X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=packet-ipsec.c;h=f919bb334d8de72ea76b71726652516b59bc56cc;hp=8fd2b5d882e5024f39bad8bd3d4101ce19370bb4;hb=279d0ab898de61ea418179026341dda23a3db4a2;hpb=bb5f2a5810d9aa5a18ac0ea315a8ad8f746ff400 diff --git a/packet-ipsec.c b/packet-ipsec.c index 8fd2b5d882..f919bb334d 100644 --- a/packet-ipsec.c +++ b/packet-ipsec.c @@ -1,12 +1,11 @@ /* packet-ipsec.c * Routines for IPsec/IPComp packet disassembly * - * $Id: packet-ipsec.c,v 1.14 2000/04/20 07:05:55 guy Exp $ + * $Id: packet-ipsec.c,v 1.41 2002/08/02 23:35:51 jmayer Exp $ * * Ethereal - Network traffic analyzer - * By Gerald Combs + * By Gerald Combs * Copyright 1998 Gerald Combs - * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,19 +28,17 @@ #include -#ifdef HAVE_SYS_TYPES_H -# include -#endif - -#ifdef HAVE_NETINET_IN_H -# include -#endif - +#include #include -#include "packet.h" +#include #include "packet-ipsec.h" #include "packet-ip.h" -#include "resolv.h" +#include +#include "ipproto.h" +#include "prefs.h" + +/* Place AH payload in sub tree */ +static gboolean g_ah_payload_in_subtree = FALSE; static int proto_ah = -1; static int hf_ah_spi = -1; @@ -57,6 +54,8 @@ static gint ett_ah = -1; static gint ett_esp = -1; static gint ett_ipcomp = -1; +static dissector_handle_t data_handle; + struct newah { guint8 ah_nxt; /* Next Header */ guint8 ah_len; /* Length of data + 1, in 32bit */ @@ -100,65 +99,113 @@ static const value_string cpi2val[] = { #define offsetof(type, member) ((size_t)(&((type *)0)->member)) #endif +static void +dissect_ah(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *next_tree; + guint8 nxt; + tvbuff_t *next_tvb; + int advance; + + advance = dissect_ah_header(tvb, pinfo, tree, &nxt, &next_tree); + next_tvb = tvb_new_subset(tvb, advance, -1, -1); + + if (g_ah_payload_in_subtree) { + col_set_writable(pinfo->cinfo, FALSE); + } + + /* do lookup with the subdissector table */ + if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, next_tree)) { + call_dissector(data_handle,next_tvb, pinfo, next_tree); + } +} + int -dissect_ah(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) +dissect_ah_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + guint8 *nxt_p, proto_tree **next_tree_p) { proto_tree *ah_tree; proto_item *ti; struct newah ah; int advance; - memcpy(&ah, (void *) &pd[offset], sizeof(ah)); + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "AH"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&ah, 0, sizeof(ah)); advance = sizeof(ah) + ((ah.ah_len - 1) << 2); - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "AH"); - if (check_col(fd, COL_INFO)) { - col_add_fstr(fd, COL_INFO, "AH (SPI=0x%08x)", - (guint32)ntohl(ah.ah_spi)); + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "AH (SPI=0x%08x)", + (guint32)g_ntohl(ah.ah_spi)); } if (tree) { /* !!! specify length */ - ti = proto_tree_add_item(tree, proto_ah, offset, advance, NULL); + ti = proto_tree_add_item(tree, proto_ah, tvb, 0, advance, FALSE); ah_tree = proto_item_add_subtree(ti, ett_ah); - proto_tree_add_text(ah_tree, offset + offsetof(struct newah, ah_nxt), 1, - "Next Header: %s (0x%02x)", ipprotostr(ah.ah_nxt), ah.ah_nxt); - proto_tree_add_text(ah_tree, offset + offsetof(struct newah, ah_len), 1, - "Length: %d", ah.ah_len << 2); - proto_tree_add_item(ah_tree, hf_ah_spi, - offset + offsetof(struct newah, ah_spi), 4, - (guint32)ntohl(ah.ah_spi)); - proto_tree_add_item(ah_tree, hf_ah_sequence, - offset + offsetof(struct newah, ah_seq), 4, - (guint32)ntohl(ah.ah_seq)); - proto_tree_add_text(ah_tree, offset + sizeof(ah), (ah.ah_len - 1) << 2, + proto_tree_add_text(ah_tree, tvb, + offsetof(struct newah, ah_nxt), 1, + "Next Header: %s (0x%02x)", + ipprotostr(ah.ah_nxt), ah.ah_nxt); + proto_tree_add_text(ah_tree, tvb, + offsetof(struct newah, ah_len), 1, + "Length: %u", (ah.ah_len + 2) << 2); + proto_tree_add_uint(ah_tree, hf_ah_spi, tvb, + offsetof(struct newah, ah_spi), 4, + (guint32)g_ntohl(ah.ah_spi)); + proto_tree_add_uint(ah_tree, hf_ah_sequence, tvb, + offsetof(struct newah, ah_seq), 4, + (guint32)g_ntohl(ah.ah_seq)); + proto_tree_add_text(ah_tree, tvb, + sizeof(ah), (ah.ah_len - 1) << 2, "ICV"); + + if (next_tree_p != NULL) { + /* Decide where to place next protocol decode */ + if (g_ah_payload_in_subtree) { + *next_tree_p = ah_tree; + } + else { + *next_tree_p = tree; + } + } + } else { + if (next_tree_p != NULL) + *next_tree_p = NULL; } + if (nxt_p != NULL) + *nxt_p = ah.ah_nxt; + /* start of the new header (could be a extension header) */ return advance; } static void -dissect_esp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) +dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *esp_tree; proto_item *ti; struct newesp esp; - memcpy(&esp, (void *) &pd[offset], sizeof(esp)); - /* * load the top pane info. This should be overwritten by * the next protocol in the stack */ - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "ESP"); - if (check_col(fd, COL_INFO)) { - col_add_fstr(fd, COL_INFO, "ESP (SPI=0x%08x)", - (guint32)ntohl(esp.esp_spi)); + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ESP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&esp, 0, sizeof(esp)); + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "ESP (SPI=0x%08x)", + (guint32)g_ntohl(esp.esp_spi)); } /* @@ -166,41 +213,46 @@ dissect_esp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) * (ie none) */ if(tree) { - ti = proto_tree_add_item(tree, proto_esp, offset, END_OF_FRAME, NULL); + ti = proto_tree_add_item(tree, proto_esp, tvb, 0, -1, FALSE); esp_tree = proto_item_add_subtree(ti, ett_esp); - proto_tree_add_item(esp_tree, hf_esp_spi, - offset + offsetof(struct newesp, esp_spi), 4, - (guint32)ntohl(esp.esp_spi)); - proto_tree_add_item(esp_tree, hf_esp_sequence, - offset + offsetof(struct newesp, esp_seq), 4, - (guint32)ntohl(esp.esp_seq)); - dissect_data(pd, offset + sizeof(struct newesp), fd, esp_tree); + proto_tree_add_uint(esp_tree, hf_esp_spi, tvb, + offsetof(struct newesp, esp_spi), 4, + (guint32)g_ntohl(esp.esp_spi)); + proto_tree_add_uint(esp_tree, hf_esp_sequence, tvb, + offsetof(struct newesp, esp_seq), 4, + (guint32)g_ntohl(esp.esp_seq)); + call_dissector(data_handle, + tvb_new_subset(tvb, sizeof(struct newesp), -1, -1), + pinfo, esp_tree); } } static void -dissect_ipcomp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) +dissect_ipcomp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *ipcomp_tree; proto_item *ti; struct ipcomp ipcomp; char *p; - memcpy(&ipcomp, (void *) &pd[offset], sizeof(ipcomp)); - /* * load the top pane info. This should be overwritten by * the next protocol in the stack */ - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "IPComp"); - if (check_col(fd, COL_INFO)) { - p = val_to_str(ntohs(ipcomp.comp_cpi), cpi2val, ""); - if (p[0] == '\0') { - col_add_fstr(fd, COL_INFO, "IPComp (CPI=0x%04x)", - ntohs(ipcomp.comp_cpi)); + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPComp"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + tvb_memcpy(tvb, (guint8 *)&ipcomp, 0, sizeof(ipcomp)); + + if (check_col(pinfo->cinfo, COL_INFO)) { + p = match_strval(g_ntohs(ipcomp.comp_cpi), cpi2val); + if (p == NULL) { + col_add_fstr(pinfo->cinfo, COL_INFO, "IPComp (CPI=0x%04x)", + g_ntohs(ipcomp.comp_cpi)); } else - col_add_fstr(fd, COL_INFO, "IPComp (CPI=%s)", p); + col_add_fstr(pinfo->cinfo, COL_INFO, "IPComp (CPI=%s)", p); } /* @@ -208,30 +260,22 @@ dissect_ipcomp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) * (ie none) */ if (tree) { - ti = proto_tree_add_item(tree, proto_ipcomp, offset, END_OF_FRAME, - NULL); + ti = proto_tree_add_item(tree, proto_ipcomp, tvb, 0, -1, FALSE); ipcomp_tree = proto_item_add_subtree(ti, ett_ipcomp); - proto_tree_add_text(ipcomp_tree, - offset + offsetof(struct ipcomp, comp_nxt), 1, + proto_tree_add_text(ipcomp_tree, tvb, + offsetof(struct ipcomp, comp_nxt), 1, "Next Header: %s (0x%02x)", ipprotostr(ipcomp.comp_nxt), ipcomp.comp_nxt); - proto_tree_add_item(ipcomp_tree, hf_ipcomp_flags, - offset + offsetof(struct ipcomp, comp_flags), 1, + proto_tree_add_uint(ipcomp_tree, hf_ipcomp_flags, tvb, + offsetof(struct ipcomp, comp_flags), 1, ipcomp.comp_flags); - p = val_to_str(ntohs(ipcomp.comp_cpi), cpi2val, ""); - if (p[0] == '\0') { - proto_tree_add_item(ipcomp_tree, hf_ipcomp_cpi, - offset + offsetof(struct ipcomp, comp_cpi), 2, - ntohs(ipcomp.comp_cpi)); - } else { - proto_tree_add_uint_format(ipcomp_tree, hf_ipcomp_cpi, - offset + offsetof(struct ipcomp, comp_cpi), 2, - ntohs(ipcomp.comp_cpi), - "CPI: %s (0x%04x)", - p, ntohs(ipcomp.comp_cpi)); - } - dissect_data(pd, offset + sizeof(struct ipcomp), fd, ipcomp_tree); + proto_tree_add_uint(ipcomp_tree, hf_ipcomp_cpi, tvb, + offsetof(struct ipcomp, comp_cpi), 2, + g_ntohs(ipcomp.comp_cpi)); + call_dissector(data_handle, + tvb_new_subset(tvb, sizeof(struct ipcomp), -1, -1), pinfo, + ipcomp_tree); } } @@ -242,28 +286,28 @@ proto_register_ipsec(void) static hf_register_info hf_ah[] = { { &hf_ah_spi, { "SPI", "ah.spi", FT_UINT32, BASE_HEX, NULL, 0x0, - "" }}, + "", HFILL }}, { &hf_ah_sequence, { "Sequence", "ah.sequence", FT_UINT32, BASE_HEX, NULL, 0x0, - "" }} + "", HFILL }} }; static hf_register_info hf_esp[] = { { &hf_esp_spi, { "SPI", "esp.spi", FT_UINT32, BASE_HEX, NULL, 0x0, - "" }}, + "", HFILL }}, { &hf_esp_sequence, { "Sequence", "esp.sequence", FT_UINT32, BASE_HEX, NULL, 0x0, - "" }} + "", HFILL }} }; static hf_register_info hf_ipcomp[] = { { &hf_ipcomp_flags, { "Flags", "ipcomp.flags", FT_UINT8, BASE_HEX, NULL, 0x0, - "" }}, + "", HFILL }}, { &hf_ipcomp_cpi, - { "CPI", "ipcomp.cpi", FT_UINT16, BASE_HEX, NULL, 0x0, - "" }}, + { "CPI", "ipcomp.cpi", FT_UINT16, BASE_HEX, + VALS(cpi2val), 0x0, "", HFILL }}, }; static gint *ett[] = { &ett_ah, @@ -271,21 +315,42 @@ proto_register_ipsec(void) &ett_ipcomp, }; - proto_ah = proto_register_protocol("Authentication Header", "ah"); + module_t *ah_module; + + proto_ah = proto_register_protocol("Authentication Header", "AH", "ah"); proto_register_field_array(proto_ah, hf_ah, array_length(hf_ah)); - proto_esp = proto_register_protocol("Encapsulated Security Payload", "esp"); + proto_esp = proto_register_protocol("Encapsulating Security Payload", + "ESP", "esp"); proto_register_field_array(proto_esp, hf_esp, array_length(hf_esp)); - proto_ipcomp = proto_register_protocol("IP Payload Compression", "ipcomp"); + proto_ipcomp = proto_register_protocol("IP Payload Compression", + "IPComp", "ipcomp"); proto_register_field_array(proto_ipcomp, hf_ipcomp, array_length(hf_ipcomp)); proto_register_subtree_array(ett, array_length(ett)); + + /* Register a configuration option for placement of AH payload dissection */ + ah_module = prefs_register_protocol(proto_ah, NULL); + prefs_register_bool_preference(ah_module, "place_ah_payload_in_subtree", + "Place AH payload in subtree", +"Whether the AH payload decode should be placed in a subtree", + &g_ah_payload_in_subtree); + + register_dissector("esp", dissect_esp, proto_esp); + register_dissector("ah", dissect_ah, proto_ah); } void proto_reg_handoff_ipsec(void) { - dissector_add("ip.proto", IP_PROTO_ESP, dissect_esp); - dissector_add("ip.proto", IP_PROTO_IPCOMP, dissect_ipcomp); + dissector_handle_t esp_handle, ah_handle, ipcomp_handle; + + data_handle = find_dissector("data"); + ah_handle = find_dissector("ah"); + dissector_add("ip.proto", IP_PROTO_AH, ah_handle); + esp_handle = find_dissector("esp"); + dissector_add("ip.proto", IP_PROTO_ESP, esp_handle); + ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp); + dissector_add("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle); }