diff options
Diffstat (limited to 'epan/dissectors/packet-fortinet-sso.c')
-rw-r--r-- | epan/dissectors/packet-fortinet-sso.c | 120 |
1 files changed, 65 insertions, 55 deletions
diff --git a/epan/dissectors/packet-fortinet-sso.c b/epan/dissectors/packet-fortinet-sso.c index 43b2ae3112..d907e95082 100644 --- a/epan/dissectors/packet-fortinet-sso.c +++ b/epan/dissectors/packet-fortinet-sso.c @@ -21,23 +21,23 @@ void proto_register_fortinet_sso(void); void proto_reg_handoff_fortinet_sso(void); -static int proto_fortinet_sso = -1; -static gint ett_fortinet_sso = -1; - -static int hf_fsso_length = -1; -static int hf_fsso_timestamp = -1; -static int hf_fsso_client_ip = -1; -static int hf_fsso_payload_length = -1; -static int hf_fsso_string = -1; -static int hf_fsso_domain = -1; -static int hf_fsso_user = -1; -static int hf_fsso_host = -1; -static int hf_fsso_version = -1; -static int hf_fsso_tsagent_number_port_range = -1; -static int hf_fsso_tsagent_port_range_min = -1; -static int hf_fsso_tsagent_port_range_max = -1; -static int hf_fsso_unknown = -1; -static int hf_fsso_unknown_ipv4 = -1; +static int proto_fortinet_sso; +static gint ett_fortinet_sso; + +static int hf_fsso_length; +static int hf_fsso_timestamp; +static int hf_fsso_client_ip; +static int hf_fsso_payload_length; +static int hf_fsso_string; +static int hf_fsso_domain; +static int hf_fsso_user; +static int hf_fsso_host; +static int hf_fsso_version; +static int hf_fsso_tsagent_number_port_range; +static int hf_fsso_tsagent_port_range_min; +static int hf_fsso_tsagent_port_range_max; +static int hf_fsso_unknown; +static int hf_fsso_unknown_ipv4; static dissector_handle_t fortinet_sso_handle; @@ -73,85 +73,95 @@ dissect_fortinet_sso(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* offset += 2; string = tvb_get_stringz_enc(pinfo->pool, tvb, offset, &string_length, ENC_ASCII); - proto_tree_add_item(fsso_tree, hf_fsso_string, tvb, offset, string_length, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_string, tvb, offset, string_length, ENC_ASCII); col_set_str(pinfo->cinfo, COL_INFO, string); if(client_ip == 0xFFFFFFFF) { //if client_ip equal 255.255.255.255 (0xFFFFFFFF) is KeepAlive packet /* Domain / KeepAlive (User) / Version */ len = tvb_find_guint8(tvb, offset, string_length, '/') - offset; - proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII); offset += (len + 1); string_length -= (len + 1); len = tvb_find_guint8(tvb, offset, string_length, '/') - offset; - proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, len, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, len, ENC_ASCII); offset += (len + 1); string_length -= (len + 1); - proto_tree_add_item(fsso_tree, hf_fsso_version, tvb, offset, string_length, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_version, tvb, offset, string_length, ENC_ASCII); offset += (string_length); } else { /* Host / Domain / User */ len = tvb_find_guint8(tvb, offset, string_length, '/') - offset; - proto_tree_add_item(fsso_tree, hf_fsso_host, tvb, offset, len, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_host, tvb, offset, len, ENC_ASCII); offset += (len + 1); string_length -= (len + 1); len = tvb_find_guint8(tvb, offset, string_length, '/') - offset; - proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII); offset += (len + 1); string_length -= (len + 1); - proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, string_length, ENC_ASCII|ENC_NA); + proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, string_length, ENC_ASCII); offset += (string_length); } - if(tvb_reported_length_remaining(tvb, offset)) { - guint16 value; - guint32 number_port_range; - value = tvb_get_ntohs(tvb, offset); + if(tvb_reported_length_remaining(tvb, offset) == 4) { - if(value == 0x2002) { /* Not a TS Agent additionnal Data */ - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 2, ENC_NA); - offset += 2; + /* There is some packet with extra IPv4 address... */ + proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA); + offset += 4; - proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA); - offset += 4; + } else { + + if(tvb_reported_length_remaining(tvb, offset)) { + guint16 value; + guint32 number_port_range; + value = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA); - offset += 6; + if(value == 0x2002) { /* Not a TS Agent additionnal Data */ + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 2, ENC_NA); + offset += 2; - proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA); - offset += 4; + proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA); + offset += 4; - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 1, ENC_NA); - offset += 1; - } else { - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 15, ENC_NA); - offset += 15; + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA); + offset += 6; - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 5, ENC_NA); - offset += 5; + proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA); + offset += 4; - proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA); - offset += 6; + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 1, ENC_NA); + offset += 1; + } else { + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 15, ENC_NA); + offset += 15; - /* Port Range assigned to user for TS Agent (RDP/Citrix) */ - proto_tree_add_item_ret_uint(fsso_tree, hf_fsso_tsagent_number_port_range, tvb, offset, 2, ENC_BIG_ENDIAN, &number_port_range); - offset += 2; + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 5, ENC_NA); + offset += 5; - while (number_port_range) { + proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA); + offset += 6; - proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_min, tvb, offset, 2, ENC_BIG_ENDIAN); + /* Port Range assigned to user for TS Agent (RDP/Citrix) */ + proto_tree_add_item_ret_uint(fsso_tree, hf_fsso_tsagent_number_port_range, tvb, offset, 2, ENC_BIG_ENDIAN, &number_port_range); offset += 2; - proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_max, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; + while (number_port_range) { - number_port_range --; + proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_min, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_max, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + number_port_range --; + } } } + } return offset; @@ -262,7 +272,7 @@ void proto_reg_handoff_fortinet_sso(void) { dissector_add_uint_with_preference("udp.port", 0, fortinet_sso_handle); - heur_dissector_add("udp", dissect_fortinet_fsso_heur, "fortinet_sso", "fortinet_sso", proto_fortinet_sso, HEURISTIC_ENABLE); + heur_dissector_add("udp", dissect_fortinet_fsso_heur, "Fortinet SSO over UDP", "fortinet_sso", proto_fortinet_sso, HEURISTIC_ENABLE); } /* |