diff options
author | Ryan Doyle <ryan@doylenet.net> | 2015-05-31 13:48:44 +1000 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2015-06-04 06:29:36 +0000 |
commit | d67c163eba47a775354f213d99b050881bbcf808 (patch) | |
tree | 92e37dd9f71dc8abd666649782391977e1cdbb7e /epan | |
parent | 305960174de658510c81877bed01323bdb0b9dc6 (diff) |
Dissection support for pmproxy
Implements dissection for the Performance Co-Pilot proxy protocol. Its a
simple protocol that exchanges host and port information and then passes
all traffic via the usual PCP protocol.
Change-Id: I54fbf6b7755b7b1c60e0e1696ac9c4f0d98d8fe7
Reviewed-on: https://code.wireshark.org/review/8704
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-pcp.c | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-pmproxy.c | 270 |
4 files changed, 276 insertions, 2 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index 16e8148b9e..0187643627 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -1125,6 +1125,7 @@ set(DISSECTOR_SRC dissectors/packet-pingpongprotocol.c dissectors/packet-pktc.c dissectors/packet-pktgen.c + dissectors/packet-pmproxy.c dissectors/packet-pnrp.c dissectors/packet-pop.c dissectors/packet-portmap.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index e29a0ced33..de83e957f3 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -1039,6 +1039,7 @@ DISSECTOR_SRC = \ packet-pktap.c \ packet-pktc.c \ packet-pktgen.c \ + packet-pmproxy.c \ packet-pnrp.c \ packet-pop.c \ packet-portmap.c \ diff --git a/epan/dissectors/packet-pcp.c b/epan/dissectors/packet-pcp.c index d6ceb2f928..1de4c09019 100644 --- a/epan/dissectors/packet-pcp.c +++ b/epan/dissectors/packet-pcp.c @@ -32,6 +32,7 @@ void proto_register_pcp(void); void proto_reg_handoff_pcp(void); #define PCP_PORT 44321 +#define PMPROXY_PORT 44322 #define PCP_HEADER_LEN 12 static dissector_handle_t pcp_handle; @@ -1500,7 +1501,7 @@ static int dissect_pcp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr packet_type = tvb_get_ntohl(tvb, 4); /* check if we are the client requesting or the server */ - if (pinfo->srcport == PCP_PORT) { + if (pinfo->srcport == PCP_PORT || pinfo->srcport == PMPROXY_PORT) { col_set_str(pinfo->cinfo, COL_INFO, "Server > Client "); } else { col_set_str(pinfo->cinfo, COL_INFO, "Client > Server "); @@ -2412,11 +2413,12 @@ void proto_register_pcp(void) proto_register_field_array(proto_pcp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + + pcp_handle = new_register_dissector("pcp", dissect_pcp, proto_pcp); } void proto_reg_handoff_pcp(void) { - pcp_handle = new_create_dissector_handle(dissect_pcp, proto_pcp); dissector_add_uint("tcp.port", PCP_PORT, pcp_handle); } diff --git a/epan/dissectors/packet-pmproxy.c b/epan/dissectors/packet-pmproxy.c new file mode 100644 index 0000000000..ef70390a2f --- /dev/null +++ b/epan/dissectors/packet-pmproxy.c @@ -0,0 +1,270 @@ +/* packet-pmproxy.c + * + * Routines for dissecting Performance Co-Pilot Proxy + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" + +#include <epan/packet.h> +#include <epan/conversation.h> + +#define PMPROXY_PORT 44322 +/* length of "pmproxy-server 1\n" and also "pmproxy-client 1\n" */ +#define PMPROXY_CLIENT_SERVER_VERSION_LENGTH 17 +#define PMPROXY_START_OF_PACKET 0 +#define PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH 1 + +static dissector_handle_t pmproxy_handle; +static dissector_handle_t pcp_handle; + +static int proto_pmproxy = -1; + +static int hf_pmproxy_host = -1; +static int hf_pmproxy_port = -1; +static int hf_pmproxy_client_version = -1; +static int hf_pmproxy_server_version = -1; + +static gint ett_pmproxy = -1; + +typedef struct pmproxy_conversation_info_t { + guint32 last_proxy_frame; +} pmproxy_conversation_info_t; + +void proto_register_pmproxy(void); +void proto_reg_handoff_pmproxy(void); + +static int is_ascii(const guchar *data, gint size) +{ + const unsigned char *str = data; + const unsigned char *end = str + size; + for (; str != end; str++) { + if (*str & 0x80) + return FALSE; + } + return TRUE; +} + +static int looks_like_proxy_exchange(tvbuff_t *tvb) { + gint packet_length; + const guchar *packet_data; + + packet_length = tvb_ensure_captured_length_remaining(tvb, PMPROXY_START_OF_PACKET); + packet_data = tvb_get_ptr(tvb, PMPROXY_START_OF_PACKET, packet_length); + + /* A proxy exchange packet only contains ascii characters (eg "localhost 44321") and terminated with \n */ + return is_ascii(packet_data, packet_length) && packet_data[packet_length-1] == '\n'; +} + +static int dissect_proxy_to_host(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + int offset = 0; + gint next_offset; + gint proxy_to_length; + gchar *pmproxy_host_and_port_string; + gchar **host_and_port; + gchar *host; + gchar *port; + + col_set_str(pinfo->cinfo, COL_INFO, "Proxy"); + + proxy_to_length = tvb_find_line_end(tvb, offset, tvb_ensure_captured_length_remaining(tvb, offset), &next_offset, FALSE); + if(proxy_to_length != -1) { + pmproxy_host_and_port_string = (gchar *) tvb_get_string_enc(wmem_packet_scope(), tvb, offset, proxy_to_length, ENC_ASCII); + host_and_port = wmem_strsplit(wmem_packet_scope(), pmproxy_host_and_port_string, " ", -1); + if(host_and_port != NULL) { + host = host_and_port[0]; + port = host_and_port[1]; + proto_tree_add_string(tree, hf_pmproxy_host, tvb, offset, strlen(host), host); + offset += strlen(host) + PMPROXY_HOST_AND_PORT_DELIMETER_LENGTH; + proto_tree_add_string(tree, hf_pmproxy_port, tvb, offset, strlen(port), port); + col_append_fstr(pinfo->cinfo, COL_INFO, " Host=%s, Port=%s", host, port); + } + } + return proxy_to_length; + +} + +static int is_banner_exchange_for(const gchar *type, tvbuff_t *tvb) { + gchar *pmproxy_exchange_string; + + /* Exchange packets have to be this length */ + if(tvb_ensure_captured_length_remaining(tvb, PMPROXY_START_OF_PACKET) != PMPROXY_CLIENT_SERVER_VERSION_LENGTH) { + return 0; + } + + pmproxy_exchange_string = (gchar *) tvb_get_string_enc(wmem_packet_scope(), tvb, PMPROXY_START_OF_PACKET, + PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII); + return g_strcmp0(pmproxy_exchange_string, g_strdup_printf("pmproxy-%s 1\n", type)) == 0; +} + +static int is_server_exchange(tvbuff_t *tvb) { + return is_banner_exchange_for("server", tvb); +} + +static int is_client_exchange(tvbuff_t *tvb) { + return is_banner_exchange_for("client", tvb); +} + +static int dissect_server_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pmproxy_tree) { + int offset = PMPROXY_START_OF_PACKET; + col_set_str(pinfo->cinfo, COL_INFO, "Server exchange"); + proto_tree_add_item(pmproxy_tree, hf_pmproxy_server_version, tvb, offset, PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII|ENC_NA); + offset += PMPROXY_CLIENT_SERVER_VERSION_LENGTH; + return offset; +} + +static int dissect_client_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pmproxy_tree) { + int offset = PMPROXY_START_OF_PACKET; + col_set_str(pinfo->cinfo, COL_INFO, "Client exchange"); + proto_tree_add_item(pmproxy_tree, hf_pmproxy_client_version, tvb, offset, PMPROXY_CLIENT_SERVER_VERSION_LENGTH, ENC_ASCII|ENC_NA); + offset += PMPROXY_CLIENT_SERVER_VERSION_LENGTH; + return offset; +} + +static void mark_pmproxy_exchange_complete(packet_info *pinfo) { + conversation_t *conversation; + pmproxy_conversation_info_t *pmproxy_conversation; + + conversation = find_or_create_conversation(pinfo); + pmproxy_conversation = (pmproxy_conversation_info_t *)conversation_get_proto_data(conversation, proto_pmproxy); + + if(pmproxy_conversation == NULL) { + pmproxy_conversation = wmem_new(wmem_file_scope(), pmproxy_conversation_info_t); + } + pmproxy_conversation->last_proxy_frame = pinfo->fd->num; + conversation_add_proto_data(conversation, proto_pmproxy, pmproxy_conversation); +} + +static int is_pmproxy_exchange_complete(packet_info *pinfo) { + conversation_t *conversation; + pmproxy_conversation_info_t *pmproxy_conversation; + + conversation = find_or_create_conversation(pinfo); + pmproxy_conversation = (pmproxy_conversation_info_t *)conversation_get_proto_data(conversation, proto_pmproxy); + + if(pmproxy_conversation == NULL) { + return FALSE; + } + + return pinfo->fd->num >= pmproxy_conversation->last_proxy_frame; +} + +static int dissect_through_pcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + pinfo->can_desegment = pinfo->saved_can_desegment; + return call_dissector(pcp_handle, tvb, pinfo, tree); +} + +static int dissect_pmproxy_exchange(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + proto_item *root_pmproxy_item; + proto_tree *pmproxy_tree; + + root_pmproxy_item = proto_tree_add_item(tree, proto_pmproxy, tvb, 0, -1, ENC_NA); + pmproxy_tree = proto_item_add_subtree(root_pmproxy_item, ett_pmproxy); + + if (is_server_exchange(tvb)) { + return dissect_server_exchange(tvb, pinfo, pmproxy_tree); + } else if (is_client_exchange(tvb)) { + return dissect_client_exchange(tvb, pinfo, pmproxy_tree); + } else if (looks_like_proxy_exchange(tvb)) { + return dissect_proxy_to_host(tvb, pinfo, pmproxy_tree); + } else { + /* If its none of these, it is going to be vanilla PCP traffic */ + mark_pmproxy_exchange_complete(pinfo); + } + return tvb_reported_length_remaining(tvb, 0); +} + +static int dissect_pmproxy(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) { + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "PMPROXY"); + col_clear(pinfo->cinfo, COL_INFO); + + if(is_pmproxy_exchange_complete(pinfo)) { + return dissect_through_pcp(tvb, pinfo, tree); + } + else { + return dissect_pmproxy_exchange(tvb, pinfo, tree); + } +} + +void proto_register_pmproxy(void) { + + static hf_register_info hf[] = { + { &hf_pmproxy_host, + { "Host", "pmproxy.host", + FT_STRING, BASE_NONE, + NULL, 0x0, + NULL, HFILL + } + }, + { &hf_pmproxy_port, + { "Port", "pmproxy.port", + FT_STRING, BASE_NONE, + NULL, 0x0, + NULL, HFILL + } + }, + { &hf_pmproxy_client_version, + { "Client Version", "pmproxy.client_version", + FT_STRING, BASE_NONE, + NULL, 0x0, + NULL, HFILL + } + }, + { &hf_pmproxy_server_version, + { "Server Version", "pmproxy.server_version", + FT_STRING, BASE_NONE, + NULL, 0x0, + NULL, HFILL + } + }, + }; + + static gint *ett[] = { + &ett_pmproxy, + }; + + proto_pmproxy = proto_register_protocol("Performance Co-Pilot Proxy", "PMPROXY", "pmproxy"); + + proto_register_field_array(proto_pmproxy, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + + +void proto_reg_handoff_pmproxy(void) { + + pmproxy_handle = new_create_dissector_handle(dissect_pmproxy, proto_pmproxy); + pcp_handle = find_dissector("pcp"); + + dissector_add_uint("tcp.port", PMPROXY_PORT, pmproxy_handle); + +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=4 expandtab: + * :indentSize=4:tabSize=4:noTabs=true: + */ |