2 * Routines for unix rlogin packet dissection
3 * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
5 * $Id: packet-rlogin.c,v 1.26 2002/01/24 09:20:51 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * Based upon RFC-1282 - BSD Rlogin
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 # include <sys/types.h>
36 #ifdef HAVE_NETINET_IN_H
37 # include <netinet/in.h>
44 #include <epan/packet.h>
45 #include <epan/conversation.h>
47 #include "packet-tcp.h"
49 #define TCP_PORT_RLOGIN 513
51 static int proto_rlogin = -1;
53 static int ett_rlogin = -1;
54 static int ett_rlogin_window = -1;
55 static int ett_rlogin_user_info = -1;
56 static int ett_rlogin_window_rows = -1;
57 static int ett_rlogin_window_cols = -1;
58 static int ett_rlogin_window_x_pixels = -1;
59 static int ett_rlogin_window_y_pixels = -1;
61 static int hf_user_info = -1;
62 static int hf_window_info = -1;
63 static int hf_window_info_rows = -1;
64 static int hf_window_info_cols = -1;
65 static int hf_window_info_x_pixels = -1;
66 static int hf_window_info_y_pixels = -1;
68 #define RLOGIN_PORT 513
74 guint32 info_framenum;
77 } rlogin_hash_entry_t;
80 #define USER_INFO_WAIT 1
84 static GMemChunk *rlogin_vals = NULL;
86 #define rlogin_hash_init_count 20
88 static guint32 last_abs_sec = 0;
89 static guint32 last_abs_usec= 0;
95 /* Routine to initialize rlogin protocol before each capture or filter pass. */
96 /* Release any memory if needed. Then setup the memory chunks. */
102 g_mem_chunk_destroy(rlogin_vals);
104 rlogin_vals = g_mem_chunk_new("rlogin_vals",
105 sizeof( rlogin_hash_entry_t),
106 rlogin_hash_init_count * sizeof( rlogin_hash_entry_t),
111 /**************** Decoder State Machine ******************/
114 rlogin_state_machine( rlogin_hash_entry_t *hash_info, tvbuff_t *tvb,
120 /* rlogin stream decoder */
121 /* Just watched for second packet from client with the user name and */
122 /* terminal type information. */
125 if ( pinfo->destport != RLOGIN_PORT) /* not from client */
127 /* exit if not needed */
128 if (( hash_info->state == DONE) || ( hash_info->state == BAD))
132 if (( last_abs_sec > pinfo->fd->abs_secs) ||
133 (( last_abs_sec == pinfo->fd->abs_secs) &&
134 ( last_abs_usec >= pinfo->fd->abs_usecs)))
137 last_abs_sec = pinfo->fd->abs_secs; /* save timestamp */
138 last_abs_usec = pinfo->fd->abs_usecs;
140 length = tvb_length(tvb);
141 if ( length == 0) /* exit if no data */
144 if ( hash_info->state == NONE){ /* new connection*/
145 if (tvb_get_guint8(tvb, 0) != '\0') {
147 * We expected a NUL, but didn't get one; quit.
149 hash_info->state = DONE;
153 if (length <= 1) /* if no data */
154 hash_info->state = USER_INFO_WAIT;
156 hash_info->state = DONE;
157 hash_info->info_framenum = pinfo->fd->num;
160 } /* expect user data here */
161 /*$$$ may need to do more checking here */
162 else if ( hash_info->state == USER_INFO_WAIT) {
163 hash_info->state = DONE;
164 hash_info->info_framenum = pinfo->fd->num;
165 /* save name for later*/
166 stringlen = tvb_strnlen(tvb, 0, NAME_LEN);
168 stringlen = NAME_LEN - 1; /* no '\0' found */
169 else if (stringlen > NAME_LEN - 1)
170 stringlen = NAME_LEN - 1; /* name too long */
171 tvb_memcpy(tvb, (guint8 *)hash_info->name, 0, stringlen);
172 hash_info->name[stringlen] = '\0';
174 if (check_col(pinfo->cinfo, COL_INFO)) /* update summary */
175 col_append_str(pinfo->cinfo, COL_INFO,
176 ", User information");
180 static void rlogin_display( rlogin_hash_entry_t *hash_info, tvbuff_t *tvb,
181 packet_info *pinfo, proto_tree *tree, struct tcpinfo *tcpinfo)
183 /* Display the proto tree */
185 proto_tree *rlogin_tree, *user_info_tree, *window_tree;
190 proto_item *user_info_item, *window_info_item;
192 ti = proto_tree_add_item( tree, proto_rlogin, tvb, 0, -1, FALSE);
194 rlogin_tree = proto_item_add_subtree(ti, ett_rlogin);
196 length = tvb_length(tvb);
197 if ( length == 0) /* exit if no captured data */
201 * XXX - this works only if the urgent pointer points to something
202 * in this segment; to make it work if the urgent pointer points
203 * to something past this segment, we'd have to remember the urgent
204 * pointer setting for this conversation.
206 if ( tcpinfo->urgent && /* if urgent pointer set */
207 length >= tcpinfo->urgent_pointer) { /* and it's in this frame */
209 int urgent_offset = tcpinfo->urgent_pointer - 1;
210 guint8 Temp = tvb_get_guint8(tvb, urgent_offset);
212 if (urgent_offset > offset) /* check for data in front */
213 proto_tree_add_text( rlogin_tree, tvb, offset,
214 urgent_offset, "Data");
216 proto_tree_add_text( rlogin_tree, tvb, urgent_offset, 1,
217 "Control byte: %u (%s)",
219 (Temp == 0x02) ? "Clear buffer" :
220 (Temp == 0x10) ? "Raw mode" :
221 (Temp == 0x20) ? "Cooked mode" :
222 (Temp == 0x80) ? "Window size request" :
224 offset = urgent_offset + 1; /* adjust offset */
226 else if ( tvb_get_guint8(tvb, offset) == '\0'){ /* startup */
227 if ( pinfo->srcport== RLOGIN_PORT) /* from server */
228 proto_tree_add_text(rlogin_tree, tvb, offset, 1,
229 "Startup info received flag (0x00)");
232 proto_tree_add_text(rlogin_tree, tvb, offset, 1,
233 "Client Startup Flag (0x00)");
237 if (!tvb_offset_exists(tvb, offset))
238 return; /* No more data to check */
240 if ( hash_info->info_framenum == pinfo->fd->num){
242 * First frame of conversation, hence user info?
244 user_info_item = proto_tree_add_item( rlogin_tree, hf_user_info, tvb,
248 * Do server user name.
250 str_len = tvb_strsize(tvb, offset);
251 user_info_tree = proto_item_add_subtree( user_info_item,
252 ett_rlogin_user_info);
253 proto_tree_add_text(user_info_tree, tvb, offset, str_len,
254 "Server User Name: %.*s", str_len - 1,
255 tvb_get_ptr(tvb, offset, str_len - 1));
259 * Do client user name.
261 str_len = tvb_strsize(tvb, offset);
262 proto_tree_add_text(user_info_tree, tvb, offset, str_len,
263 "Client User Name: %.*s", str_len - 1,
264 tvb_get_ptr(tvb, offset, str_len - 1));
268 * Do terminal type/speed.
270 str_len = tvb_strsize(tvb, offset);
271 proto_tree_add_text(user_info_tree, tvb, offset, str_len,
272 "Terminal Type/Speed: %.*s", str_len - 1,
273 tvb_get_ptr(tvb, offset, str_len - 1));
277 if (!tvb_offset_exists(tvb, offset))
278 return; /* No more data to check */
280 /* test for terminal information, the data will have 2 0xff bytes */
282 /* look for first 0xff byte */
283 ti_offset = tvb_find_guint8(tvb, offset, -1, 0xff);
285 if (ti_offset != -1 &&
286 tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
287 tvb_get_guint8(tvb, ti_offset + 1) == 0xff) {
289 * Found terminal info.
291 if (ti_offset > offset) {
293 * There's data before the terminal info.
295 proto_tree_add_text( rlogin_tree, tvb, offset,
296 (ti_offset - offset), "Data");
300 window_info_item = proto_tree_add_item(rlogin_tree,
301 hf_window_info, tvb, offset, 12, FALSE );
303 window_tree = proto_item_add_subtree(window_info_item,
306 proto_tree_add_text(window_tree, tvb, offset, 2,
307 "Magic Cookie: (0xff, 0xff)");
310 proto_tree_add_text(window_tree, tvb, offset, 2,
311 "Window size marker: 'ss'");
314 proto_tree_add_item(window_tree, hf_window_info_rows, tvb,
318 proto_tree_add_item(window_tree, hf_window_info_cols, tvb,
322 proto_tree_add_item(window_tree, hf_window_info_x_pixels, tvb,
326 proto_tree_add_item(window_tree, hf_window_info_y_pixels, tvb,
331 if (tvb_offset_exists(tvb, offset)) {
333 * There's more data in the frame.
335 proto_tree_add_text(rlogin_tree, tvb, offset, -1, "Data");
340 dissect_rlogin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
342 struct tcpinfo *tcpinfo = pinfo->private_data;
343 conversation_t *conversation;
344 rlogin_hash_entry_t *hash_info;
348 /* Lookup this connection*/
349 conversation = find_conversation( &pinfo->src, &pinfo->dst,
350 pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
352 if ( !conversation) {
353 conversation = conversation_new( &pinfo->src, &pinfo->dst,
354 pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
356 hash_info = conversation_get_proto_data(conversation, proto_rlogin);
358 hash_info = g_mem_chunk_alloc(rlogin_vals);
359 hash_info->state = NONE;
360 hash_info->info_framenum = 0; /* no frame has the number 0 */
361 hash_info->name[ 0] = 0;
362 conversation_add_proto_data(conversation, proto_rlogin,
366 if (check_col(pinfo->cinfo, COL_PROTOCOL)) /* update protocol */
367 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Rlogin");
369 if (check_col(pinfo->cinfo, COL_INFO)){ /* display packet info*/
373 col_clear(pinfo->cinfo, COL_INFO);
374 if ( hash_info->name[0]) {
375 strcpy( temp, "User name: ");
376 strcat( temp, hash_info->name);
382 length = tvb_length(tvb);
384 if ( tvb_get_guint8(tvb, 0) == '\0')
385 strcat( temp, "Start Handshake");
386 else if ( tcpinfo->urgent &&
387 length >= tcpinfo->urgent_pointer )
388 strcat( temp, "Control Message");
390 else { /* check for terminal info */
391 ti_offset = tvb_find_guint8(tvb, 0, -1, 0xff);
392 if (ti_offset != -1 &&
393 tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
394 tvb_get_guint8(tvb, ti_offset + 1) == 0xff)
395 strcat( temp, "Terminal Info");
400 strcat( temp, "Data: ");
402 bytes_to_copy = tvb_length(tvb);
403 if (bytes_to_copy > 128)
405 tvb_memcpy(tvb, (guint8 *)&temp[i], 0,
407 temp[i + bytes_to_copy] = '\0';
412 col_add_str(pinfo->cinfo, COL_INFO, temp);
415 rlogin_state_machine( hash_info, tvb, pinfo);
417 if ( tree) /* if proto tree, decode data */
418 rlogin_display( hash_info, tvb, pinfo, tree, tcpinfo);
423 proto_register_rlogin( void){
425 /* Prep the rlogin protocol, for now, just register it */
427 static gint *ett[] = {
430 &ett_rlogin_window_rows,
431 &ett_rlogin_window_cols,
432 &ett_rlogin_window_x_pixels,
433 &ett_rlogin_window_y_pixels,
434 &ett_rlogin_user_info
437 static hf_register_info hf[] = {
440 { "User Info", "rlogin.user_info", FT_NONE, BASE_NONE,
445 { "Window Info", "rlogin.window_size", FT_NONE, BASE_NONE,
449 { &hf_window_info_rows,
450 { "Rows", "rlogin.window_size.rows", FT_UINT16, BASE_DEC,
454 { &hf_window_info_cols,
455 { "Columns", "rlogin.window_size.cols", FT_UINT16, BASE_DEC,
459 { &hf_window_info_x_pixels,
460 { "X Pixels", "rlogin.window_size.x_pixels", FT_UINT16, BASE_DEC,
464 { &hf_window_info_y_pixels,
465 { "Y Pixels", "rlogin.window_size.y_pixels", FT_UINT16, BASE_DEC,
471 proto_rlogin = proto_register_protocol (
472 "Rlogin Protocol", "Rlogin", "rlogin");
474 proto_register_field_array(proto_rlogin, hf, array_length(hf));
475 proto_register_subtree_array(ett, array_length(ett));
477 register_init_routine( &rlogin_init); /* register re-init routine */
481 proto_reg_handoff_rlogin(void) {
483 /* dissector install routine */
485 dissector_handle_t rlogin_handle;
487 rlogin_handle = create_dissector_handle(dissect_rlogin, proto_rlogin);
488 dissector_add("tcp.port", TCP_PORT_RLOGIN, rlogin_handle);