3 * Routine to check for RFC 1006 TPKT header and to dissect TPKT header
4 * Copyright 2000, Philips Electronics N.V.
5 * Andreas Sikkema <andreas.sikkema@philips.com>
7 * Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU
8 * Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com>
10 * $Id: packet-tpkt.c,v 1.24 2003/12/02 18:50:52 guy Exp $
12 * Ethereal - Network traffic analyzer
13 * By Gerald Combs <gerald@ethereal.com>
14 * Copyright 1998 Gerald Combs
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * as published by the Free Software Foundation; either version 2
19 * of the License, or (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #include <epan/packet.h>
41 #include "packet-tpkt.h"
42 #include "packet-frame.h"
45 /* TPKT header fields */
46 static int proto_tpkt = -1;
47 static protocol_t *proto_tpkt_ptr;
48 static int hf_tpkt_version = -1;
49 static int hf_tpkt_reserved = -1;
50 static int hf_tpkt_length = -1;
52 /* TPKT fields defining a sub tree */
53 static gint ett_tpkt = -1;
55 /* desegmentation of OSI over TPKT over TCP */
56 static gboolean tpkt_desegment = TRUE;
58 #define TCP_PORT_TPKT 102
60 /* find the dissector for OSI TP (aka COTP) */
61 static dissector_handle_t osi_tp_handle;
64 * Check whether this could be a TPKT-encapsulated PDU.
65 * Returns -1 if it's not, and the PDU length from the TPKT header
68 * "min_len" is the minimum length of the PDU; the length field in the
69 * TPKT header must be at least "4+min_len" in order for this to be a
70 * valid TPKT PDU for the protocol in question.
73 is_tpkt(tvbuff_t *tvb, int min_len)
78 * If TPKT is disabled, don't dissect it, just return -1, meaning
81 if (!proto_is_protocol_enabled(proto_tpkt_ptr))
84 /* There should at least be 4 bytes left in the frame */
85 if (!tvb_bytes_exist(tvb, 0, 4))
86 return -1; /* there aren't */
89 * The first octet should be 3 and the second one should be 0
90 * The H.323 implementers guide suggests that this might not
91 * always be the case....
93 if (!(tvb_get_guint8(tvb, 0) == 3 && tvb_get_guint8(tvb, 1) == 0))
94 return -1; /* they're not */
97 * Get the length from the TPKT header. Make sure it's large
100 pkt_len = tvb_get_ntohs(tvb, 2);
101 if (pkt_len < 4 + min_len)
102 return -1; /* it's not */
105 * Return the length from the header.
111 * Dissect TPKT-encapsulated data in a TCP stream.
114 dissect_tpkt_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
115 gboolean desegment, dissector_handle_t subdissector_handle)
117 proto_item *ti = NULL;
118 proto_tree *tpkt_tree = NULL;
119 volatile int offset = 0;
120 int length_remaining;
124 const char *saved_proto;
127 * If we're reassembling segmented TPKT PDUs, empty the COL_INFO
128 * column, so subdissectors can append information
129 * without having to worry about emptying the column.
131 * We use "col_add_str()" because the subdissector
132 * might be appending information to the column, in
133 * which case we'd have to zero the buffer out explicitly
136 if (tpkt_desegment && check_col(pinfo->cinfo, COL_INFO))
137 col_add_str(pinfo->cinfo, COL_INFO, "");
139 while (tvb_reported_length_remaining(tvb, offset) != 0) {
141 * Is the first byte of this putative TPKT header
142 * a valid TPKT version number, i.e. 3?
144 if (tvb_get_guint8(tvb, offset) != 3) {
146 * No, so don't assume this is a TPKT header;
147 * we might be in the middle of TPKT data,
148 * so don't get the length and don't try to
151 if (check_col(pinfo->cinfo, COL_PROTOCOL))
152 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
153 if (check_col(pinfo->cinfo, COL_INFO))
154 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
156 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
158 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
160 proto_tree_add_text(tpkt_tree, tvb, offset, -1,
161 "Continuation data");
166 length_remaining = tvb_length_remaining(tvb, offset);
169 * Can we do reassembly?
171 if (desegment && pinfo->can_desegment) {
173 * Yes - is the TPKT header split across segment
176 if (length_remaining < 4) {
178 * Yes. Tell the TCP dissector where
179 * the data for this message starts in
180 * the data it handed us, and how many
181 * more bytes we need, and return.
183 pinfo->desegment_offset = offset;
184 pinfo->desegment_len = 4 - length_remaining;
190 * Get the length from the TPKT header.
192 data_len = tvb_get_ntohs(tvb, offset + 2);
195 * Can we do reassembly?
197 if (desegment && pinfo->can_desegment) {
199 * Yes - is the payload split across segment
202 if (length_remaining < data_len) {
204 * Yes. Tell the TCP dissector where
205 * the data for this message starts in
206 * the data it handed us, and how many
207 * more bytes we need, and return.
209 pinfo->desegment_offset = offset;
210 pinfo->desegment_len =
211 data_len - length_remaining;
217 * Dissect the TPKT header.
218 * Save and restore "pinfo->current_proto".
220 saved_proto = pinfo->current_proto;
221 pinfo->current_proto = "TPKT";
223 if (check_col(pinfo->cinfo, COL_PROTOCOL))
224 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
226 * Don't add the TPKT header information if we're
227 * reassembling segmented TPKT PDUs or if this
228 * PDU isn't reassembled.
230 * XXX - the first is so that subdissectors can append
231 * information without getting TPKT stuff in the middle;
234 if (!tpkt_desegment && !pinfo->fragmented
235 && check_col(pinfo->cinfo, COL_INFO)) {
236 col_add_fstr(pinfo->cinfo, COL_INFO,
237 "TPKT Data length = %u", data_len);
241 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
243 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
246 proto_tree_add_item(tpkt_tree, hf_tpkt_version, tvb,
250 proto_tree_add_item(tpkt_tree, hf_tpkt_reserved, tvb,
251 offset + 1, 1, FALSE);
254 proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
255 offset + 2, 2, data_len);
257 pinfo->current_proto = saved_proto;
259 /* Skip the TPKT header. */
264 * Construct a tvbuff containing the amount of the payload
265 * we have available. Make its reported length the
266 * amount of data in this TPKT packet.
268 * XXX - if reassembly isn't enabled. the subdissector
269 * will throw a BoundsError exception, rather than a
270 * ReportedBoundsError exception. We really want
271 * a tvbuff where the length is "length", the reported
272 * length is "plen + 2", and the "if the snapshot length
273 * were infinite" length were the minimum of the
274 * reported length of the tvbuff handed to us and "plen+2",
275 * with a new type of exception thrown if the offset is
276 * within the reported length but beyond that third length,
277 * with that exception getting the "Unreassembled Packet"
280 length = length_remaining - 4;
281 if (length > data_len)
283 next_tvb = tvb_new_subset(tvb, offset, length, data_len);
286 * Call the subdissector.
288 * Catch the ReportedBoundsError exception; if this
289 * particular message happens to get a ReportedBoundsError
290 * exception, that doesn't mean that we should stop
291 * dissecting TPKT messages within this frame or chunk
292 * of reassembled data.
294 * If it gets a BoundsError, we can stop, as there's nothing
295 * more to see, so we just re-throw it.
298 call_dissector(subdissector_handle, next_tvb, pinfo,
304 CATCH(ReportedBoundsError) {
305 show_reported_bounds_error(tvb, pinfo, tree);
317 * Dissect RFC 1006 TPKT, which wraps a TPKT header around an OSI TP
321 dissect_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
323 dissect_tpkt_encap(tvb, pinfo, tree, tpkt_desegment, osi_tp_handle);
327 proto_register_tpkt(void)
329 static hf_register_info hf[] =
373 module_t *tpkt_module;
375 proto_tpkt = proto_register_protocol("TPKT", "TPKT", "tpkt");
376 proto_tpkt_ptr = find_protocol_by_id(proto_tpkt);
377 proto_register_field_array(proto_tpkt, hf, array_length(hf));
378 proto_register_subtree_array(ett, array_length(ett));
380 tpkt_module = prefs_register_protocol(proto_tpkt, NULL);
381 prefs_register_bool_preference(tpkt_module, "desegment",
382 "Desegment all TPKT messages spanning multiple TCP segments",
383 "Whether the TPKT dissector should desegment all messages spanning multiple TCP segments",
388 proto_reg_handoff_tpkt(void)
390 dissector_handle_t tpkt_handle;
392 osi_tp_handle = find_dissector("ositp");
393 tpkt_handle = create_dissector_handle(dissect_tpkt, proto_tpkt);
394 dissector_add("tcp.port", TCP_PORT_TPKT, tpkt_handle);