = get_token_len(line, line + linelen, &next_token);
 172                 if (tokenlen != 0) {
 173                         if (is_request) {
 174                                 proto_tree_add_string_format(ftp_tree,
 175                                     hf_ftp_request_command, tvb, offset,
 176                                     tokenlen, line, "Request: %s",
 177                                     format_text(line, tokenlen));
 178                         } else {
 179                                 proto_tree_add_uint_format(ftp_tree,
 180                                     hf_ftp_response_code, tvb, offset,
 181                                     tokenlen, atoi(line), "Response: %s",
 182                                     format_text(line, tokenlen));
 183                         }
 184                         offset += next_token - line;
 185                         linelen -= next_token - line;
 186                         line = next_token;
 187                 }
 188
 189                 /*
 190                  * Add the rest of the first line as request or
 191                  * reply data.
 192                  */
 193                 if (linelen != 0) {
 194                         if (is_request) {
 195                                 proto_tree_add_string_format(ftp_tree,
 196                                     hf_ftp_request_data, tvb, offset,
 197                                     linelen, line, "Request Arg: %s",
 198                                     format_text(line, linelen));
 199                         } else {
 200                                 proto_tree_add_string_format(ftp_tree,
 201                                     hf_ftp_response_data, tvb, offset,
 202                                     linelen, line, "Response Arg: %s",
 203                                     format_text(line, linelen));
 204                         }
 205                 }
 206                 offset = next_offset;
 207
 208                 /*
 209                  * Show the rest of the request or response as text,
 210                  * a line at a time.
 211                  */
 212                 while (tvb_offset_exists(tvb, offset)) {
 213                         /*
 214                          * Find the end of the line.
 215                          */
 216                         linelen = tvb_find_line_end(tvb, offset, -1,
 217                             &next_offset);
 218
 219                         /*
 220                          * Put this line.
 221                          */
 222                         proto_tree_add_text(ftp_tree, tvb, offset,
 223                             next_offset - offset, "%s",
 224                             tvb_format_text(tvb, offset, next_offset - offset));
 225                         offset = next_offset;
 226                 }
 227         }
 228 }
 229
 230 static void
 231 dissect_ftpdata(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 232 {
 233         proto_tree      *ti, *ftp_data_tree;
 234         int             data_length;
 235
 236         if (check_col(pinfo->fd, COL_PROTOCOL))
 237                 col_set_str(pinfo->fd, COL_PROTOCOL, "FTP-DATA");
 238
 239         if (check_col(pinfo->fd, COL_INFO)) {
 240                 col_add_fstr(pinfo->fd, COL_INFO, "FTP Data: %u bytes",
 241                     tvb_length(tvb));
 242         }
 243
 244         if (tree) {
 245                 data_length = tvb_length(tvb);
 246
 247                 ti = proto_tree_add_item(tree, proto_ftp_data, tvb, 0,
 248                     data_length, FALSE);
 249                 ftp_data_tree = proto_item_add_subtree(ti, ett_ftp_data);
 250
 251                 /*
 252                  * XXX - if this is binary data, it'll produce
 253                  * a *really* long line.
 254                  */
 255                 proto_tree_add_text(ftp_data_tree, tvb, 0, data_length,
 256                     "FTP Data: %s", tvb_format_text(tvb, 0, data_length));
 257         }
 258 }
 259
 260 void
 261 proto_register_ftp(void)
 262 {
 263     static hf_register_info hf[] = {
 264     { &hf_ftp_response,
 265       { "Response",           "ftp.response",
 266         FT_BOOLEAN, BASE_NONE, NULL, 0x0,
 267         "TRUE if FTP response", HFILL }},
 268
 269     { &hf_ftp_request,
 270       { "Request",            "ftp.request",
 271         FT_BOOLEAN, BASE_NONE, NULL, 0x0,
 272         "TRUE if FTP request", HFILL }},
 273
 274     { &hf_ftp_request_command,
 275       { "Request command",    "ftp.request.command",
 276         FT_STRING,  BASE_NONE, NULL, 0x0,
 277         "", HFILL }},
 278
 279     { &hf_ftp_request_data,
 280       { "Request data",       "ftp.request.data",
 281         FT_STRING,  BASE_NONE, NULL, 0x0,
 282         "", HFILL }},
 283
 284     { &hf_ftp_response_code,
 285       { "Response code",      "ftp.response.code",
 286         FT_UINT8,   BASE_DEC, NULL, 0x0,
 287         "", HFILL }},
 288
 289     { &hf_ftp_response_data,
 290       { "Response data",      "ftp.reponse.data",
 291         FT_STRING,  BASE_NONE, NULL, 0x0,
 292         "", HFILL }}
 293   };
 294   static gint *ett[] = {
 295     &ett_ftp,
 296     &ett_ftp_data,
 297   };
 298
 299   proto_ftp = proto_register_protocol("File Transfer Protocol (FTP)", "FTP",
 300                                       "ftp");
 301   proto_ftp_data = proto_register_protocol("FTP Data", "FTP-DATA", "ftp-data");
 302   proto_register_field_array(proto_ftp, hf, array_length(hf));
 303   proto_register_subtree_array(ett, array_length(ett));
 304 }
 305
 306 void
 307 proto_reg_handoff_ftp(void)
 308 {
 309   dissector_add("tcp.port", TCP_PORT_FTPDATA, &dissect_ftpdata, proto_ftp_data);
 310   dissector_add("tcp.port", TCP_PORT_FTP, &dissect_ftp, proto_ftp_data);
 311 }