From a12e86f59ffbd11364e60c80835a2ec495357bb0 Mon Sep 17 00:00:00 2001
From: Chris Maynard <Christopher.Maynard@GTECH.COM>
Date: Fri, 29 Oct 2010 22:37:31 +0000
Subject: Fixes bug 974 by adding RSP trailer.  Also resolves packet-asp
 "FIXME" for IANA Enterprise ID as well as extended packet-asp decoding of
 authentication and integrity payloads using the sample capture file attached
 to the bug. Fuzz tested ~500 passes on that 3 packet capture file.

svn path=/trunk/; revision=34701
---
 epan/dissectors/packet-asf.c          | 273 +++++++++++++++++++++++++++++++---
 epan/dissectors/packet-ipmi-session.c |   3 +-
 epan/dissectors/packet-rmcp.c         |  10 +-
 3 files changed, 259 insertions(+), 27 deletions(-)

(limited to 'epan/dissectors')

diff --git a/epan/dissectors/packet-asf.c b/epan/dissectors/packet-asf.c
index 726ae0f5c3..e42a0c263a 100644
--- a/epan/dissectors/packet-asf.c
+++ b/epan/dissectors/packet-asf.c
@@ -33,6 +33,7 @@
 
 #include <glib.h>
 #include <epan/packet.h>
+#include <epan/sminmpec.h>
 
 /*
  * See
@@ -47,32 +48,106 @@ static int hf_asf_iana = -1;
 static int hf_asf_type = -1;
 static int hf_asf_tag = -1;
 static int hf_asf_len = -1;
+static int hf_asf_rssp_status_code = -1;
+static int hf_asf_mgt_console_id = -1;
+static int hf_asf_client_id = -1;
+static int hf_asf_payload = -1;
+static int hf_asf_payload_type = -1;
+static int hf_asf_payload_len = -1;
+static int hf_asf_payload_data = -1;
+static int hf_asf_auth_alg = -1;
+static int hf_asf_integrity_alg = -1;
+static int hf_asf_reserved = -1;
 
 static dissector_handle_t data_handle;
 static gint ett_asf = -1;
+static gint ett_asf_payload = -1;
+static gint ett_asf_alg_payload = -1;
+
+#define ASF_TYPE_RESET				0x10
+#define ASF_TYPE_PWR_UP				0x11
+#define ASF_TYPE_PWR_DOWN			0x12
+#define ASF_TYPE_PWR_CYCLE			0x13
+#define ASF_TYPE_PRES_PONG			0x40
+#define ASF_TYPE_CAP_RESP			0x41
+#define ASF_TYPE_SYS_STATE_RESP		0x42
+#define ASF_TYPE_OPEN_SESS_RESP		0x43
+#define ASF_TYPE_CLOSE_SESS_RESP	0x44
+#define ASF_TYPE_PRES_PING			0x80
+#define ASF_TYPE_CAP_RQST			0x81
+#define ASF_TYPE_SYS_STATE_RQST		0x82
+#define ASF_TYPE_OPEN_SESS_RQST		0x83
+#define ASF_TYPE_CLOSE_SESS_RQST	0x84
+#define ASF_TYPE_RAKP_MSG_1			0xC0
+#define ASF_TYPE_RAKP_MSG_2			0xC1
+#define ASF_TYPE_RAKP_MSG_3			0xC2
 
 static const value_string asf_type_vals[] = {
-	{ 0x10, "Reset" },
-	{ 0x11, "Power-up" },
-	{ 0x12, "Unconditional Power-down" },
-	{ 0x13, "Power Cycle" },
-	{ 0x40, "Presence Pong" },
-	{ 0x41, "Capabilities Response" },
-	{ 0x42, "System State Response" },
-	{ 0x43, "Open Session Response" },
-	{ 0x44, "Close Session Response" },
-	{ 0x80, "Presence Ping" },
-	{ 0x81, "Capabilities Request" },
-	{ 0x82, "System State Request" },
-	{ 0x83, "Open Session Request" },
-	{ 0x84, "Close Session Request" },
-	{ 0xC0, "RAKP Message 1" },
-	{ 0xC1, "RAKP Message 2" },
-	{ 0xC2, "RAKP Message 3" },
+	{ ASF_TYPE_RESET, "Reset" },
+	{ ASF_TYPE_PWR_UP, "Power-up" },
+	{ ASF_TYPE_PWR_DOWN, "Unconditional Power-down" },
+	{ ASF_TYPE_PWR_CYCLE, "Power Cycle" },
+	{ ASF_TYPE_PRES_PONG, "Presence Pong" },
+	{ ASF_TYPE_CAP_RESP, "Capabilities Response" },
+	{ ASF_TYPE_SYS_STATE_RESP, "System State Response" },
+	{ ASF_TYPE_OPEN_SESS_RESP, "Open Session Response" },
+	{ ASF_TYPE_CLOSE_SESS_RESP, "Close Session Response" },
+	{ ASF_TYPE_PRES_PING, "Presence Ping" },
+	{ ASF_TYPE_CAP_RQST, "Capabilities Request" },
+	{ ASF_TYPE_SYS_STATE_RQST, "System State Request" },
+	{ ASF_TYPE_OPEN_SESS_RQST, "Open Session Request" },
+	{ ASF_TYPE_CLOSE_SESS_RQST, "Close Session Request" },
+	{ ASF_TYPE_RAKP_MSG_1, "RAKP Message 1" },
+	{ ASF_TYPE_RAKP_MSG_2, "RAKP Message 2" },
+	{ ASF_TYPE_RAKP_MSG_3, "RAKP Message 3" },
 	{ 0x00, NULL }
 };
 
-static void
+static const value_string asf_rssp_status_code_vals[] = {
+	{ 0x00, "No errors" },
+	{ 0x01, "Insufficient resources to create a session" },
+	{ 0x02, "Invalid session ID" },
+	{ 0x03, "Invalid payload type" },
+	{ 0x04, "Invalid authentication algorithm" },
+	{ 0x05, "Invalid integrity algorithm" },
+	{ 0x06, "No matching authentication payload" },
+	{ 0x07, "No matching integrity payload" },
+	{ 0x00, NULL }
+};
+
+#define ASF_PAYLOAD_TYPE_NONE			0x00
+#define ASF_PAYLOAD_TYPE_AUTHENTICATION	0x01
+#define ASF_PAYLOAD_TYPE_INTEGRITY		0x02
+
+static const value_string asf_payload_type_vals[] = {
+	{ ASF_PAYLOAD_TYPE_NONE, "No payload present (end of list)" },
+	{ ASF_PAYLOAD_TYPE_AUTHENTICATION, "Authentication algorithm payload" },
+	{ ASF_PAYLOAD_TYPE_INTEGRITY, "Integrity algorithm payload" },
+	{ 0x00, NULL }
+};
+
+static const value_string asf_authentication_type_vals[] = {
+	{ 0x01, "RAKP-HMAC-SHA1" },
+	{ 0x00, NULL }
+};
+
+static const value_string asf_integrity_type_vals[] = {
+	{ 0x01, "HMAC-SHA1-96" },
+	{ 0x00, NULL }
+};
+
+static void dissect_asf_open_session_request(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len);
+static void dissect_asf_open_session_response(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len);
+static void dissect_asf_payloads(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len);
+static void dissect_asf_payload_authentication(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len);
+static void dissect_asf_payload_integrity(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len);
+
+static int
 dissect_asf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
 	proto_tree	*asf_tree = NULL;
@@ -90,12 +165,11 @@ dissect_asf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
 	if (check_col(pinfo->cinfo, COL_INFO))
 		col_add_str(pinfo->cinfo, COL_INFO,
-		     val_to_str(type, asf_type_vals, "Unknown (0x%02x)"));
+			val_to_str(type, asf_type_vals, "Unknown (0x%02x)"));
 
 	if (tree) {
 		ti = proto_tree_add_item(tree, proto_asf, tvb, 0, 8, FALSE);
 		asf_tree = proto_item_add_subtree(ti, ett_asf);
-		/* FIXME: resolve enterprise ID */
 		proto_tree_add_item(asf_tree, hf_asf_iana, tvb, 0, 4, FALSE);
 		proto_tree_add_item(asf_tree, hf_asf_type, tvb, 4, 1, FALSE);
 		proto_tree_add_item(asf_tree, hf_asf_tag, tvb, 5, 1, FALSE);
@@ -103,9 +177,117 @@ dissect_asf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	}
 
 	if (len) {
-		next_tvb = tvb_new_subset(tvb, 8, -1, len);
-		call_dissector(data_handle, next_tvb, pinfo, tree);
+		switch(type) {
+		case ASF_TYPE_OPEN_SESS_RQST:
+			dissect_asf_open_session_request(tvb, asf_tree, 8, len);
+			break;
+		case ASF_TYPE_OPEN_SESS_RESP:
+			dissect_asf_open_session_response(tvb, asf_tree, 8, len);
+			break;
+		
+		/* TODO: Add the rest as captures become available to test. */
+		
+		default:
+			next_tvb = tvb_new_subset(tvb, 8, len, len);
+			call_dissector(data_handle, next_tvb, pinfo, tree);
+			break;
+		}
 	}
+	return 8 + len;
+}
+
+static void dissect_asf_open_session_request(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len)
+{
+	proto_tree_add_item(tree, hf_asf_mgt_console_id, tvb, offset, 4, FALSE);
+	offset += 4;
+	len -= 4;
+	dissect_asf_payloads(tvb, tree, offset, len);
+}
+
+static void dissect_asf_open_session_response(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len)
+{
+	proto_tree_add_item(tree, hf_asf_rssp_status_code, tvb, offset, 1, FALSE);
+	proto_tree_add_item(tree, hf_asf_mgt_console_id, tvb, offset + 4, 4, FALSE);
+	proto_tree_add_item(tree, hf_asf_client_id, tvb, offset + 8, 4, FALSE);
+	offset += 12;
+	len -= 12;
+	dissect_asf_payloads(tvb, tree, offset, len);
+}	
+
+static void dissect_asf_payloads(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len)
+{
+	guint8 ptype;
+	guint16 plen;
+	proto_item *ti;
+	proto_tree *ptree;
+
+	while ( len >= 4 )
+	{
+		ptype = tvb_get_guint8(tvb, offset);
+		plen = tvb_get_ntohs(tvb, offset + 2);
+		
+		ti = proto_tree_add_none_format(tree, hf_asf_payload, tvb, offset,
+			plen, "%s: %u bytes",
+			val_to_str(ptype, asf_payload_type_vals, "Unknown (%u)"), plen);
+		ptree = proto_item_add_subtree(ti, ett_asf_payload);
+		proto_tree_add_item(ptree, hf_asf_payload_type, tvb, offset, 1, FALSE);
+		proto_tree_add_item(ptree, hf_asf_payload_len, tvb, offset + 2, 2, FALSE);
+		if ( ptype && (plen > 4) )
+		{
+			switch ( ptype )
+			{
+				case ASF_PAYLOAD_TYPE_AUTHENTICATION:
+					dissect_asf_payload_authentication(tvb, ptree,
+						offset + 4, plen - 4);
+					break;
+				case ASF_PAYLOAD_TYPE_INTEGRITY:
+					dissect_asf_payload_integrity(tvb, ptree,
+						offset + 4, plen - 4);
+					break;
+				default:
+					proto_tree_add_item(ptree, hf_asf_payload_data, tvb,
+						offset + 4, plen - 4, FALSE);
+					break;
+			}
+		}
+		offset += plen;
+		len -= plen;
+	}
+}
+
+static void dissect_asf_payload_authentication(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len)
+{
+	guint8 alg;
+	proto_item *ti;
+	proto_tree *atree;
+
+	alg = tvb_get_guint8(tvb, offset);
+	ti = proto_tree_add_none_format(tree, hf_asf_payload_data, tvb, offset,
+		len, "Authentication Algorithm: %s",
+		val_to_str(alg, asf_authentication_type_vals, "Unknown (%u)"));
+	atree = proto_item_add_subtree(ti, ett_asf_alg_payload);
+	proto_tree_add_item(atree, hf_asf_auth_alg, tvb, offset, 1, FALSE);
+	proto_tree_add_item(atree, hf_asf_reserved, tvb, offset + 1, len - 1, FALSE);
+}
+
+static void dissect_asf_payload_integrity(tvbuff_t *tvb, proto_tree *tree,
+	gint offset, gint len)
+{
+	guint8 alg;
+	proto_item *ti;
+	proto_tree *atree;
+
+	alg = tvb_get_guint8(tvb, offset);
+	ti = proto_tree_add_none_format(tree, hf_asf_payload_data, tvb, offset,
+		len, "Integrity Algorithm: %s",
+		val_to_str(alg, asf_integrity_type_vals, "Unknown (%u)"));
+	atree = proto_item_add_subtree(ti, ett_asf_alg_payload);
+	proto_tree_add_item(atree, hf_asf_integrity_alg, tvb, offset, 1, FALSE);
+	proto_tree_add_item(atree, hf_asf_reserved, tvb, offset + 1, len - 1, FALSE);
 }
 
 void
@@ -114,8 +296,8 @@ proto_register_asf(void)
 	static hf_register_info hf[] = {
 		{ &hf_asf_iana, {
 			"IANA Enterprise Number", "asf.iana",
-			FT_UINT32, BASE_HEX, NULL, 0,
-			"ASF IANA Enterprise Number", HFILL }},
+			FT_UINT32, BASE_DEC|BASE_EXT_STRING, &sminmpec_values_ext, 0,
+			"IANA Enterprise Number", HFILL }},
 		{ &hf_asf_type, {
 			"Message Type", "asf.type",
 			FT_UINT8, BASE_HEX, VALS(asf_type_vals), 0,
@@ -128,9 +310,52 @@ proto_register_asf(void)
 			"Data Length", "asf.len",
 			FT_UINT8, BASE_DEC, NULL, 0,
 			"ASF Data Length", HFILL }},
+		{ &hf_asf_rssp_status_code, {
+			"Status Code", "asf.rssp_status_code",
+			FT_UINT8, BASE_DEC, VALS(asf_rssp_status_code_vals), 0,
+			"Identifies the status of the previous message", HFILL }},
+		{ &hf_asf_mgt_console_id, {
+			"Mgt Console Session ID", "asf.mgt_console_id",
+			FT_UINT32, BASE_DEC, NULL, 0,
+			NULL, HFILL }},
+		{ &hf_asf_client_id, {
+			"Managed Client Session ID", "asf.client_id",
+			FT_UINT32, BASE_DEC, NULL, 0,
+			NULL, HFILL }},
+		{ &hf_asf_payload, {
+			"Payload", "asf.payload",
+			FT_NONE, BASE_NONE, NULL, 0,
+			NULL, HFILL }},
+		{ &hf_asf_payload_type, {
+			"Payload Type", "asf.payload.type",
+			FT_UINT8, BASE_DEC, VALS(asf_payload_type_vals), 0,
+			"Identifies the type of payload that follows", HFILL }},
+		{ &hf_asf_payload_len, {
+			"Payload Length", "asf.payload.len",
+			FT_UINT16, BASE_DEC, NULL, 0,
+			"The total length in bytes of the payload including the header",
+			HFILL }},
+		{ &hf_asf_payload_data, {
+			"Data", "asf.payload.data",
+			FT_NONE, BASE_NONE, NULL, 0,
+			NULL, HFILL }},
+		{ &hf_asf_auth_alg, {
+			"Authentication Algorithm", "asf.auth_alg",
+			FT_UINT8, BASE_DEC, VALS(asf_authentication_type_vals), 0,
+			NULL, HFILL }},
+		{ &hf_asf_integrity_alg, {
+			"Integrity Algorithm", "asf.integrity_alg",
+			FT_UINT8, BASE_DEC, VALS(asf_integrity_type_vals), 0,
+			NULL, HFILL }},
+		{ &hf_asf_reserved, {
+			"Reserved", "asf.reserved",
+			FT_NONE, BASE_NONE, NULL, 0,
+			NULL, HFILL }},
 	};
 	static gint *ett[] = {
 		&ett_asf,
+		&ett_asf_payload,
+		&ett_asf_alg_payload
 	};
 
 	proto_asf = proto_register_protocol(
diff --git a/epan/dissectors/packet-ipmi-session.c b/epan/dissectors/packet-ipmi-session.c
index d2c0762f9e..d7b4fb52b2 100644
--- a/epan/dissectors/packet-ipmi-session.c
+++ b/epan/dissectors/packet-ipmi-session.c
@@ -110,7 +110,7 @@ static const true_false_string ipmi_payload_enc_val  = {
   "Payload is unencrypted"
 };
 
-static void
+static int
 dissect_ipmi_session(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
 	proto_tree	*sess_tree = NULL, *s_tree;
@@ -261,6 +261,7 @@ dissect_ipmi_session(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 					tvb, offset, tvb_length(tvb) - offset, TRUE);
 		}
 	}
+	return tvb_length(tvb);
 }
 
 void
diff --git a/epan/dissectors/packet-rmcp.c b/epan/dissectors/packet-rmcp.c
index aefe7a91d0..117b892b42 100644
--- a/epan/dissectors/packet-rmcp.c
+++ b/epan/dissectors/packet-rmcp.c
@@ -93,6 +93,7 @@ dissect_rmcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	guint8		class;
 	const gchar	*class_str;
 	guint8		type;
+	guint		len;
 
 	/*
 	 * Check whether it's a known class value; if not, assume it's
@@ -140,8 +141,13 @@ dissect_rmcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 		next_tvb = tvb_new_subset_remaining(tvb, 4);
 
 		if (!dissector_try_port(rmcp_dissector_table, class, next_tvb, pinfo,
-			tree))
-			call_dissector(data_handle, next_tvb, pinfo, tree);
+			tree)) {
+			len = call_dissector(data_handle, next_tvb, pinfo, tree);
+			if (len < tvb_length(next_tvb)) {
+			proto_tree_add_text(tree, tvb, 4 + len, -1, 
+				"RSP Trailer (%d bytes):", tvb_length(next_tvb) - len);
+			}
+		}
 	}
 
 	return tvb_length(tvb);
-- 
cgit v1.2.3