From Patrick White via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7061 :

Add UDP to BFCP dissector and dissect new primitives and attibutes From me: add an expert info in case of invalid payload length to avoid a potential infinite loop svn path=/trunk/; revision=42160
author: pascal <pascal@localhost> 2012-04-20 14:41:34 +0000
committer: pascal <pascal@localhost> 2012-04-20 14:41:34 +0000
commit: 3140c10fbbba062bfbee1bb7e339a1b76a060862 (patch)
tree: bb1e1bcda3eff2e9d20833704fe040fa76bcfec6 /epan/dissectors/packet-bfcp.c
parent: d74383ed1cdd748cc12504afbf2dc6582997b42c (diff)
1 files changed, 144 insertions, 21 deletions
diff --git a/epan/dissectors/packet-bfcp.c b/epan/dissectors/packet-bfcp.c
index c33530acca..62ceb47db0 100644
--- a/epan/dissectors/packet-bfcp.c
+++ b/epan/dissectors/packet-bfcp.c
@@ -32,18 +32,24 @@
 
 #include <epan/packet.h>
 #include <epan/prefs.h>
+#include <epan/expert.h>
 
 /* Initialize protocol and registered fields */
 static int proto_bfcp = -1;
 static gboolean  bfcp_enable_heuristic_dissection = FALSE; 
 static dissector_handle_t bfcp_handle;
 
+
+static int hf_bfcp_transaction_initiator = -1;
 static int hf_bfcp_primitive = -1;
 static int hf_bfcp_payload_length = -1;
 static int hf_bfcp_conference_id = -1;
 static int hf_bfcp_transaction_id = -1;
 static int hf_bfcp_user_id = -1;
 static int hf_bfcp_payload = -1;
+static int hf_bfcp_attribute_types = -1;
+static int hf_bfcp_attribute_length = -1;
+static int hf_bfcp_request_status = -1;
 
 /* Initialize subtree pointers */
 static gint ett_bfcp = -1;
@@ -64,10 +70,51 @@ static const value_string map_bfcp_primitive[] = {
 	{ 11, "Hello"},
 	{ 12, "HelloAck"},
 	{ 13, "Error"},
+	{ 14, "FloorRequestStatusAck"},
+	{ 15, "ErrorAck"},
+	{ 16, "FloorStatusAck"}, 
+	{ 17, "Goodbye"},
+	{ 18, "GoodbyeAck"},
+	{ 0,  NULL},
+};
+
+static const value_string map_bfcp_attribute_types[] = {
+	{ 0,  "<Invalid Primitive>"},
+	{ 1,  "BeneficiaryID"},
+	{ 2,  "FloorID"},
+	{ 3,  "FloorRequestID"},
+	{ 4,  "Priority"},
+	{ 5,  "RequestStatus"},
+	{ 6,  "ErrorCode"},
+	{ 7,  "ErrorInfo"},
+	{ 8,  "ParticipantProvidedInfo"},
+	{ 9,  "StatusInfo"},
+	{ 10, "SupportedAttributes"},
+	{ 11, "SupportedPrimitives"},
+	{ 12, "UserDisplayName"},
+	{ 13, "UserURI"},
+	{ 14, "BeneficiaryInformation"},
+	{ 15, "FloorRequestInformation"},
+	{ 16, "RequestedByInformation"},
+	{ 17, "FloorRequestStatus"},
+	{ 18, "OverallRequestStatus"},
+	{ 0,  NULL},
+};
+
+static const value_string map_bfcp_request_status[] = {
+	{ 0,  "<Invalid Primitive>"},
+	{ 1,  "Pending"},
+	{ 2,  "Accepted"},
+	{ 3,  "Granted"},
+	{ 4,  "Denied"},
+	{ 5,  "Cancelled"},
+	{ 6,  "Released"},
+	{ 7,  "Revoked"},
 	{ 0,  NULL},
 };
 
 /*Define offset for fields in BFCP packet */
+#define BFCP_OFFSET_TRANSACTION_INITIATOR 0
 #define BFCP_OFFSET_PRIMITIVE 1
 #define BFCP_OFFSET_PAYLOAD_LENGTH 2
 #define BFCP_OFFSET_CONFERENCE_ID 4
@@ -76,13 +123,13 @@ static const value_string map_bfcp_primitive[] = {
 #define BFCP_OFFSET_PAYLOAD 12
 
 /* Code to actually dissect BFCP packets */
-static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
+static gboolean dissect_bfcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
 	guint8 first_byte = 0;
 	guint8 primitive = 0;
 	const gchar *str = NULL;
 	guint idx = 0;
-	gint bfcp_payload_length = 0;
+	gint bfcp_payload_length;
 	
 	/* Size of smallest BFCP packet 12-octets */
 	if (tvb_length(tvb) < 12)
@@ -91,16 +138,16 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
 	/* Check version and reserved bits in first byte */
 	first_byte = tvb_get_guint8 (tvb, 0);
 
-	/* If first_byte of bfcp_packet is not 0x20 then 
- 	 * this can not be a BFCP. Return FALSE give another 
- 	 * dissector a chance to dissect it.
+	/* If first_byte of bfcp_packet is a combination of the
+	 * version and the I bit. The value must be either 0x20 or 0x30
+	 * if the bit is set, otherwise it is not BFCP.
  	 */
-	if (first_byte != 0x20)
+	if (first_byte != 0x20 && first_byte != 0x30 )
 		return FALSE;
 	
 	primitive = tvb_get_guint8 (tvb, 1);
 
-	if (primitive < 1 || primitive > 13)
+	if (primitive < 1 || primitive > 18 )
 		return FALSE;
 
 	str = match_strval_idx(primitive, map_bfcp_primitive, &idx);
@@ -112,7 +159,7 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
 	col_add_str (pinfo->cinfo, COL_INFO, str);
 	
 	if (tree) {
-
+		gint read_attr = 0;
 		proto_item *ti = NULL;
 		proto_tree *bfcp_tree = NULL;
 
@@ -120,6 +167,8 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
 		bfcp_tree = proto_item_add_subtree(ti, ett_bfcp);
 		
 		/* Add items to BFCP tree */
+		proto_tree_add_item(bfcp_tree, hf_bfcp_transaction_initiator, tvb,
+				BFCP_OFFSET_TRANSACTION_INITIATOR, 1, ENC_BIG_ENDIAN);
 		proto_tree_add_item(bfcp_tree, hf_bfcp_primitive, tvb, 
 			BFCP_OFFSET_PRIMITIVE, 1, ENC_BIG_ENDIAN);
 		proto_tree_add_item(bfcp_tree, hf_bfcp_payload_length, tvb, 
@@ -132,12 +181,54 @@ static gboolean dissect_bfcp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
 			BFCP_OFFSET_USER_ID, 2, ENC_BIG_ENDIAN);
 
 		bfcp_payload_length = tvb_get_ntohs(tvb, 
-					BFCP_OFFSET_PAYLOAD_LENGTH); 
+					BFCP_OFFSET_PAYLOAD_LENGTH) * 4;
+
+		while( tvb_length_remaining(tvb, BFCP_OFFSET_PAYLOAD + read_attr) >= 2 &&
+				(bfcp_payload_length - read_attr) >= 2 )
+		{
+			gint read = 0;
+			guint8 first_byte = 0;
+			guint8 attribute_type = 0;
+			guint8 length = 0;
+			first_byte = tvb_get_guint8 (tvb, BFCP_OFFSET_PAYLOAD + read_attr );
+
+			/* Padding so continue to next attribute */
+			if( first_byte == 0 )
+			{
+				read_attr++;
+				continue;
+			}
+
+			proto_tree_add_item(bfcp_tree, hf_bfcp_attribute_types, tvb,
+					BFCP_OFFSET_PAYLOAD + read_attr,1, ENC_BIG_ENDIAN);
+			attribute_type = (first_byte & 0xFE) >> 1;
+			read++;
 
-		if (tvb_length_remaining(tvb, BFCP_OFFSET_PAYLOAD) > 0)
-        		proto_tree_add_item(bfcp_tree, hf_bfcp_payload, tvb, 
-				BFCP_OFFSET_PAYLOAD, bfcp_payload_length, 
-				ENC_NA);
+			ti = proto_tree_add_item(bfcp_tree, hf_bfcp_attribute_length, tvb,
+					BFCP_OFFSET_PAYLOAD + read_attr + read,1, ENC_BIG_ENDIAN);
+			length = tvb_get_guint8 (tvb, BFCP_OFFSET_PAYLOAD  + read_attr + read );
+			read++;
+
+			/* If RequestStatus then show what type of status it is... */
+			if( attribute_type == 5 )
+			{
+				proto_tree_add_item(bfcp_tree, hf_bfcp_request_status, tvb,
+						BFCP_OFFSET_PAYLOAD + read_attr + read,1, ENC_BIG_ENDIAN);
+				read++;
+			}
+			if (length >= read)
+			{
+				proto_tree_add_item(bfcp_tree, hf_bfcp_payload, tvb,
+						BFCP_OFFSET_PAYLOAD + read_attr + read, length-read, ENC_NA);
+			}
+			else
+			{
+				expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_ERROR,
+					"Attribute length is too small (%d bytes)", length);
+				break;
+			}
+			read_attr = read_attr + length;
+		}
 	}
 	return TRUE;	
 }
@@ -150,16 +241,20 @@ void proto_reg_handoff_bfcp(void)
    	 *  Heuristic dissection in disabled by default since 
 	 *  the heuristic is quite weak.
          */
-  	if (!prefs_initialized) {
-		heur_dissector_add ("tcp", dissect_bfcp_tcp, proto_bfcp);
-		bfcp_handle = new_create_dissector_handle(dissect_bfcp_tcp, 
-					proto_bfcp);
-    		dissector_add_handle("tcp.port", bfcp_handle);
-
-	    	prefs_initialized = TRUE;
+  	if (!prefs_initialized)
+  	{
+		heur_dissector_add ("tcp", dissect_bfcp, proto_bfcp);
+		heur_dissector_add ("udp", dissect_bfcp, proto_bfcp);
+		bfcp_handle = new_create_dissector_handle(dissect_bfcp, proto_bfcp);
+		dissector_add_handle("tcp.port", bfcp_handle);
+		dissector_add_handle("udp.port", bfcp_handle);
+    	prefs_initialized = TRUE;
 	}
 
-	heur_dissector_set_enabled("tcp", dissect_bfcp_tcp, proto_bfcp, 
+	heur_dissector_set_enabled("tcp", dissect_bfcp, proto_bfcp,
+				   bfcp_enable_heuristic_dissection);
+
+	heur_dissector_set_enabled("udp", dissect_bfcp, proto_bfcp,
 				   bfcp_enable_heuristic_dissection);
 }
 
@@ -169,6 +264,13 @@ void proto_register_bfcp(void)
 
 	static hf_register_info hf[] = {
 		{
+			&hf_bfcp_transaction_initiator,
+			{ "Transaction Initiator", "bfcp.transaction_initiator",
+			  FT_BOOLEAN, 8,
+			  NULL, 0x10,
+			  NULL, HFILL }
+		},
+		{
 			&hf_bfcp_primitive,
 			{ "Primitive", "bfcp.primitive",
 			  FT_UINT8, BASE_DEC,
@@ -209,6 +311,27 @@ void proto_register_bfcp(void)
 			  FT_BYTES, BASE_NONE, 
 			  NULL, 0x0, NULL,
 			  HFILL }
+		},
+		{
+			&hf_bfcp_attribute_types,
+			{ "Attribute Type", "bfcp.attribute_type",
+			  FT_UINT8, BASE_DEC,
+			  VALS(map_bfcp_attribute_types), 0xFE,
+			  NULL, HFILL }
+		},
+		{
+			&hf_bfcp_attribute_length,
+			{ "Attribute Length", "bfcp.attribute_length",
+			  FT_UINT16, BASE_DEC,
+			  NULL, 0x0,
+			  NULL, HFILL }
+		},
+		{
+			&hf_bfcp_request_status,
+			{ "Request Status", "bfcp.request_status",
+			  FT_UINT8, BASE_DEC,
+			  VALS(map_bfcp_request_status), 0x0,
+			  NULL, HFILL }
 		}
 	};
author	pascal <pascal@localhost>	2012-04-20 14:41:34 +0000
committer	pascal <pascal@localhost>	2012-04-20 14:41:34 +0000
commit	3140c10fbbba062bfbee1bb7e339a1b76a060862 (patch)
tree	bb1e1bcda3eff2e9d20833704fe040fa76bcfec6 /epan/dissectors/packet-bfcp.c
parent	d74383ed1cdd748cc12504afbf2dc6582997b42c (diff)