3 * Routines to dissect WTP component of WAP traffic.
5 * $Id: packet-wtp.c,v 1.20 2001/10/07 08:37:28 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Didier Jorand
11 * WAP dissector based on original work by Ben Fowler
12 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
13 * WTLS support by Alexandre P. Ferreira (Splice IP)
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
57 #include "packet-wap.h"
58 #include "packet-wtp.h"
59 #include "packet-wsp.h"
61 static const true_false_string continue_truth = {
66 static const true_false_string RID_truth = {
71 static const true_false_string TIDNew_truth = {
76 static const true_false_string tid_response_truth = {
81 static const true_false_string UP_truth = {
82 "User Acknowledgement required" ,
83 "User Acknowledgement optional"
86 static const true_false_string TVETOK_truth = {
91 static const value_string vals_pdu_type[] = {
97 { 5, "Segmented Invoke" },
98 { 6, "Segmented Result" },
99 { 7, "Negative Ack" },
103 static const value_string vals_transaction_trailer[] = {
104 { 0, "Not last packet" },
105 { 1, "Last packet of message" },
106 { 2, "Last packet of group" },
107 { 3, "Re-assembly not supported" },
111 static const value_string vals_version[] = {
119 static const value_string vals_abort_type[] = {
125 static const value_string vals_abort_reason_provider[] = {
127 { 0x01, "Protocol Error" },
128 { 0x02, "Invalid TID" },
129 { 0x03, "Not Implemented Class 2" },
130 { 0x04, "Not Implemented SAR" },
131 { 0x05, "Not Implemented User Acknowledgement" },
132 { 0x06, "WTP Version Zero" },
133 { 0x07, "Capacity Temporarily Exceeded" },
134 { 0x08, "No Response" },
135 { 0x09, "Message Too Large" },
139 static const value_string vals_transaction_classes[] = {
140 { 0x00, "Unreliable Invoke without Result" },
141 { 0x01, "Reliable Invoke without Result" },
142 { 0x02, "Reliable Invoke with Reliable Result" },
146 /* File scoped variables for the protocol and registered fields */
147 static int proto_wtp = HF_EMPTY;
149 /* These fields used by fixed part of header */
150 static int hf_wtp_header_fixed_part = HF_EMPTY;
151 static int hf_wtp_header_sub_pdu_size = HF_EMPTY;
152 static int hf_wtp_header_flag_continue = HF_EMPTY;
153 static int hf_wtp_header_pdu_type = HF_EMPTY;
154 static int hf_wtp_header_flag_Trailer = HF_EMPTY;
155 static int hf_wtp_header_flag_RID = HF_EMPTY;
156 static int hf_wtp_header_flag_TID = HF_EMPTY;
157 static int hf_wtp_header_flag_TID_response = HF_EMPTY;
159 /* These fields used by Invoke packets */
160 static int hf_wtp_header_Inv_version = HF_EMPTY;
161 static int hf_wtp_header_Inv_flag_TIDNew = HF_EMPTY;
162 static int hf_wtp_header_Inv_flag_UP = HF_EMPTY;
163 static int hf_wtp_header_Inv_Reserved = HF_EMPTY;
164 static int hf_wtp_header_Inv_TransactionClass = HF_EMPTY;
167 static int hf_wtp_header_variable_part = HF_EMPTY;
168 static int hf_wtp_data = HF_EMPTY;
170 static int hf_wtp_header_Ack_flag_TVETOK = HF_EMPTY;
171 static int hf_wtp_header_Abort_type = HF_EMPTY;
172 static int hf_wtp_header_Abort_reason_provider = HF_EMPTY;
173 static int hf_wtp_header_Abort_reason_user = HF_EMPTY;
174 static int hf_wtp_header_sequence_number = HF_EMPTY;
175 static int hf_wtp_header_missing_packets = HF_EMPTY;
177 /* Initialize the subtree pointers */
178 static gint ett_wtp = ETT_EMPTY;
179 static gint ett_header = ETT_EMPTY;
181 /* Handle for WSP dissector */
182 static dissector_handle_t wsp_handle;
185 static char transaction_class(unsigned char octet);
186 static char pdu_type(unsigned char octet);
187 static char retransmission_indicator(unsigned char octet);
189 /* Code to actually dissect the packets */
191 dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
193 frame_data *fdata = pinfo->fd;
196 int offCur = 0; /* current offset from start of WTP data */
198 /* bytes at offset 0 - 3 */
200 unsigned char b0 = pd[offset + 0];
201 unsigned char b3 = pd[offset + 3];
205 /* continuation flag */
212 /* Set up structures we will need to add the protocol subtree and manage it */
214 proto_tree *wtp_tree = NULL;
215 proto_tree *wtp_header_fixed;
218 char clsTransaction = ' ';
220 int numMissing = 0; /* Number of missing packets in a negative ack */
222 tvbuff_t *wsp_tvb = NULL;
225 fprintf( stderr, "dissect_wtp: (Entering) Frame data at %p\n", fdata );
226 fprintf( stderr, "dissect_wtp: tvb length is %d\n", tvb_reported_length( tvb ) );
228 b0 = tvb_get_guint8 (tvb, offCur + 0);
229 /* Discover Concatenated PDUs */
232 wtp_tree = proto_tree_add_item(tree, proto_wtp, tvb, offCur, 1, bo_little_endian);
236 while (offCur < (int) tvb_reported_length (tvb)) {
237 b0 = tvb_get_guint8 (tvb, offCur + 0);
240 cbHeader = ((b0 & 0x7f) << 8) |
241 tvb_get_guint8 (tvb, offCur + 1);
247 proto_tree_add_item(wtp_tree, hf_wtp_header_sub_pdu_size, tvb, offCur, vHeader, bo_big_endian);
249 if (i > 1 && check_col(fdata, COL_INFO)) {
250 col_append_str (fdata, COL_INFO, ", ");
252 wsp_tvb = tvb_new_subset(tvb,
253 offCur + vHeader, -1, cbHeader);
254 dissect_wtp_common (wsp_tvb, pinfo, wtp_tree);
255 offCur += vHeader + cbHeader;
261 fRID = retransmission_indicator( b0 );
262 pdut = pdu_type( b0 );
264 /* Develop the string to put in the Info column */
265 cchInfo = snprintf( szInfo, sizeof( szInfo ), "WTP %s",
266 val_to_str(pdut, vals_pdu_type, "Unknown PDU type 0x%x"));
270 clsTransaction = transaction_class( tvb_get_guint8 (tvb, offCur + 3) );
271 snprintf( szInfo + cchInfo, sizeof( szInfo ) - cchInfo, " Class %d", clsTransaction );
274 case SEGMENTED_INVOKE:
275 case SEGMENTED_RESULT:
285 /* Varible number of missing packets */
286 numMissing = tvb_get_guint8 (tvb, offCur + 3);
287 cbHeader = numMissing + 4;
295 strcat( szInfo, " R" );
302 tByte = tvb_get_guint8(tvb, offCur + cbHeader + vHeader);
305 vHeader = vHeader + tvb_get_guint8(tvb,
306 offCur + cbHeader + vHeader + 1) + 2;
308 vHeader = vHeader + (tByte & 0x03) + 1;
313 fprintf( stderr, "dissect_wtp: cbHeader = %d\n", cbHeader );
316 /* This field shows up as the "Info" column in the display; you should make
317 it, if possible, summarize what's in the packet, so that a user looking
318 at the list of packets can tell what type of packet it is. */
319 if (check_col(fdata, COL_INFO) &&
320 tvb_reported_length (tvb) <= cbHeader + vHeader) {
322 fprintf( stderr, "dissect_wtp: (6) About to set info_col header to %s\n", szInfo );
324 col_append_str(fdata, COL_INFO, szInfo );
326 /* In the interest of speed, if "tree" is NULL, don't do any work not
327 necessary to generate protocol tree items. */
330 fprintf( stderr, "dissect_wtp: cbHeader = %d\n", cbHeader );
332 ti = proto_tree_add_item(tree, proto_wtp, tvb, offCur, cbHeader + vHeader, bo_little_endian);
334 fprintf( stderr, "dissect_wtp: (7) Returned from proto_tree_add_item\n" );
336 wtp_tree = proto_item_add_subtree(ti, ett_wtp);
338 /* Code to process the packet goes here */
341 fprintf( stderr, "dissect_wtp: cbHeader = %d\n", cbHeader );
342 fprintf( stderr, "dissect_wtp: offCur = %d\n", offCur );
343 fprintf( stderr, "dissect_wtp: About to call proto_tree_add_item with %p %d %p %d %d %d\n",
344 wtp_tree, hf_wtp_header_fixed_part, tvb, offCur, cbHeader, bo_little_endian );
345 ti = proto_tree_add_item( wtp_tree, hf_wtp_header_fixed_part, tvb, offCur, cbHeader, bo_little_endian );
346 fprintf( stderr, "dissect_wtp: (6) Returned from proto_tree_add_item\n" );
348 wtp_header_fixed = proto_item_add_subtree(
353 /* Add common items: only CON and PDU Type */
354 ti = proto_tree_add_item(
355 wtp_header_fixed, /* tree */
356 hf_wtp_header_flag_continue, /* id */
358 offCur, /* start of high light */
359 1, /* length of high light */
362 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_pdu_type, tvb, offCur, 1, bo_little_endian );
366 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_Trailer, tvb, offCur, 1, bo_little_endian );
367 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
368 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
369 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
371 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Inv_version , tvb, offCur + 3, 1, bo_little_endian );
372 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Inv_flag_TIDNew, tvb, offCur + 3, 1, bo_little_endian );
373 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Inv_flag_UP, tvb, offCur + 3, 1, bo_little_endian );
374 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Inv_Reserved, tvb, offCur + 3, 1, bo_little_endian );
375 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Inv_TransactionClass, tvb, offCur + 3, 1, bo_little_endian );
379 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_Trailer, tvb, offCur, 1, bo_little_endian );
380 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
381 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
382 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
386 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Ack_flag_TVETOK, tvb, offCur, 1, bo_big_endian );
388 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
389 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
390 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
394 abortType = tvb_get_guint8 (tvb, offCur) & 0x07;
395 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Abort_type , tvb, offCur , 1, bo_little_endian );
396 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
397 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
399 if (abortType == PROVIDER)
401 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Abort_reason_provider , tvb, offCur + 3 , 1, bo_little_endian );
403 else if (abortType == USER)
405 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_Abort_reason_user , tvb, offCur + 3 , 1, bo_little_endian );
409 case SEGMENTED_INVOKE:
410 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_Trailer, tvb, offCur, 1, bo_little_endian );
411 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
412 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
413 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
415 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_sequence_number , tvb, offCur + 3, 1, bo_little_endian );
418 case SEGMENTED_RESULT:
419 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_Trailer, tvb, offCur, 1, bo_little_endian );
420 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
421 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
422 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
424 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_sequence_number , tvb, offCur + 3, 1, bo_little_endian );
428 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_RID, tvb, offCur, 1, bo_little_endian );
429 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID_response, tvb, offCur + 1, 2, bo_big_endian );
430 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_flag_TID, tvb, offCur + 1, 2, bo_big_endian );
432 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_missing_packets , tvb, offCur + 3, 1, bo_little_endian );
433 /* Iterate through missing packets */
434 for (i=0; i<numMissing; i++)
436 ti = proto_tree_add_item( wtp_header_fixed, hf_wtp_header_sequence_number , tvb, offCur + i, 1, bo_little_endian );
445 /* There is a variable part if the Con flag is set */
446 ti = proto_tree_add_bytes_format(
448 hf_wtp_header_variable_part, /* id */
450 offCur + cbHeader, /* start */
451 vHeader, /* length */
452 "What should go here!", /* value */
453 "Header (Variable part) %02X %02X %02X %02X" , /* format */
457 /* There is no variable part */
458 }; /* End of variable part of header */
462 fprintf( stderr, "dissect_wtp: (4) tree was %p\n", tree );
466 /* Any remaining data ought to be WSP data,
467 * so hand off to the WSP dissector */
468 if (tvb_reported_length (tvb) > cbHeader + vHeader)
470 wsp_tvb = tvb_new_subset(tvb, cbHeader + vHeader, -1,
471 tvb_reported_length (tvb)-cbHeader-vHeader);
472 call_dissector(wsp_handle, wsp_tvb, pinfo, tree);
476 fprintf( stderr, "dissect_wtp: (leaving) fdata->cinfo is %p\n", fdata->cinfo );
481 * Called directly from UDP.
482 * Put "WTP+WSP" into the "Protocol" column.
485 dissect_wtp_fromudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
487 if (check_col(pinfo->fd, COL_PROTOCOL))
488 col_set_str(pinfo->fd, COL_PROTOCOL, "WTP+WSP" );
489 if (check_col(pinfo->fd, COL_INFO)) {
490 col_clear(pinfo->fd, COL_INFO);
493 dissect_wtp_common(tvb, pinfo, tree);
497 * Called from a higher-level WAP dissector, presumably WTLS.
498 * Put "WTLS+WSP+WTP" to the "Protocol" column.
500 * XXX - is this supposed to be called from WTLS? If so, we're not
503 * XXX - can this be called from any other dissector?
506 dissect_wtp_fromwap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
508 if (check_col(pinfo->fd, COL_PROTOCOL))
509 col_set_str(pinfo->fd, COL_PROTOCOL, "WTLS+WTP+WSP" );
510 if (check_col(pinfo->fd, COL_INFO)) {
511 col_clear(pinfo->fd, COL_INFO);
514 dissect_wtp_common(tvb, pinfo, tree);
517 static char pdu_type(unsigned char octet)
519 char ch = (octet >> 3) & 0x0F;
520 /* Note pdu type must not be 0x00 */
524 static char transaction_class(unsigned char octet)
526 char ch = (octet >> 0) & 0x03; /* ......XX */
530 static char retransmission_indicator(unsigned char octet)
532 switch ( pdu_type(octet) ) {
536 case SEGMENTED_INVOKE:
537 case SEGMENTED_RESULT:
539 return (octet >> 0) & 0x01; /* ......,X */
545 /* Register the protocol with Ethereal */
547 proto_register_wtp(void)
550 /* Setup list of header fields */
551 static hf_register_info hf[] = {
552 { &hf_wtp_header_fixed_part,
554 "wtp.header_fixed_part",
555 FT_BYTES, BASE_HEX, NULL, 0x0,
556 "Fixed part of the header", HFILL
559 { &hf_wtp_header_sub_pdu_size,
562 FT_BYTES, BASE_HEX, NULL, 0x0,
563 "Size of Sub-PDU", HFILL
566 { &hf_wtp_header_flag_continue,
569 FT_BOOLEAN, 8, TFS( &continue_truth ), 0x80,
570 "Continue Flag", HFILL
573 { &hf_wtp_header_pdu_type,
576 FT_UINT8, BASE_HEX, VALS( vals_pdu_type ), 0x78,
580 { &hf_wtp_header_flag_Trailer,
583 FT_UINT8, BASE_HEX, VALS( vals_transaction_trailer ), 0x06,
584 "Trailer Flags", HFILL
587 { &hf_wtp_header_flag_RID,
588 { "Re-transmission Indicator",
590 FT_BOOLEAN, 8, TFS( &RID_truth ), 0x01,
591 "Re-transmission Indicator", HFILL
594 { &hf_wtp_header_flag_TID_response,
597 FT_BOOLEAN, 16, TFS( &tid_response_truth ), 0x8000,
598 "TID Response", HFILL
601 { &hf_wtp_header_flag_TID,
604 FT_UINT16, BASE_HEX, NULL, 0x7FFF,
605 "Transaction ID", HFILL
608 { &hf_wtp_header_Inv_version,
610 "wtp.header.version",
611 FT_UINT8, BASE_HEX, VALS( vals_version ), 0xC0,
615 { &hf_wtp_header_Inv_flag_TIDNew,
618 FT_BOOLEAN, 8, TFS( &TIDNew_truth ), 0x20,
622 { &hf_wtp_header_Inv_flag_UP,
625 FT_BOOLEAN, 8, TFS( &UP_truth ), 0x10,
629 { &hf_wtp_header_Inv_Reserved,
632 FT_UINT8, BASE_HEX, NULL, 0x0C,
636 { &hf_wtp_header_Inv_TransactionClass,
637 { "Transaction Class",
638 "wtp.inv.transaction_class",
639 FT_UINT8, BASE_HEX, VALS( vals_transaction_classes ), 0x03,
640 "Transaction Class", HFILL
643 { &hf_wtp_header_Ack_flag_TVETOK,
646 FT_BOOLEAN, 8, TFS( &TVETOK_truth ), 0x04,
647 "Tve/Tok flag", HFILL
650 { &hf_wtp_header_Abort_type,
653 FT_UINT8, BASE_HEX, VALS ( vals_abort_type ), 0x07,
657 { &hf_wtp_header_Abort_reason_provider,
659 "wtp.abort.reason.provider",
660 FT_UINT8, BASE_HEX, VALS ( vals_abort_reason_provider ), 0x00,
661 "Abort Reason", HFILL
664 /* Assume WSP is the user and use its reason codes */
665 { &hf_wtp_header_Abort_reason_user,
667 "wtp.abort.reason.user",
668 FT_UINT8, BASE_HEX, VALS ( vals_wsp_reason_codes ), 0x00,
669 "Abort Reason", HFILL
672 { &hf_wtp_header_sequence_number,
673 { "Packet Sequence Number",
674 "wtp.header.sequence",
675 FT_UINT8, BASE_HEX, NULL, 0x00,
676 "Packet Sequence Number", HFILL
679 { &hf_wtp_header_missing_packets,
681 "wtp.header.missing_packets",
682 FT_UINT8, BASE_HEX, NULL, 0x00,
683 "Missing Packets", HFILL
686 { &hf_wtp_header_variable_part,
687 { "Header: Variable part",
688 "wtp.header_variable_part",
689 FT_BYTES, BASE_HEX, NULL, 0x0,
690 "Variable part of the header", HFILL
696 FT_BYTES, BASE_HEX, NULL, 0x0,
702 /* Setup protocol subtree array */
703 static gint *ett[] = {
708 /* Register the protocol name and description */
709 proto_wtp = proto_register_protocol(
710 "Wireless Transaction Protocol", /* protocol name for use by ethereal */
711 "WTP", /* short version of name */
712 "wap-wsp-wtp" /* Abbreviated protocol name, should Match IANA
713 < URL:http://www.isi.edu/in-notes/iana/assignments/port-numbers/ >
717 /* Required function calls to register the header fields and subtrees used */
718 proto_register_field_array(proto_wtp, hf, array_length(hf));
719 proto_register_subtree_array(ett, array_length(ett));
721 register_dissector("wtp", dissect_wtp_fromwap, proto_wtp);
725 proto_reg_handoff_wtp(void)
728 * Get a handle for the connection-oriented WSP dissector - if WTP
729 * PDUs have data, it is WSP.
731 wsp_handle = find_dissector("wsp-co");
733 dissector_add("udp.port", UDP_PORT_WTP_WSP, dissect_wtp_fromudp,