2 * Routines for ftp packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
4 * Copyright 2001, Juan Toledo <toledo@users.sourceforge.net> (Passive FTP)
6 * $Id: packet-ftp.c,v 1.30 2001/06/18 02:17:46 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * Copied from packet-pop.c
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #ifdef HAVE_SYS_TYPES_H
37 # include <sys/types.h>
40 #ifdef HAVE_NETINET_IN_H
41 # include <netinet/in.h>
48 #include "conversation.h"
50 static int proto_ftp = -1;
51 static int proto_ftp_data = -1;
52 static int hf_ftp_response = -1;
53 static int hf_ftp_request = -1;
54 static int hf_ftp_request_command = -1;
55 static int hf_ftp_request_data = -1;
56 static int hf_ftp_response_code = -1;
57 static int hf_ftp_response_data = -1;
59 static gint ett_ftp = -1;
60 static gint ett_ftp_data = -1;
62 #define TCP_PORT_FTPDATA 20
63 #define TCP_PORT_FTP 21
66 dissect_ftpdata(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
69 dissect_ftp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
76 guint16 passive_port = 0;
80 const u_char *next_token;
82 if (pinfo->match_port == pinfo->destport)
87 if (check_col(pinfo->fd, COL_PROTOCOL))
88 col_set_str(pinfo->fd, COL_PROTOCOL, "FTP");
91 * Find the end of the first line.
93 * Note that "tvb_find_line_end()" will return a value that is
94 * not longer than what's in the buffer, so the "tvb_get_ptr()"
95 * call won't throw an exception.
97 linelen = tvb_find_line_end(tvb, offset, -1, &next_offset);
98 line = tvb_get_ptr(tvb, offset, linelen);
100 if (check_col(pinfo->fd, COL_INFO)) {
102 * Put the first line from the buffer into the summary
103 * (but leave out the line terminator).
105 col_add_fstr(pinfo->fd, COL_INFO, "%s: %s",
106 is_request ? "Request" : "Response",
107 format_text(line, linelen));
111 * Check for passive ftp response. Such response is in the form
112 * 227 some_text (a,b,c,d,p1,p2) , where a.b.c.d is the IP address
113 * of the server, and p1, p2 are the hi and low bytes of the tcp
114 * port the server will open for the client to connect to.
116 tokenlen = get_token_len(line, line + linelen, &next_token);
117 if (tokenlen!=0 && !strcmp ("227", format_text (line, tokenlen)))
124 strtok (format_text(line, linelen), "(,)");
125 for (i = 1; i <= 4; i++)
126 strtok (NULL, "(,)");
128 if ( (token = strtok (NULL, "(,)")) && sscanf (token, "%d", &hi_byte)
129 && (token = strtok (NULL, "(,)")) && sscanf (token, "%d", &low_byte) )
130 passive_port = hi_byte * 256 + low_byte;
134 * If a passive response has been found and a conversation,
135 * was not registered already, register the new conversation
138 if (passive_port && !find_conversation(&pinfo->src, &pinfo->dst, PT_TCP,
139 passive_port, 0, NO_PORT_B))
141 conversation_t *conversation;
143 conversation = conversation_new(&pinfo->src, &pinfo->dst, PT_TCP,
144 passive_port, 0, NULL,
146 conversation_set_dissector(conversation, dissect_ftpdata);
151 ti = proto_tree_add_item(tree, proto_ftp, tvb, offset,
152 tvb_length_remaining(tvb, offset), FALSE);
153 ftp_tree = proto_item_add_subtree(ti, ett_ftp);
156 proto_tree_add_boolean_hidden(ftp_tree,
157 hf_ftp_request, tvb, 0, 0, TRUE);
158 proto_tree_add_boolean_hidden(ftp_tree,
159 hf_ftp_response, tvb, 0, 0, FALSE);
161 proto_tree_add_boolean_hidden(ftp_tree,
162 hf_ftp_request, tvb, 0, 0, FALSE);
163 proto_tree_add_boolean_hidden(ftp_tree,
164 hf_ftp_response, tvb, 0, 0, TRUE);
168 * Extract the first token, and, if there is a first
169 * token, add it as the request or reply code.
171 tokenlen = get_token_len(line, line + linelen, &next_token);
174 proto_tree_add_string_format(ftp_tree,
175 hf_ftp_request_command, tvb, offset,
176 tokenlen, line, "Request: %s",
177 format_text(line, tokenlen));
179 proto_tree_add_uint_format(ftp_tree,
180 hf_ftp_response_code, tvb, offset,
181 tokenlen, atoi(line), "Response: %s",
182 format_text(line, tokenlen));
184 offset += next_token - line;
185 linelen -= next_token - line;
190 * Add the rest of the first line as request or
195 proto_tree_add_string_format(ftp_tree,
196 hf_ftp_request_data, tvb, offset,
197 linelen, line, "Request Arg: %s",
198 format_text(line, linelen));
200 proto_tree_add_string_format(ftp_tree,
201 hf_ftp_response_data, tvb, offset,
202 linelen, line, "Response Arg: %s",
203 format_text(line, linelen));
206 offset = next_offset;
209 * Show the rest of the request or response as text,
212 while (tvb_offset_exists(tvb, offset)) {
214 * Find the end of the line.
216 linelen = tvb_find_line_end(tvb, offset, -1,
222 proto_tree_add_text(ftp_tree, tvb, offset,
223 next_offset - offset, "%s",
224 tvb_format_text(tvb, offset, next_offset - offset));
225 offset = next_offset;
231 dissect_ftpdata(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
233 proto_tree *ti, *ftp_data_tree;
236 if (check_col(pinfo->fd, COL_PROTOCOL))
237 col_set_str(pinfo->fd, COL_PROTOCOL, "FTP-DATA");
239 if (check_col(pinfo->fd, COL_INFO)) {
240 col_add_fstr(pinfo->fd, COL_INFO, "FTP Data: %u bytes",
245 data_length = tvb_length(tvb);
247 ti = proto_tree_add_item(tree, proto_ftp_data, tvb, 0,
249 ftp_data_tree = proto_item_add_subtree(ti, ett_ftp_data);
252 * XXX - if this is binary data, it'll produce
253 * a *really* long line.
255 proto_tree_add_text(ftp_data_tree, tvb, 0, data_length,
256 "FTP Data: %s", tvb_format_text(tvb, 0, data_length));
261 proto_register_ftp(void)
263 static hf_register_info hf[] = {
265 { "Response", "ftp.response",
266 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
267 "TRUE if FTP response", HFILL }},
270 { "Request", "ftp.request",
271 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
272 "TRUE if FTP request", HFILL }},
274 { &hf_ftp_request_command,
275 { "Request command", "ftp.request.command",
276 FT_STRING, BASE_NONE, NULL, 0x0,
279 { &hf_ftp_request_data,
280 { "Request data", "ftp.request.data",
281 FT_STRING, BASE_NONE, NULL, 0x0,
284 { &hf_ftp_response_code,
285 { "Response code", "ftp.response.code",
286 FT_UINT8, BASE_DEC, NULL, 0x0,
289 { &hf_ftp_response_data,
290 { "Response data", "ftp.reponse.data",
291 FT_STRING, BASE_NONE, NULL, 0x0,
294 static gint *ett[] = {
299 proto_ftp = proto_register_protocol("File Transfer Protocol (FTP)", "FTP",
301 proto_ftp_data = proto_register_protocol("FTP Data", "FTP-DATA", "ftp-data");
302 proto_register_field_array(proto_ftp, hf, array_length(hf));
303 proto_register_subtree_array(ett, array_length(ett));
307 proto_reg_handoff_ftp(void)
309 dissector_add("tcp.port", TCP_PORT_FTPDATA, &dissect_ftpdata, proto_ftp_data);
310 dissector_add("tcp.port", TCP_PORT_FTP, &dissect_ftp, proto_ftp_data);