2 * Routines for Telnet packet dissection; see RFC 854 and RFC 855
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-telnet.c,v 1.45 2004/02/25 09:31:07 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /* Telnet authentication options as per RFC2941
28 * Kerberos v5 telnet authentication as per RFC2942
38 #include <epan/packet.h>
39 #include <epan/strutil.h>
40 #include "packet-kerberos.h"
42 static int proto_telnet = -1;
43 static int hf_telnet_auth_cmd = -1;
44 static int hf_telnet_auth_name = -1;
45 static int hf_telnet_auth_type = -1;
46 static int hf_telnet_auth_mod_who = -1;
47 static int hf_telnet_auth_mod_how = -1;
48 static int hf_telnet_auth_mod_cred_fwd = -1;
49 static int hf_telnet_auth_mod_enc = -1;
50 static int hf_telnet_auth_krb5_type = -1;
52 static gint ett_telnet = -1;
53 static gint ett_telnet_subopt = -1;
54 static gint ett_status_subopt = -1;
55 static gint ett_rcte_subopt = -1;
56 static gint ett_olw_subopt = -1;
57 static gint ett_ops_subopt = -1;
58 static gint ett_crdisp_subopt = -1;
59 static gint ett_htstops_subopt = -1;
60 static gint ett_htdisp_subopt = -1;
61 static gint ett_ffdisp_subopt = -1;
62 static gint ett_vtstops_subopt = -1;
63 static gint ett_vtdisp_subopt = -1;
64 static gint ett_lfdisp_subopt = -1;
65 static gint ett_extasc_subopt = -1;
66 static gint ett_bytemacro_subopt = -1;
67 static gint ett_det_subopt = -1;
68 static gint ett_supdupout_subopt = -1;
69 static gint ett_sendloc_subopt = -1;
70 static gint ett_termtype_subopt = -1;
71 static gint ett_tacacsui_subopt = -1;
72 static gint ett_outmark_subopt = -1;
73 static gint ett_tlocnum_subopt = -1;
74 static gint ett_tn3270reg_subopt = -1;
75 static gint ett_x3pad_subopt = -1;
76 static gint ett_naws_subopt = -1;
77 static gint ett_tspeed_subopt = -1;
78 static gint ett_rfc_subopt = -1;
79 static gint ett_linemode_subopt = -1;
80 static gint ett_xdpyloc_subopt = -1;
81 static gint ett_env_subopt = -1;
82 static gint ett_auth_subopt = -1;
83 static gint ett_enc_subopt = -1;
84 static gint ett_newenv_subopt = -1;
85 static gint ett_tn3270e_subopt = -1;
86 static gint ett_xauth_subopt = -1;
87 static gint ett_charset_subopt = -1;
88 static gint ett_rsp_subopt = -1;
89 static gint ett_comport_subopt = -1;
92 /* Some defines for Telnet */
94 #define TCP_PORT_TELNET 23
119 NO_LENGTH, /* option has no data, hence no length */
120 FIXED_LENGTH, /* option always has the same length */
121 VARIABLE_LENGTH /* option is variable-length - optlen is minimum */
124 /* Member of table of IP or TCP options. */
125 typedef struct tn_opt {
126 char *name; /* name of option */
127 gint *subtree_index; /* pointer to subtree index for option */
128 tn_opt_len_type len_type; /* type of option length field */
129 int optlen; /* value length should be (minimum if VARIABLE) */
130 void (*dissect)(packet_info *pinfo, const char *, tvbuff_t *, int, int, proto_tree *);
131 /* routine to dissect option */
135 dissect_string_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
140 cmd = tvb_get_guint8(tvb, offset);
144 proto_tree_add_text(tree, tvb, offset, 1, "Here's my %s", optname);
148 proto_tree_add_text(tree, tvb, offset, len, "Value: %s",
149 tvb_format_text(tvb, offset, len));
154 proto_tree_add_text(tree, tvb, offset, 1, "Send your %s", optname);
158 proto_tree_add_text(tree, tvb, offset, len, "Extra data");
162 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
167 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
173 dissect_outmark_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
174 int len, proto_tree *tree)
177 int gs_offset, datalen;
180 cmd = tvb_get_guint8(tvb, offset);
184 proto_tree_add_text(tree, tvb, offset, 1, "ACK");
188 proto_tree_add_text(tree, tvb, offset, 1, "NAK");
192 proto_tree_add_text(tree, tvb, offset, 1, "Default");
196 proto_tree_add_text(tree, tvb, offset, 1, "Top");
200 proto_tree_add_text(tree, tvb, offset, 1, "Bottom");
204 proto_tree_add_text(tree, tvb, offset, 1, "Left");
208 proto_tree_add_text(tree, tvb, offset, 1, "Right");
212 proto_tree_add_text(tree, tvb, offset, 1, "Bogus value: %u", cmd);
219 gs_offset = tvb_find_guint8(tvb, offset, len, 29);
220 if (gs_offset == -1) {
221 /* None found - run to the end of the packet. */
222 gs_offset = offset + len;
224 datalen = gs_offset - offset;
226 proto_tree_add_text(tree, tvb, offset, datalen, "Banner: %s",
227 tvb_format_text(tvb, offset, datalen));
235 dissect_htstops_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
241 cmd = tvb_get_guint8(tvb, offset);
245 proto_tree_add_text(tree, tvb, offset, 1, "Here's my %s", optname);
251 proto_tree_add_text(tree, tvb, offset, 1, "Send your %s", optname);
257 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
262 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
267 tabval = tvb_get_guint8(tvb, offset);
271 proto_tree_add_text(tree, tvb, offset, 1,
272 "Sender wants to handle tab stops");
276 proto_tree_add_text(tree, tvb, offset, 1,
277 "Sender wants receiver to handle tab stop at %u",
285 proto_tree_add_text(tree, tvb, offset, 1,
286 "Invalid value: %u", tabval);
290 proto_tree_add_text(tree, tvb, offset, 1,
291 "Sender wants receiver to handle tab stops");
300 dissect_naws_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
301 int len _U_, proto_tree *tree)
303 proto_tree_add_text(tree, tvb, offset, 2, "Width: %u",
304 tvb_get_ntohs(tvb, offset));
306 proto_tree_add_text(tree, tvb, offset, 2, "Height: %u",
307 tvb_get_ntohs(tvb, offset));
310 /* BEGIN RFC-2217 (COM Port Control) Definitions */
312 #define TNCOMPORT_SIGNATURE 0
313 #define TNCOMPORT_SETBAUDRATE 1
314 #define TNCOMPORT_SETDATASIZE 2
315 #define TNCOMPORT_SETPARITY 3
316 #define TNCOMPORT_SETSTOPSIZE 4
317 #define TNCOMPORT_SETCONTROL 5
318 #define TNCOMPORT_NOTIFYLINESTATE 6
319 #define TNCOMPORT_NOTIFYMODEMSTATE 7
320 #define TNCOMPORT_FLOWCONTROLSUSPEND 8
321 #define TNCOMPORT_FLOWCONTROLRESUME 9
322 #define TNCOMPORT_SETLINESTATEMASK 10
323 #define TNCOMPORT_SETMODEMSTATEMASK 11
324 #define TNCOMPORT_PURGEDATA 12
326 /* END RFC-2217 (COM Port Control) Definitions */
329 dissect_comport_subopt(packet_info *pinfo _U_, const char *optname, tvbuff_t *tvb, int offset, int len,
331 {static const char *datasizes[] = {
342 static const char *parities[] = {
350 static const char *stops[] = {
356 static const char *control[] = {
357 "Output Flow Control Request",
359 "Output Flow: XON/XOFF",
360 "Output Flow: CTS/RTS",
370 "Input Flow Control Request",
372 "Input Flow: XON/XOFF",
373 "Input Flow: CTS/RTS",
378 static const char *linestate_bits[] = {
384 "Transfer Holding Register Empty",
385 "Transfer Shift Register Empty",
388 static const char *modemstate_bits[] = {
398 static const char *purges[] = {
409 cmd = tvb_get_guint8(tvb, offset);
410 isservercmd = cmd > 99;
411 cmd = (isservercmd) ? (cmd - 100) : cmd;
412 source = (isservercmd) ? "Server" : "Client";
415 case TNCOMPORT_SIGNATURE:
418 proto_tree_add_text(tree, tvb, offset, 1, "%s Requests Signature",source);
420 guint8 *sig = tvb_get_string(tvb, offset + 1, len);
421 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s Signature: %s",source, sig);
426 case TNCOMPORT_SETBAUDRATE:
429 guint32 baud = tvb_get_ntohl(tvb, offset+1);
431 proto_tree_add_text(tree, tvb, offset, 5, "%s Requests Baud Rate",source);
433 proto_tree_add_text(tree, tvb, offset, 5, "%s Baud Rate: %d",source,baud);
436 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Baud Rate Packet>",source);
440 case TNCOMPORT_SETDATASIZE:
443 guint8 datasize = tvb_get_guint8(tvb, offset+1);
444 const char *ds = (datasize > 8) ? "<invalid>" : datasizes[datasize];
445 proto_tree_add_text(tree, tvb, offset, 2, "%s Data Size: %s",source,ds);
447 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Data Size Packet>",source);
451 case TNCOMPORT_SETPARITY:
454 guint8 parity = tvb_get_guint8(tvb, offset+1);
455 const char *pr = (parity > 5) ? "<invalid>" : parities[parity];
456 proto_tree_add_text(tree, tvb, offset, 2, "%s Parity: %s",source,pr);
458 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Parity Packet>",source);
462 case TNCOMPORT_SETSTOPSIZE:
465 guint8 stop = tvb_get_guint8(tvb, offset+1);
466 const char *st = (stop > 3) ? "<invalid>" : stops[stop];
467 proto_tree_add_text(tree, tvb, offset, 2, "%s Stop: %s",source,st);
469 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Stop Packet>",source);
473 case TNCOMPORT_SETCONTROL:
476 guint8 crt = tvb_get_guint8(tvb, offset+1);
477 const char *c = (crt > 19) ? "Control: <invalid>" : control[crt];
478 proto_tree_add_text(tree, tvb, offset, 2, "%s %s",source,c);
480 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Control Packet>",source);
484 case TNCOMPORT_SETLINESTATEMASK:
485 case TNCOMPORT_NOTIFYLINESTATE:
488 const char *print_pattern = (cmd == TNCOMPORT_SETLINESTATEMASK) ?
489 "%s Set Linestate Mask: %s" : "%s Linestate: %s";
491 guint8 ls = tvb_get_guint8(tvb, offset+1);
495 for (idx = 0; idx < 8; idx++) {
498 if (print_count != 0) {
499 strcat(ls_buffer,", ");
501 strcat(ls_buffer,linestate_bits[idx]);
506 proto_tree_add_text(tree, tvb, offset, 2, print_pattern, source, ls_buffer);
508 const char *print_pattern = (cmd == TNCOMPORT_SETLINESTATEMASK) ?
509 "%s <Invalid Linestate Mask>" : "%s <Invalid Linestate Packet>";
510 proto_tree_add_text(tree, tvb, offset, 1 + len, print_pattern, source);
514 case TNCOMPORT_SETMODEMSTATEMASK:
515 case TNCOMPORT_NOTIFYMODEMSTATE:
518 const char *print_pattern = (cmd == TNCOMPORT_SETMODEMSTATEMASK) ?
519 "%s Set Modemstate Mask: %s" : "%s Modemstate: %s";
521 guint8 ms = tvb_get_guint8(tvb, offset+1);
525 for (idx = 0; idx < 8; idx++) {
528 if (print_count != 0) {
529 strcat(ms_buffer,", ");
531 strcat(ms_buffer,modemstate_bits[idx]);
536 proto_tree_add_text(tree, tvb, offset, 2, print_pattern, source, ms_buffer);
538 const char *print_pattern = (cmd == TNCOMPORT_SETMODEMSTATEMASK) ?
539 "%s <Invalid Modemstate Mask>" : "%s <Invalid Modemstate Packet>";
540 proto_tree_add_text(tree, tvb, offset, 1 + len, print_pattern, source);
544 case TNCOMPORT_FLOWCONTROLSUSPEND:
546 proto_tree_add_text(tree, tvb, offset, 1, "%s Flow Control Suspend",source);
549 case TNCOMPORT_FLOWCONTROLRESUME:
551 proto_tree_add_text(tree, tvb, offset, 1, "%s Flow Control Resume",source);
554 case TNCOMPORT_PURGEDATA:
557 guint8 purge = tvb_get_guint8(tvb, offset+1);
558 const char *p = (purge > 3) ? "<Purge invalid>" : purges[purge];
559 proto_tree_add_text(tree, tvb, offset, 2, "%s %s",source,p);
561 proto_tree_add_text(tree, tvb, offset, 1 + len, "%s <Invalid Purge Packet>",source);
566 proto_tree_add_text(tree, tvb, offset, 1, "Invalid %s subcommand %u",
571 proto_tree_add_text(tree, tvb, offset, len, "Subcommand data");
577 static const value_string rfc_opt_vals[] = {
580 { 2, "RESTART-ANY" },
581 { 3, "RESTART-XON" },
586 dissect_rfc_subopt(packet_info *pinfo _U_, const char *optname _U_, tvbuff_t *tvb, int offset,
587 int len _U_, proto_tree *tree)
591 cmd = tvb_get_guint8(tvb, offset);
592 proto_tree_add_text(tree, tvb, offset, 2, "%s",
593 val_to_str(cmd, rfc_opt_vals, "Unknown (%u)"));
599 #define TN_AC_REPLY 2
601 static const value_string auth_cmd_vals[] = {
603 { TN_AC_SEND, "SEND" },
604 { TN_AC_REPLY, "REPLY" },
605 { TN_AC_NAME, "NAME" },
617 #define TN_AT_LOKI 10
619 #define TN_AT_KEA_SJ 12
620 #define TN_AT_KEA_SJ_INTEG 13
622 #define TN_AT_NTLM 15
623 static const value_string auth_type_vals[] = {
624 { TN_AT_NULL, "NULL" },
625 { TN_AT_KRB4, "Kerberos v4" },
626 { TN_AT_KRB5, "Kerberos v5" },
627 { TN_AT_SPX, "SPX" },
628 { TN_AT_MINK, "MINK" },
629 { TN_AT_SRP, "SRP" },
630 { TN_AT_RSA, "RSA" },
631 { TN_AT_SSL, "SSL" },
632 { TN_AT_LOKI, "LOKI" },
633 { TN_AT_SSA, "SSA" },
634 { TN_AT_KEA_SJ, "KEA_SJ" },
635 { TN_AT_KEA_SJ_INTEG, "KEA_SJ_INTEG" },
636 { TN_AT_DSS, "DSS" },
637 { TN_AT_NTLM, "NTLM" },
640 static const true_false_string auth_mod_cred_fwd = {
641 "Client WILL forward auth creds",
642 "Client will NOT forward auth creds"
644 static const true_false_string auth_mod_who = {
645 "Mask server to client",
646 "Mask client to server"
648 static const true_false_string auth_mod_how = {
649 "MUTUAL authentication",
650 "One Way authentication"
652 #define TN_AM_OFF 0x00
653 #define TN_AM_USING_TELOPT 0x01
654 #define TN_AM_AFTER_EXCHANGE 0x02
655 #define TN_AM_RESERVED 0x04
656 static const value_string auth_mod_enc[] = {
657 { TN_AM_OFF, "Off" },
658 { TN_AM_USING_TELOPT, "Telnet Options" },
659 { TN_AM_AFTER_EXCHANGE, "After Exchange" },
660 { TN_AM_RESERVED, "Reserved" },
663 #define TN_KRB5_TYPE_AUTH 0
664 #define TN_KRB5_TYPE_REJECT 1
665 #define TN_KRB5_TYPE_ACCEPT 2
666 #define TN_KRB5_TYPE_RESPONSE 3
667 #define TN_KRB5_TYPE_FORWARD 4
668 #define TN_KRB5_TYPE_FORWARD_ACCEPT 5
669 #define TN_KRB5_TYPE_FORWARD_REJECT 6
670 static const value_string auth_krb5_types[] = {
671 { TN_KRB5_TYPE_AUTH, "Auth" },
672 { TN_KRB5_TYPE_REJECT, "Reject" },
673 { TN_KRB5_TYPE_ACCEPT, "Accept" },
674 { TN_KRB5_TYPE_RESPONSE, "Response" },
675 { TN_KRB5_TYPE_FORWARD, "Forward" },
676 { TN_KRB5_TYPE_FORWARD_ACCEPT, "Forward Accept" },
677 { TN_KRB5_TYPE_FORWARD_REJECT, "Forward Reject" },
681 dissect_authentication_type_pair(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, proto_tree *tree)
685 type=tvb_get_guint8(tvb, offset);
686 proto_tree_add_uint(tree, hf_telnet_auth_type, tvb, offset, 1, type);
688 mod=tvb_get_guint8(tvb, offset+1);
689 proto_tree_add_uint(tree, hf_telnet_auth_mod_enc, tvb, offset+1, 1, mod);
690 proto_tree_add_boolean(tree, hf_telnet_auth_mod_cred_fwd, tvb, offset+1, 1, mod);
691 proto_tree_add_boolean(tree, hf_telnet_auth_mod_how, tvb, offset+1, 1, mod);
692 proto_tree_add_boolean(tree, hf_telnet_auth_mod_who, tvb, offset+1, 1, mod);
695 /* no kerberos blobs are ever >10kb ? (arbitrary limit) */
696 #define MAX_KRB5_BLOB_LEN 10240
699 unescape_and_tvbuffify_telnet_option(packet_info *pinfo, tvbuff_t *tvb, int offset, int len)
707 if(len>=MAX_KRB5_BLOB_LEN)
710 spos=tvb_get_ptr(tvb, offset, len);
711 /* XXX we never g_free() this one. This is done automagically
712 when the parent tvb is destroyed?
719 if((spos[0]==0xff) && (spos[1]==0xff)){
729 krb5_tvb = tvb_new_real_data(buf, len-skip, len-skip);
730 tvb_set_child_real_data_tvbuff(tvb, krb5_tvb);
731 add_new_data_source(pinfo, krb5_tvb, "Unpacked Telnet Uption");
739 dissect_krb5_authentication_data(packet_info *pinfo, tvbuff_t *tvb, int offset, int len, proto_tree *tree, guint8 acmd)
744 dissect_authentication_type_pair(pinfo, tvb, offset, tree);
749 krb5_cmd=tvb_get_guint8(tvb, offset);
750 proto_tree_add_uint(tree, hf_telnet_auth_krb5_type, tvb, offset, 1, krb5_cmd);
755 /* IAC SB AUTHENTICATION IS <authentication-type-pair> AUTH <Kerberos V5 KRB_AP_REQ message> IAC SE */
756 if((acmd==TN_AC_IS)&&(krb5_cmd==TN_KRB5_TYPE_AUTH)){
757 krb5_tvb=unescape_and_tvbuffify_telnet_option(pinfo, tvb, offset, len);
759 dissect_kerberos_main(krb5_tvb, pinfo, tree, FALSE);
761 proto_tree_add_text(tree, tvb, offset, len, "Kerberos blob (too long to dissect - length %u > %u",
762 len, MAX_KRB5_BLOB_LEN);
767 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> ACCEPT IAC SE */
768 /* nothing more to dissect */
772 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> REJECT <optional reason for rejection> IAC SE*/
776 /* IAC SB AUTHENTICATION REPLY <authentication-type-pair> RESPONSE <KRB_AP_REP message> IAC SE */
777 if((acmd==TN_AC_REPLY)&&(krb5_cmd==TN_KRB5_TYPE_RESPONSE)){
778 krb5_tvb=unescape_and_tvbuffify_telnet_option(pinfo, tvb, offset, len);
779 dissect_kerberos_main(krb5_tvb, pinfo, tree, FALSE);
783 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD <KRB_CRED message> IAC SE */
784 /* XXX unclear what this one looks like */
787 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_ACCEPT IAC SE */
788 /* nothing more to dissect */
792 /* IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_REJECT */
793 /* nothing more to dissect */
797 dissect_authentication_subopt(packet_info *pinfo, const char *optname _U_, tvbuff_t *tvb, int offset, int len, proto_tree *tree)
802 /* XXX here we should really split it up in a conversation struct keeping
803 track of what method we actually use and not just assume it is always
806 acmd=tvb_get_guint8(tvb, offset);
807 proto_tree_add_uint(tree, hf_telnet_auth_cmd, tvb, offset, 1, acmd);
814 /* XXX here we shouldnt just assume it is krb5 */
815 dissect_krb5_authentication_data(pinfo, tvb, offset, len, tree, acmd);
819 dissect_authentication_type_pair(pinfo, tvb, offset, tree);
826 tvb_memcpy(tvb, name, offset, len);
829 strcpy(name, "<...name too long...>");
831 proto_tree_add_string(tree, hf_telnet_auth_name, tvb, offset, len, name);
836 static tn_opt options[] = {
838 "Binary Transmission", /* RFC 856 */
839 NULL, /* no suboption negotiation */
845 "Echo", /* RFC 857 */
846 NULL, /* no suboption negotiation */
852 "Reconnection", /* DOD Protocol Handbook */
859 "Suppress Go Ahead", /* RFC 858 */
860 NULL, /* no suboption negotiation */
866 "Approx Message Size Negotiation", /* Ethernet spec(!) */
873 "Status", /* RFC 859 */
877 NULL /* XXX - fill me in */
880 "Timing Mark", /* RFC 860 */
881 NULL, /* no suboption negotiation */
887 "Remote Controlled Trans and Echo", /* RFC 726 */
891 NULL /* XXX - fill me in */
894 "Output Line Width", /* DOD Protocol Handbook */
896 VARIABLE_LENGTH, /* XXX - fill me in */
897 0, /* XXX - fill me in */
898 NULL /* XXX - fill me in */
901 "Output Page Size", /* DOD Protocol Handbook */
903 VARIABLE_LENGTH, /* XXX - fill me in */
904 0, /* XXX - fill me in */
905 NULL /* XXX - fill me in */
908 "Output Carriage-Return Disposition", /* RFC 652 */
912 NULL /* XXX - fill me in */
915 "Output Horizontal Tab Stops", /* RFC 653 */
919 dissect_htstops_subopt
922 "Output Horizontal Tab Disposition", /* RFC 654 */
926 NULL /* XXX - fill me in */
929 "Output Formfeed Disposition", /* RFC 655 */
933 NULL /* XXX - fill me in */
936 "Output Vertical Tabstops", /* RFC 656 */
940 NULL /* XXX - fill me in */
943 "Output Vertical Tab Disposition", /* RFC 657 */
947 NULL /* XXX - fill me in */
950 "Output Linefeed Disposition", /* RFC 658 */
954 NULL /* XXX - fill me in */
957 "Extended ASCII", /* RFC 698 */
961 NULL /* XXX - fill me in */
964 "Logout", /* RFC 727 */
965 NULL, /* no suboption negotiation */
971 "Byte Macro", /* RFC 735 */
972 &ett_bytemacro_subopt,
975 NULL /* XXX - fill me in */
978 "Data Entry Terminal", /* RFC 732, RFC 1043 */
982 NULL /* XXX - fill me in */
985 "SUPDUP", /* RFC 734, RFC 736 */
986 NULL, /* no suboption negotiation */
992 "SUPDUP Output", /* RFC 749 */
993 &ett_supdupout_subopt,
996 NULL /* XXX - fill me in */
999 "Send Location", /* RFC 779 */
1000 &ett_sendloc_subopt,
1003 NULL /* XXX - fill me in */
1006 "Terminal Type", /* RFC 1091 */
1007 &ett_termtype_subopt,
1010 dissect_string_subopt
1013 "End of Record", /* RFC 885 */
1014 NULL, /* no suboption negotiation */
1020 "TACACS User Identification", /* RFC 927 */
1021 &ett_tacacsui_subopt,
1024 NULL /* XXX - fill me in */
1027 "Output Marking", /* RFC 933 */
1028 &ett_outmark_subopt,
1031 dissect_outmark_subopt,
1034 "Terminal Location Number", /* RFC 946 */
1035 &ett_tlocnum_subopt,
1038 NULL /* XXX - fill me in */
1041 "Telnet 3270 Regime", /* RFC 1041 */
1042 &ett_tn3270reg_subopt,
1045 NULL /* XXX - fill me in */
1048 "X.3 PAD", /* RFC 1053 */
1052 NULL /* XXX - fill me in */
1055 "Negotiate About Window Size", /* RFC 1073, DW183 */
1062 "Terminal Speed", /* RFC 1079 */
1066 NULL /* XXX - fill me in */
1069 "Remote Flow Control", /* RFC 1372 */
1076 "Linemode", /* RFC 1184 */
1077 &ett_linemode_subopt,
1080 NULL /* XXX - fill me in */
1083 "X Display Location", /* RFC 1096 */
1084 &ett_xdpyloc_subopt,
1087 dissect_string_subopt
1090 "Environment Option", /* RFC 1408, RFC 1571 */
1094 NULL /* XXX - fill me in */
1097 "Authentication Option", /* RFC 2941 */
1101 dissect_authentication_subopt
1104 "Encryption Option", /* RFC 2946 */
1108 NULL /* XXX - fill me in */
1111 "New Environment Option", /* RFC 1572 */
1115 NULL /* XXX - fill me in */
1118 "TN3270E", /* RFC 1647 */
1119 &ett_tn3270e_subopt,
1122 NULL /* XXX - fill me in */
1125 "XAUTH", /* XAUTH */
1129 NULL /* XXX - fill me in */
1132 "CHARSET", /* CHARSET */
1133 &ett_charset_subopt,
1136 NULL /* XXX - fill me in */
1139 "Remote Serial Port", /* Remote Serial Port */
1143 NULL /* XXX - fill me in */
1146 "COM Port Control", /* RFC 2217 */
1147 &ett_comport_subopt,
1150 dissect_comport_subopt
1155 #define NOPTIONS (sizeof options / sizeof options[0])
1158 telnet_sub_option(packet_info *pinfo, proto_tree *telnet_tree, tvbuff_t *tvb, int start_offset)
1160 proto_tree *ti, *option_tree;
1161 int offset = start_offset;
1168 void (*dissect)(packet_info *, const char *, tvbuff_t *, int, int, proto_tree *);
1172 offset += 2; /* skip IAC and SB */
1174 /* Get the option code */
1175 opt_byte = tvb_get_guint8(tvb, offset);
1176 if (opt_byte > NOPTIONS) {
1177 opt = "<unknown option>";
1178 ett = ett_telnet_subopt;
1181 opt = options[opt_byte].name;
1182 if (options[opt_byte].subtree_index != NULL)
1183 ett = *(options[opt_byte].subtree_index);
1185 ett = ett_telnet_subopt;
1186 dissect = options[opt_byte].dissect;
1190 /* Search for an unescaped IAC. */
1191 cur_offset = offset;
1193 len = tvb_length_remaining(tvb, offset);
1195 iac_offset = tvb_find_guint8(tvb, cur_offset, len, TN_IAC);
1197 if (iac_offset == -1) {
1198 /* None found - run to the end of the packet. */
1201 if (((guint)(iac_offset + 1) >= len) ||
1202 (tvb_get_guint8(tvb, iac_offset + 1) != TN_IAC)) {
1203 /* We really found a single IAC, so we're done */
1204 offset = iac_offset;
1207 * We saw an escaped IAC, so we have to move ahead to the
1211 cur_offset = iac_offset + 2;
1215 } while (!iac_found);
1217 subneg_len = offset - start_offset;
1219 ti = proto_tree_add_text(telnet_tree, tvb, start_offset, subneg_len,
1220 "Suboption Begin: %s", opt);
1221 option_tree = proto_item_add_subtree(ti, ett);
1222 start_offset += 3; /* skip IAC, SB, and option code */
1225 if (subneg_len > 0) {
1226 switch (options[opt_byte].len_type) {
1229 /* There isn't supposed to *be* sub-option negotiation for this. */
1230 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1231 "Bogus suboption data");
1235 /* Make sure the length is what it's supposed to be. */
1236 if (subneg_len != options[opt_byte].optlen) {
1237 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1238 "Suboption parameter length is %d, should be %d",
1239 subneg_len, options[opt_byte].optlen);
1244 case VARIABLE_LENGTH:
1245 /* Make sure the length is greater than the minimum. */
1246 if (subneg_len < options[opt_byte].optlen) {
1247 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1248 "Suboption parameter length is %d, should be at least %d",
1249 subneg_len, options[opt_byte].optlen);
1255 /* Now dissect the suboption parameters. */
1256 if (dissect != NULL) {
1257 /* We have a dissector for this suboption's parameters; call it. */
1258 (*dissect)(pinfo, opt, tvb, start_offset, subneg_len, option_tree);
1260 /* We don't have a dissector for them; just show them as data. */
1261 proto_tree_add_text(option_tree, tvb, start_offset, subneg_len,
1269 telnet_will_wont_do_dont(proto_tree *telnet_tree, tvbuff_t *tvb,
1270 int start_offset, char *type)
1272 int offset = start_offset;
1276 offset += 2; /* skip IAC and WILL,WONT,DO,DONT} */
1277 opt_byte = tvb_get_guint8(tvb, offset);
1278 if (opt_byte > NOPTIONS)
1279 opt = "<unknown option>";
1281 opt = options[opt_byte].name;
1284 proto_tree_add_text(telnet_tree, tvb, start_offset, 3,
1285 "Command: %s %s", type, opt);
1290 telnet_command(packet_info *pinfo, proto_tree *telnet_tree, tvbuff_t *tvb, int start_offset)
1292 int offset = start_offset;
1295 offset += 1; /* skip IAC */
1296 optcode = tvb_get_guint8(tvb, offset);
1301 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1302 "Command: End of File");
1306 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1307 "Command: Suspend Current Process");
1311 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1312 "Command: Abort Process");
1316 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1317 "Command: End of Record");
1321 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1322 "Command: Suboption End");
1326 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1327 "Command: No Operation");
1331 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1332 "Command: Data Mark");
1336 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1341 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1342 "Command: Interrupt Process");
1346 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1347 "Command: Abort Output");
1351 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1352 "Command: Are You There?");
1356 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1357 "Command: Escape Character");
1361 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1362 "Command: Erase Line");
1366 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1367 "Command: Go Ahead");
1371 offset = telnet_sub_option(pinfo, telnet_tree, tvb, start_offset);
1375 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1380 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1385 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1390 offset = telnet_will_wont_do_dont(telnet_tree, tvb, start_offset,
1395 proto_tree_add_text(telnet_tree, tvb, start_offset, 2,
1396 "Command: Unknown (0x%02x)", optcode);
1404 telnet_add_text(proto_tree *tree, tvbuff_t *tvb, int offset, int len)
1409 gboolean last_char_was_cr;
1411 while (len != 0 && tvb_offset_exists(tvb, offset)) {
1413 * Find the end of the line.
1415 linelen = tvb_find_line_end(tvb, offset, len, &next_offset, FALSE);
1416 len -= next_offset - offset; /* subtract out the line's characters */
1419 * In Telnet, CR NUL is the way you send a CR by itself in the
1420 * default ASCII mode; don't treat CR by itself as a line ending,
1421 * treat only CR NUL, CR LF, or LF by itself as a line ending.
1423 if (next_offset == offset + linelen + 1 && len >= 1) {
1425 * Well, we saw a one-character line ending, so either it's a CR
1426 * or an LF; we have at least two characters left, including the
1429 * If the line ending is a CR, skip all subsequent CRs; at
1430 * least one capture appeared to have multiple CRs at the end of
1433 if (tvb_get_guint8(tvb, offset + linelen) == '\r') {
1434 last_char_was_cr = TRUE;
1435 while (len != 0 && tvb_offset_exists(tvb, next_offset)) {
1436 c = tvb_get_guint8(tvb, next_offset);
1437 next_offset++; /* skip over that character */
1439 if (c == '\n' || (c == '\0' && last_char_was_cr)) {
1441 * LF is a line ending, whether preceded by CR or not.
1442 * NUL is a line ending if preceded by CR.
1446 last_char_was_cr = (c == '\r');
1452 * Now compute the length of the line *including* the end-of-line
1453 * indication, if any; we display it all.
1455 linelen = next_offset - offset;
1457 proto_tree_add_text(tree, tvb, offset, linelen,
1459 tvb_format_text(tvb, offset, linelen));
1460 offset = next_offset;
1465 dissect_telnet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1467 proto_tree *telnet_tree, *ti;
1470 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1471 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TELNET");
1473 if (check_col(pinfo->cinfo, COL_INFO))
1474 col_add_fstr(pinfo->cinfo, COL_INFO, "Telnet Data ...");
1482 ti = proto_tree_add_item(tree, proto_telnet, tvb, offset, -1, FALSE);
1483 telnet_tree = proto_item_add_subtree(ti, ett_telnet);
1486 * Scan through the buffer looking for an IAC byte.
1488 while ((len = tvb_length_remaining(tvb, offset)) > 0) {
1489 iac_offset = tvb_find_guint8(tvb, offset, len, TN_IAC);
1490 if (iac_offset != -1) {
1492 * We found an IAC byte.
1493 * If there's any data before it, add that data to the
1494 * tree, a line at a time.
1496 data_len = iac_offset - offset;
1498 telnet_add_text(telnet_tree, tvb, offset, data_len);
1501 * Now interpret the command.
1503 offset = telnet_command(pinfo, telnet_tree, tvb, iac_offset);
1507 * We found no IAC byte, so what remains in the buffer
1508 * is the last of the data in the packet.
1509 * Add it to the tree, a line at a time, and then quit.
1511 telnet_add_text(telnet_tree, tvb, offset, len);
1519 proto_register_telnet(void)
1521 static hf_register_info hf[] = {
1522 { &hf_telnet_auth_name,
1523 { "Name", "telnet.auth.name", FT_STRING, BASE_NONE,
1524 NULL, 0, "Name of user being authenticated", HFILL }},
1525 { &hf_telnet_auth_cmd,
1526 { "Auth Cmd", "telnet.auth.cmd", FT_UINT8, BASE_DEC,
1527 VALS(auth_cmd_vals), 0, "Authentication Command", HFILL }},
1528 { &hf_telnet_auth_type,
1529 { "Auth Type", "telnet.auth.type", FT_UINT8, BASE_DEC,
1530 VALS(auth_type_vals), 0, "Authentication Type", HFILL }},
1531 { &hf_telnet_auth_mod_cred_fwd,
1532 { "Cred Fwd", "telnet.auth.mod.cred_fwd", FT_BOOLEAN, 8,
1533 TFS(&auth_mod_cred_fwd), 0x08, "Modifier: Whether client will forward creds or not", HFILL }},
1534 { &hf_telnet_auth_mod_who,
1535 { "Who", "telnet.auth.mod.who", FT_BOOLEAN, 8,
1536 TFS(&auth_mod_who), 0x01, "Modifier: Who to mask", HFILL }},
1537 { &hf_telnet_auth_mod_how,
1538 { "How", "telnet.auth.mod.how", FT_BOOLEAN, 8,
1539 TFS(&auth_mod_how), 0x02, "Modifier: How to mask", HFILL }},
1540 { &hf_telnet_auth_mod_enc,
1541 { "Encrypt", "telnet.auth.mod.enc", FT_UINT8, BASE_DEC,
1542 VALS(auth_mod_enc), 0x14, "Modifier: How to enable Encryption", HFILL }},
1543 { &hf_telnet_auth_krb5_type,
1544 { "Command", "telnet.auth.krb5.cmd", FT_UINT8, BASE_DEC,
1545 VALS(auth_krb5_types), 0, "Krb5 Authentication sub-command", HFILL }},
1548 static gint *ett[] = {
1556 &ett_htstops_subopt,
1559 &ett_vtstops_subopt,
1563 &ett_bytemacro_subopt,
1565 &ett_supdupout_subopt,
1566 &ett_sendloc_subopt,
1567 &ett_termtype_subopt,
1568 &ett_tacacsui_subopt,
1569 &ett_outmark_subopt,
1570 &ett_tlocnum_subopt,
1571 &ett_tn3270reg_subopt,
1576 &ett_linemode_subopt,
1577 &ett_xdpyloc_subopt,
1582 &ett_tn3270e_subopt,
1584 &ett_charset_subopt,
1586 &ett_comport_subopt,
1589 proto_telnet = proto_register_protocol("Telnet", "TELNET", "telnet");
1590 proto_register_field_array(proto_telnet, hf, array_length(hf));
1591 proto_register_subtree_array(ett, array_length(ett));
1595 proto_reg_handoff_telnet(void)
1597 dissector_handle_t telnet_handle;
1599 telnet_handle = create_dissector_handle(dissect_telnet, proto_telnet);
1600 dissector_add("tcp.port", TCP_PORT_TELNET, telnet_handle);