diff options
author | Đorđije Manojlović <djordjije.manojlovic@omicronenergy.com> | 2020-11-20 10:56:00 +0100 |
---|---|---|
committer | AndersBroman <a.broman58@gmail.com> | 2020-11-24 13:43:53 +0000 |
commit | 8c4d420fb3f282a477947be6008f3f509ce7384b (patch) | |
tree | 8078c02d6f2f3b6de06a81837bbbeeb1e77fb4ec /epan/dissectors/asn1/goose | |
parent | 74c0b2134b5e776a97db1b0927b529fe5b725a4d (diff) |
Extend IEC 61850 GOOSE dissector to support IEC 61850 R-GOOSE protocol
R-GOOSE (Routable GOOSE) protocol is GOOSE protocol embedded into
RFC 1240: OSI Connectionless Transport over UDP.
Diffstat (limited to 'epan/dissectors/asn1/goose')
-rw-r--r-- | epan/dissectors/asn1/goose/packet-goose-template.c | 453 |
1 files changed, 420 insertions, 33 deletions
diff --git a/epan/dissectors/asn1/goose/packet-goose-template.c b/epan/dissectors/asn1/goose/packet-goose-template.c index 46c23312c1..3561b5ef7a 100644 --- a/epan/dissectors/asn1/goose/packet-goose-template.c +++ b/epan/dissectors/asn1/goose/packet-goose-template.c @@ -28,6 +28,32 @@ void proto_reg_handoff_goose(void); /* Initialize the protocol and registered fields */ static int proto_goose = -1; + +static int hf_goose_session_header = -1; +static int hf_goose_spdu_id = -1; +static int hf_goose_session_hdr_length = -1; +static int hf_goose_hdr_length = -1; +static int hf_goose_content_id = -1; +static int hf_goose_spdu_lenth = -1; +static int hf_goose_spdu_num = -1; +static int hf_goose_version = -1; +static int hf_goose_security_info = -1; +static int hf_goose_current_key_t = -1; +static int hf_goose_next_key_t = -1; +static int hf_goose_key_id = -1; +static int hf_goose_init_vec_length = -1; +static int hf_goose_init_vec = -1; +static int hf_goose_session_user_info = -1; +static int hf_goose_payload = -1; +static int hf_goose_payload_length = -1; +static int hf_goose_apdu_tag = -1; +static int hf_goose_apdu_simulation = -1; +static int hf_goose_apdu_appid = -1; +static int hf_goose_apdu_length = -1; +static int hf_goose_padding_tag = -1; +static int hf_goose_padding_length = -1; +static int hf_goose_padding = -1; +static int hf_goose_hmac = -1; static int hf_goose_appid = -1; static int hf_goose_length = -1; static int hf_goose_reserve1 = -1; @@ -39,6 +65,11 @@ static expert_field ei_goose_zero_pdu = EI_INIT; #include "packet-goose-hf.c" /* Initialize the subtree pointers */ +static int ett_session_header = -1; +static int ett_security_info = -1; +static int ett_session_user_info = -1; +static int ett_payload = -1; +static int ett_padding = -1; static int ett_goose = -1; #include "packet-goose-ett.c" @@ -46,16 +77,47 @@ static int ett_goose = -1; #include "packet-goose-fn.c" static dissector_handle_t goose_handle = NULL; +static dissector_handle_t ositp_handle = NULL; + + +#define OSI_SPDU_TUNNELED 0xA0 /* Tunneled */ +#define OSI_SPDU_GOOSE 0xA1 /* GOOSE */ +#define OSI_SPDU_SV 0xA2 /* Sample Value */ +#define OSI_SPDU_MNGT 0xA3 /* Management */ + +static const value_string ositp_spdu_id[] = { + { OSI_SPDU_TUNNELED, "Tunneled" }, + { OSI_SPDU_GOOSE, "GOOSE" }, + { OSI_SPDU_SV, "Sample value" }, + { OSI_SPDU_MNGT, "Management" }, + { 0, NULL } +}; + +#define OSI_PDU_GOOSE 0x81 +#define OSI_PDU_SV 0x82 +#define OSI_PDU_TUNNELED 0x83 +#define OSI_PDU_MNGT 0x84 + +static const value_string ositp_pdu_id[] = { + { OSI_PDU_GOOSE, "GOOSE" }, + { OSI_PDU_SV, "SV" }, + { OSI_PDU_TUNNELED, "Tunnel" }, + { OSI_PDU_MNGT, "MNGT" }, + { 0, NULL } +}; + +#define APDU_HEADER_SIZE 6 /* * Dissect GOOSE PDUs inside a PPDU. */ static int -dissect_goose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) +dissect_goose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void* data _U_) { - int offset = 0; - int old_offset; - guint16 length; + guint32 offset = 0; + guint32 old_offset; + guint32 length; proto_item *item = NULL; proto_tree *tree = NULL; asn1_ctx_t asn1_ctx; @@ -72,14 +134,16 @@ dissect_goose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* proto_tree_add_item(tree, hf_goose_appid, tvb, offset, 2, ENC_BIG_ENDIAN); /* Length */ - length = tvb_get_ntohs(tvb, offset + 2); - proto_tree_add_item(tree, hf_goose_length, tvb, offset + 2, 2, ENC_BIG_ENDIAN); + proto_tree_add_item_ret_uint(tree, hf_goose_length, tvb, offset + 2, 2, + ENC_BIG_ENDIAN, &length); /* Reserved 1 */ - proto_tree_add_item(tree, hf_goose_reserve1, tvb, offset + 4, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_goose_reserve1, tvb, offset + 4, 2, + ENC_BIG_ENDIAN); /* Reserved 2 */ - proto_tree_add_item(tree, hf_goose_reserve2, tvb, offset + 6, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_goose_reserve2, tvb, offset + 6, 2, + ENC_BIG_ENDIAN); offset = 8; while (offset < length){ @@ -94,40 +158,356 @@ dissect_goose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* return tvb_captured_length(tvb); } +/* +* Dissect RGOOSE PDUs inside ISO 8602/X.234 CLTP ConnecteionLess +* Transport Protocol. +*/ +static int +dissect_rgoose(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void* data _U_) +{ + guint offset = 0, old_offset = 0; + guint32 init_v_length, payload_tag, padding_length; + guint32 payload_length, apdu_offset = 0, apdu_length; + proto_item *item = NULL; + proto_tree *tree = NULL, *sess_user_info_tree = NULL; + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); -/*--- proto_register_goose -------------------------------------------*/ -void proto_register_goose(void) { + col_set_str(pinfo->cinfo, COL_PROTOCOL, "R-GOOSE"); + col_clear(pinfo->cinfo, COL_INFO); - /* List of fields */ - static hf_register_info hf[] = - { - { &hf_goose_appid, - { "APPID", "goose.appid", FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + /* Session header subtree */ + item = proto_tree_add_item(parent_tree, hf_goose_session_header, tvb, 0, + -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_session_header); + + /* SPDU ID */ + proto_tree_add_item(tree, hf_goose_spdu_id, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* Session header length */ + proto_tree_add_item(tree, hf_goose_session_hdr_length, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* Header content indicator */ + proto_tree_add_item(tree, hf_goose_content_id, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* Length */ + proto_tree_add_item(tree, hf_goose_hdr_length, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* SPDU length */ + proto_tree_add_item(tree, hf_goose_spdu_lenth, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* SPDU number */ + proto_tree_add_item(tree, hf_goose_spdu_num, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* Version */ + proto_tree_add_item(tree, hf_goose_version, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + /* Security information subtree */ + item = proto_tree_add_item(tree, hf_goose_security_info, tvb, offset, -1, + ENC_NA); + tree = proto_item_add_subtree(item, ett_security_info); + /* Time of current key */ + proto_tree_add_item(tree, hf_goose_current_key_t, tvb, offset, 4, + ENC_BIG_ENDIAN); + offset += 4; + /* Time of next key */ + proto_tree_add_item(tree, hf_goose_next_key_t, tvb, offset, 2, + ENC_BIG_ENDIAN); + offset += 2; + /* Key ID */ + proto_tree_add_item(tree, hf_goose_key_id, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + /* Initialization vector length */ + proto_tree_add_item_ret_uint(tree, hf_goose_init_vec_length, tvb, offset++, 1, + ENC_BIG_ENDIAN, &init_v_length); + if (init_v_length > 0) { + /* Initialization vector bytes */ + proto_tree_add_item(tree, hf_goose_init_vec, tvb, offset, init_v_length, + ENC_NA); + } + offset += init_v_length; + + /* Session user information subtree */ + item = proto_tree_add_item(parent_tree, hf_goose_session_user_info, tvb, + offset, -1, ENC_NA); + sess_user_info_tree = proto_item_add_subtree(item, ett_payload); + + /* Payload subtree */ + item = proto_tree_add_item(sess_user_info_tree, hf_goose_payload, tvb, + offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_payload); + /* Payload length */ + proto_tree_add_item_ret_uint(tree, hf_goose_payload_length, tvb, offset, 4, + ENC_BIG_ENDIAN, &payload_length); + offset += 4; + + while (apdu_offset < payload_length){ + /* APDU tag */ + proto_tree_add_item_ret_uint(tree, hf_goose_apdu_tag, tvb, offset++, 1, + ENC_BIG_ENDIAN, &payload_tag); + /* Simulation flag */ + proto_tree_add_item(tree, hf_goose_apdu_simulation, tvb, offset++, 1, + ENC_BIG_ENDIAN); + /* APPID */ + proto_tree_add_item(tree, hf_goose_apdu_appid, tvb, offset, 2, + ENC_BIG_ENDIAN); + offset += 2; + + if (payload_tag != OSI_PDU_GOOSE) { + return tvb_captured_length(tvb); + } - { &hf_goose_length, - { "Length", "goose.length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + /* APDU length */ + proto_tree_add_item_ret_uint(tree, hf_goose_apdu_length, tvb, offset, 2, + ENC_BIG_ENDIAN, &apdu_length); - { &hf_goose_reserve1, - { "Reserved 1", "goose.reserve1", FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + apdu_offset += (APDU_HEADER_SIZE + apdu_length); + offset += 2; - { &hf_goose_reserve2, - { "Reserved 2", "goose.reserve2", FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + old_offset = offset; + offset = dissect_goose_GOOSEpdu(FALSE, tvb, offset, &asn1_ctx , tree, -1); + if (offset == old_offset) { + proto_tree_add_expert(tree, pinfo, &ei_goose_zero_pdu, tvb, offset, -1); + break; + } + } -#include "packet-goose-hfarr.c" - }; + /* Check do we have padding bytes */ + if ((tvb_captured_length(tvb) > offset) && + (tvb_get_guint8(tvb, offset) == 0xAF)) { + /* Padding subtree */ + item = proto_tree_add_item(sess_user_info_tree, hf_goose_padding, tvb, + offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_padding); + + /* Padding tag */ + proto_tree_add_item(tree, hf_goose_padding_tag, tvb, offset++, 1, + ENC_NA); + /* Padding length */ + proto_tree_add_item_ret_uint(tree, hf_goose_padding_length, tvb, offset++, 1, + ENC_BIG_ENDIAN, &padding_length); + /* Padding bytes */ + proto_tree_add_item(tree, hf_goose_padding, tvb, offset, padding_length, + ENC_NA); + offset += padding_length; + } - /* List of subtrees */ - static gint *ett[] = { - &ett_goose, -#include "packet-goose-ettarr.c" - }; + /* Check do we have HMAC bytes */ + if (tvb_captured_length(tvb) > offset) { + /* HMAC bytes */ + proto_tree_add_item(sess_user_info_tree, hf_goose_hmac, tvb, offset, + tvb_captured_length(tvb) - offset, ENC_NA); + } - static ei_register_info ei[] = { - { &ei_goose_mal_utctime, { "goose.malformed.utctime", PI_MALFORMED, PI_WARN, "BER Error: malformed UTCTime encoding", EXPFILL }}, - { &ei_goose_zero_pdu, { "goose.zero_pdu", PI_PROTOCOL, PI_ERROR, "Internal error, zero-byte GOOSE PDU", EXPFILL }}, - }; + return tvb_captured_length(tvb); +} - expert_module_t* expert_goose; +static gboolean +dissect_rgoose_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void *data) +{ + guint8 spdu; + + /* Check do we have at least min size of Session header bytes */ + if (tvb_captured_length(tvb) < 27) { + return FALSE; + } + + /* Is it R-GOOSE? */ + spdu = tvb_get_guint8(tvb, 0); + if (spdu != OSI_SPDU_GOOSE) { + return FALSE; + } + + dissect_rgoose(tvb, pinfo, parent_tree, data); + return TRUE; +} + +static gboolean +dissect_cltp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + void *data _U_) +{ + guint8 li, tpdu, spdu; + + /* First, check do we have at least 2 bytes (length + tpdu) */ + if (tvb_captured_length(tvb) < 2) { + return FALSE; + } + + li = tvb_get_guint8(tvb, 0); + + /* Is it OSI on top of the UDP? */ + tpdu = (tvb_get_guint8(tvb, 1) & 0xF0) >> 4; + if (tpdu != 0x4) { + return FALSE; + } + + /* Check do we have SPDU ID byte, too */ + if (tvb_captured_length(tvb) < (guint) (li + 2)) { + return FALSE; + } + + /* And let's see if it is GOOSE SPDU */ + spdu = tvb_get_guint8(tvb, li + 1); + if (spdu != OSI_SPDU_GOOSE) { + return FALSE; + } + + call_dissector(ositp_handle, tvb, pinfo, parent_tree); + return TRUE; +} + + +/*--- proto_register_goose -------------------------------------------*/ +void proto_register_goose(void) { + + /* List of fields */ + static hf_register_info hf[] = + { + { &hf_goose_session_header, + { "Session header", "rgoose.session_hdr", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_id, + { "Session identifier", "rgoose.spdu_id", + FT_UINT8, BASE_HEX_DEC, VALS(ositp_spdu_id), 0x0, NULL, HFILL }}, + + { &hf_goose_session_hdr_length, + { "Session header length", "rgoose.session_hdr_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_content_id, + { "Common session header identifier", "rgoose.common_session_id", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_hdr_length, + { "Header length", "rgoose.hdr_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_lenth, + { "SPDU length", "rgoose.spdu_len", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_spdu_num, + { "SPDU number", "rgoose.spdu_num", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_version, + { "Version", "rgoose.version", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_security_info, + { "Security information", "rgoose.sec_info", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_current_key_t, + { "Time of current key", "rgoose.curr_key_t", + FT_UINT32, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_next_key_t, + { "Time of next key", "rgoose.next_key_t", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_key_id, + { "Key ID", "rgoose.key_id", + FT_UINT32, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_init_vec_length, + { "Initialization vector length", "rgoose.init_v_len", + FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_init_vec, + { "Initialization vector", "rgoose.init_v", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_session_user_info, + { "Session user information", "rgoose.session_user_info", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_payload, + { "Payload", "rgoose.payload", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_payload_length, + { "Payload length", "rgoose.payload_len", + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_tag, + { "Payload type tag", "rgoose.pdu_tag", + FT_UINT8, BASE_HEX_DEC, VALS(ositp_pdu_id), 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_simulation, + { "Simulation flag", "rgoose.simulation", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_appid, + { "APPID", "rgoose.appid", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_apdu_length, + { "APDU length", "rgoose.apdu_len", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding_tag, + { "Padding", "rgoose.padding_tag", + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding_length, + { "Padding length", "rgoose.padding_len", + FT_UINT8, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_padding, + { "Padding", "rgoose.padding", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_hmac, + { "HMAC", "rgoose.hmac", + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_appid, + { "APPID", "goose.appid", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_length, + { "Length", "goose.length", + FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_reserve1, + { "Reserved 1", "goose.reserve1", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + { &hf_goose_reserve2, + { "Reserved 2", "goose.reserve2", + FT_UINT16, BASE_HEX_DEC, NULL, 0x0, NULL, HFILL }}, + + #include "packet-goose-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_session_header, + &ett_security_info, + &ett_session_user_info, + &ett_payload, + &ett_padding, + &ett_goose, + #include "packet-goose-ettarr.c" + }; + + static ei_register_info ei[] = { + { &ei_goose_mal_utctime, + { "goose.malformed.utctime", PI_MALFORMED, PI_WARN, + "BER Error: malformed UTCTime encoding", EXPFILL }}, + { &ei_goose_zero_pdu, + { "goose.zero_pdu", PI_PROTOCOL, PI_ERROR, + "Internal error, zero-byte GOOSE PDU", EXPFILL }}, + }; + + expert_module_t* expert_goose; /* Register protocol */ proto_goose = proto_register_protocol(PNAME, PSNAME, PFNAME); @@ -144,4 +524,11 @@ void proto_register_goose(void) { void proto_reg_handoff_goose(void) { dissector_add_uint("ethertype", ETHERTYPE_IEC61850_GOOSE, goose_handle); + + ositp_handle = find_dissector_add_dependency("ositp", proto_goose); + + heur_dissector_add("udp", dissect_cltp_heur, + "CLTP over UDP", "cltp_udp", proto_goose, HEURISTIC_ENABLE); + heur_dissector_add("cltp", dissect_rgoose_heur, + "R-GOOSE (GOOSE over CLTP)", "rgoose_cltp", proto_goose, HEURISTIC_ENABLE); } |