CIP: Add Connection Index

Add cip.connection. This works just like tcp.stream, but for CIP connections. This is added to CIP connected messages and the Forward Open/Close messages. Change-Id: Ib358c00dc0a4fd61065cb22b0e9b574ac43a44a4 Reviewed-on: https://code.wireshark.org/review/30984 Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Dylan Ulis <daulis0@gmail.com> 2018-12-09 19:31:16 -0500
committer: Anders Broman <a.broman58@gmail.com> 2018-12-10 14:42:31 +0000
commit: 39ac1a6694f0624ab9ac861b53734e31242b6967 (patch)
tree: 130225e3ff63b16b0c047b5a49528fed7b7a28d7 /epan
parent: e2a3616bfe8163839903478a2569c2470697bca5 (diff)
2 files changed, 41 insertions, 1 deletions
diff --git a/epan/dissectors/packet-cip.c b/epan/dissectors/packet-cip.c
index 41b84b5938..f172e48843 100644
--- a/epan/dissectors/packet-cip.c
+++ b/epan/dissectors/packet-cip.c
@@ -519,6 +519,8 @@ static int hf_32bitheader_roo = -1;
 static int hf_32bitheader_coo = -1;
 static int hf_32bitheader_run_idle = -1;
 
+static int hf_cip_connection = -1;
+
 /* Initialize the subtree pointers */
 static gint ett_cip = -1;
 static gint ett_cip_class_generic = -1;
@@ -6272,6 +6274,17 @@ static void dissect_connection_triad(tvbuff_t *tvb, int offset, proto_tree *tree
    }
 }
 
+// Mark this message as belonging to a specific CIP connection index.
+static void mark_cip_connection(packet_info* pinfo, tvbuff_t* tvb, proto_tree* tree)
+{
+    enip_conn_val_t* conn_val = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO);
+    if (conn_val)
+    {
+        proto_item* pi = proto_tree_add_uint(tree, hf_cip_connection, tvb, 0, 0, conn_val->connid);
+        PROTO_ITEM_SET_GENERATED(pi);
+    }
+}
+
 static void
 dissect_cip_cm_fwd_open_req(cip_req_info_t *preq_info, proto_tree *cmd_tree, tvbuff_t *tvb, int offset, gboolean large_fwd_open, packet_info *pinfo)
 {
@@ -6384,6 +6397,8 @@ dissect_cip_cm_fwd_open_req(cip_req_info_t *preq_info, proto_tree *cmd_tree, tvb
          tvb_memcpy(tvb, preq_info->connInfo->pFwdOpenPathData, offset + 26 + net_param_offset + 6, conn_path_size);
       }
    }
+
+   mark_cip_connection(pinfo, tvb, cmd_tree);
 }
 
 static void
@@ -6468,6 +6483,8 @@ dissect_cip_cm_fwd_open_rsp_success(cip_req_info_t *preq_info, proto_tree *tree,
       }
    }
 
+   mark_cip_connection(pinfo, tvb, tree);
+
    /* See if we've captured the ForwardOpen request.  If so some of the conversation data has already been
       populated and we just need to update it. */
    if (pinfo->fd->flags.visited)
@@ -6738,6 +6755,7 @@ dissect_cip_cm_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_
                }
 
                enip_close_cip_connection( pinfo, &conn_triad);
+               mark_cip_connection(pinfo, tvb, cmd_data_tree);
 
             } /* End of if forward close response */
             break;
@@ -6861,6 +6879,9 @@ dissect_cip_cm_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_
             /* Add the EPATH */
             epath_tree = proto_tree_add_subtree(cmd_data_tree, tvb, offset+2+req_path_size+12, conn_path_size, ett_path, &pi, "Connection Path: ");
             dissect_epath(tvb, pinfo, epath_tree, pi, offset + 2 + req_path_size + 12, conn_path_size, FALSE, FALSE, &conn_path, NULL, DISPLAY_CONNECTION_PATH, NULL, FALSE);
+
+            mark_cip_connection(pinfo, tvb, cmd_data_tree);
+
             break;
          }
          case SC_CM_UNCON_SEND:
@@ -8323,6 +8344,8 @@ proto_register_cip(void)
       { &hf_32bitheader_roo, { "ROO", "cip.32bitheader.roo", FT_UINT32, BASE_HEX, NULL, 0xC, "Ready for Ownership of Outputs", HFILL } },
       { &hf_32bitheader_coo, { "COO", "cip.32bitheader.coo", FT_UINT32, BASE_HEX, NULL, 0x2, "Claim Output Ownership", HFILL } },
       { &hf_32bitheader_run_idle, { "Run/Idle", "cip.32bitheader.run_idle", FT_UINT32, BASE_HEX, VALS(cip_run_idle_vals), 0x1, NULL, HFILL } },
+
+      { &hf_cip_connection, { "CIP Connection Index", "cip.connection", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
    };
 
    static hf_register_info hf_cm[] = {
diff --git a/epan/dissectors/packet-enip.c b/epan/dissectors/packet-enip.c
index 1715ee2064..029a83a588 100644
--- a/epan/dissectors/packet-enip.c
+++ b/epan/dissectors/packet-enip.c
@@ -164,6 +164,7 @@ static int hf_enip_response_in = -1;
 static int hf_enip_response_to = -1;
 static int hf_enip_time = -1;
 static int hf_enip_fwd_open_in = -1;
+static int hf_cip_connection = -1;
 static int hf_cip_io_data = -1;
 
 /* Parsed Attributes */
@@ -1033,7 +1034,7 @@ static gchar* cip_connection_conv_filter(packet_info *pinfo)
  * Connection management
  */
 static wmem_map_t *enip_conn_hashtable = NULL;
-static guint32 enip_unique_connid = 1;
+static guint32 enip_unique_connid;
 
 static gint
 enip_conn_equal(gconstpointer v, gconstpointer w)
@@ -2190,6 +2191,11 @@ attribute_info_t enip_attribute_vals[99] = {
    {0x5F, FALSE, 4, 3, "CA Certificate",  cip_dissector_func,   NULL, dissect_eip_cert_ca_cert},
 };
 
+static void enip_init_protocol(void)
+{
+   enip_unique_connid = 0;
+}
+
 // offset - Starts at the "Encapsulation Protocol Version" field.
 static void dissect_item_list_identity(packet_info* pinfo, tvbuff_t* tvb, int offset, proto_tree* item_tree)
 {
@@ -2341,6 +2347,9 @@ static void display_connection_information(packet_info* pinfo, tvbuff_t* tvb, pr
    pi = proto_tree_add_uint_format_value(conn_info_tree, hf_cip_cm_to_api, tvb, 0, 0, conn_info->T2Oapi, "%dms (0x%08X)", conn_info->T2Oapi / 1000, conn_info->T2Oapi);
    PROTO_ITEM_SET_GENERATED(pi);
 
+   pi = proto_tree_add_uint(conn_info_tree, hf_cip_connection, tvb, 0, 0, conn_info->connid);
+   PROTO_ITEM_SET_GENERATED(pi);
+
    pi = proto_tree_add_uint(conn_info_tree, hf_enip_fwd_open_in, tvb, 0, 0, conn_info->open_frame);
    PROTO_ITEM_SET_GENERATED(pi);
 }
@@ -3545,6 +3554,12 @@ proto_register_enip(void)
       // Generated API data.
       { &hf_cip_cm_ot_api, { "O->T API", "cip.cm.otapi", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } },
       { &hf_cip_cm_to_api, { "T->O API", "cip.cm.toapi", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } },
+
+      { &hf_cip_connection,
+        { "CIP Connection Index", "cip.connection",
+          FT_UINT32, BASE_DEC, NULL, 0x0,
+          NULL, HFILL } },
+
       { &hf_cip_io_data,
         { "Data", "cipio.data",
           FT_BYTES, BASE_NONE|BASE_ALLOW_ZERO, NULL, 0x0,
@@ -4649,6 +4664,8 @@ proto_register_enip(void)
    enip_request_hashtable = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), enip_request_hash, enip_request_equal);
    enip_conn_hashtable = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), enip_conn_hash, enip_conn_equal);
 
+   register_init_routine(&enip_init_protocol);
+
    /* Register the protocol name and description */
    proto_dlr = proto_register_protocol("Device Level Ring", "DLR", "dlr");
author	Dylan Ulis <daulis0@gmail.com>	2018-12-09 19:31:16 -0500
committer	Anders Broman <a.broman58@gmail.com>	2018-12-10 14:42:31 +0000
commit	39ac1a6694f0624ab9ac861b53734e31242b6967 (patch)
tree	130225e3ff63b16b0c047b5a49528fed7b7a28d7 /epan
parent	e2a3616bfe8163839903478a2569c2470697bca5 (diff)