diff options
author | Dylan Ulis <daulis0@gmail.com> | 2018-12-09 19:31:16 -0500 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-12-10 14:42:31 +0000 |
commit | 39ac1a6694f0624ab9ac861b53734e31242b6967 (patch) | |
tree | 130225e3ff63b16b0c047b5a49528fed7b7a28d7 /epan | |
parent | e2a3616bfe8163839903478a2569c2470697bca5 (diff) |
CIP: Add Connection Index
Add cip.connection. This works just like tcp.stream, but for CIP
connections. This is added to CIP connected messages and the Forward
Open/Close messages.
Change-Id: Ib358c00dc0a4fd61065cb22b0e9b574ac43a44a4
Reviewed-on: https://code.wireshark.org/review/30984
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-cip.c | 23 | ||||
-rw-r--r-- | epan/dissectors/packet-enip.c | 19 |
2 files changed, 41 insertions, 1 deletions
diff --git a/epan/dissectors/packet-cip.c b/epan/dissectors/packet-cip.c index 41b84b5938..f172e48843 100644 --- a/epan/dissectors/packet-cip.c +++ b/epan/dissectors/packet-cip.c @@ -519,6 +519,8 @@ static int hf_32bitheader_roo = -1; static int hf_32bitheader_coo = -1; static int hf_32bitheader_run_idle = -1; +static int hf_cip_connection = -1; + /* Initialize the subtree pointers */ static gint ett_cip = -1; static gint ett_cip_class_generic = -1; @@ -6272,6 +6274,17 @@ static void dissect_connection_triad(tvbuff_t *tvb, int offset, proto_tree *tree } } +// Mark this message as belonging to a specific CIP connection index. +static void mark_cip_connection(packet_info* pinfo, tvbuff_t* tvb, proto_tree* tree) +{ + enip_conn_val_t* conn_val = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO); + if (conn_val) + { + proto_item* pi = proto_tree_add_uint(tree, hf_cip_connection, tvb, 0, 0, conn_val->connid); + PROTO_ITEM_SET_GENERATED(pi); + } +} + static void dissect_cip_cm_fwd_open_req(cip_req_info_t *preq_info, proto_tree *cmd_tree, tvbuff_t *tvb, int offset, gboolean large_fwd_open, packet_info *pinfo) { @@ -6384,6 +6397,8 @@ dissect_cip_cm_fwd_open_req(cip_req_info_t *preq_info, proto_tree *cmd_tree, tvb tvb_memcpy(tvb, preq_info->connInfo->pFwdOpenPathData, offset + 26 + net_param_offset + 6, conn_path_size); } } + + mark_cip_connection(pinfo, tvb, cmd_tree); } static void @@ -6468,6 +6483,8 @@ dissect_cip_cm_fwd_open_rsp_success(cip_req_info_t *preq_info, proto_tree *tree, } } + mark_cip_connection(pinfo, tvb, tree); + /* See if we've captured the ForwardOpen request. If so some of the conversation data has already been populated and we just need to update it. */ if (pinfo->fd->flags.visited) @@ -6738,6 +6755,7 @@ dissect_cip_cm_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_ } enip_close_cip_connection( pinfo, &conn_triad); + mark_cip_connection(pinfo, tvb, cmd_data_tree); } /* End of if forward close response */ break; @@ -6861,6 +6879,9 @@ dissect_cip_cm_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_ /* Add the EPATH */ epath_tree = proto_tree_add_subtree(cmd_data_tree, tvb, offset+2+req_path_size+12, conn_path_size, ett_path, &pi, "Connection Path: "); dissect_epath(tvb, pinfo, epath_tree, pi, offset + 2 + req_path_size + 12, conn_path_size, FALSE, FALSE, &conn_path, NULL, DISPLAY_CONNECTION_PATH, NULL, FALSE); + + mark_cip_connection(pinfo, tvb, cmd_data_tree); + break; } case SC_CM_UNCON_SEND: @@ -8323,6 +8344,8 @@ proto_register_cip(void) { &hf_32bitheader_roo, { "ROO", "cip.32bitheader.roo", FT_UINT32, BASE_HEX, NULL, 0xC, "Ready for Ownership of Outputs", HFILL } }, { &hf_32bitheader_coo, { "COO", "cip.32bitheader.coo", FT_UINT32, BASE_HEX, NULL, 0x2, "Claim Output Ownership", HFILL } }, { &hf_32bitheader_run_idle, { "Run/Idle", "cip.32bitheader.run_idle", FT_UINT32, BASE_HEX, VALS(cip_run_idle_vals), 0x1, NULL, HFILL } }, + + { &hf_cip_connection, { "CIP Connection Index", "cip.connection", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, }; static hf_register_info hf_cm[] = { diff --git a/epan/dissectors/packet-enip.c b/epan/dissectors/packet-enip.c index 1715ee2064..029a83a588 100644 --- a/epan/dissectors/packet-enip.c +++ b/epan/dissectors/packet-enip.c @@ -164,6 +164,7 @@ static int hf_enip_response_in = -1; static int hf_enip_response_to = -1; static int hf_enip_time = -1; static int hf_enip_fwd_open_in = -1; +static int hf_cip_connection = -1; static int hf_cip_io_data = -1; /* Parsed Attributes */ @@ -1033,7 +1034,7 @@ static gchar* cip_connection_conv_filter(packet_info *pinfo) * Connection management */ static wmem_map_t *enip_conn_hashtable = NULL; -static guint32 enip_unique_connid = 1; +static guint32 enip_unique_connid; static gint enip_conn_equal(gconstpointer v, gconstpointer w) @@ -2190,6 +2191,11 @@ attribute_info_t enip_attribute_vals[99] = { {0x5F, FALSE, 4, 3, "CA Certificate", cip_dissector_func, NULL, dissect_eip_cert_ca_cert}, }; +static void enip_init_protocol(void) +{ + enip_unique_connid = 0; +} + // offset - Starts at the "Encapsulation Protocol Version" field. static void dissect_item_list_identity(packet_info* pinfo, tvbuff_t* tvb, int offset, proto_tree* item_tree) { @@ -2341,6 +2347,9 @@ static void display_connection_information(packet_info* pinfo, tvbuff_t* tvb, pr pi = proto_tree_add_uint_format_value(conn_info_tree, hf_cip_cm_to_api, tvb, 0, 0, conn_info->T2Oapi, "%dms (0x%08X)", conn_info->T2Oapi / 1000, conn_info->T2Oapi); PROTO_ITEM_SET_GENERATED(pi); + pi = proto_tree_add_uint(conn_info_tree, hf_cip_connection, tvb, 0, 0, conn_info->connid); + PROTO_ITEM_SET_GENERATED(pi); + pi = proto_tree_add_uint(conn_info_tree, hf_enip_fwd_open_in, tvb, 0, 0, conn_info->open_frame); PROTO_ITEM_SET_GENERATED(pi); } @@ -3545,6 +3554,12 @@ proto_register_enip(void) // Generated API data. { &hf_cip_cm_ot_api, { "O->T API", "cip.cm.otapi", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_cip_cm_to_api, { "T->O API", "cip.cm.toapi", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, + + { &hf_cip_connection, + { "CIP Connection Index", "cip.connection", + FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL } }, + { &hf_cip_io_data, { "Data", "cipio.data", FT_BYTES, BASE_NONE|BASE_ALLOW_ZERO, NULL, 0x0, @@ -4649,6 +4664,8 @@ proto_register_enip(void) enip_request_hashtable = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), enip_request_hash, enip_request_equal); enip_conn_hashtable = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), enip_conn_hash, enip_conn_equal); + register_init_routine(&enip_init_protocol); + /* Register the protocol name and description */ proto_dlr = proto_register_protocol("Device Level Ring", "DLR", "dlr"); |