aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-fortinet-sso.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-fortinet-sso.c')
-rw-r--r--epan/dissectors/packet-fortinet-sso.c120
1 files changed, 65 insertions, 55 deletions
diff --git a/epan/dissectors/packet-fortinet-sso.c b/epan/dissectors/packet-fortinet-sso.c
index 43b2ae3112..d907e95082 100644
--- a/epan/dissectors/packet-fortinet-sso.c
+++ b/epan/dissectors/packet-fortinet-sso.c
@@ -21,23 +21,23 @@
void proto_register_fortinet_sso(void);
void proto_reg_handoff_fortinet_sso(void);
-static int proto_fortinet_sso = -1;
-static gint ett_fortinet_sso = -1;
-
-static int hf_fsso_length = -1;
-static int hf_fsso_timestamp = -1;
-static int hf_fsso_client_ip = -1;
-static int hf_fsso_payload_length = -1;
-static int hf_fsso_string = -1;
-static int hf_fsso_domain = -1;
-static int hf_fsso_user = -1;
-static int hf_fsso_host = -1;
-static int hf_fsso_version = -1;
-static int hf_fsso_tsagent_number_port_range = -1;
-static int hf_fsso_tsagent_port_range_min = -1;
-static int hf_fsso_tsagent_port_range_max = -1;
-static int hf_fsso_unknown = -1;
-static int hf_fsso_unknown_ipv4 = -1;
+static int proto_fortinet_sso;
+static gint ett_fortinet_sso;
+
+static int hf_fsso_length;
+static int hf_fsso_timestamp;
+static int hf_fsso_client_ip;
+static int hf_fsso_payload_length;
+static int hf_fsso_string;
+static int hf_fsso_domain;
+static int hf_fsso_user;
+static int hf_fsso_host;
+static int hf_fsso_version;
+static int hf_fsso_tsagent_number_port_range;
+static int hf_fsso_tsagent_port_range_min;
+static int hf_fsso_tsagent_port_range_max;
+static int hf_fsso_unknown;
+static int hf_fsso_unknown_ipv4;
static dissector_handle_t fortinet_sso_handle;
@@ -73,85 +73,95 @@ dissect_fortinet_sso(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void*
offset += 2;
string = tvb_get_stringz_enc(pinfo->pool, tvb, offset, &string_length, ENC_ASCII);
- proto_tree_add_item(fsso_tree, hf_fsso_string, tvb, offset, string_length, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_string, tvb, offset, string_length, ENC_ASCII);
col_set_str(pinfo->cinfo, COL_INFO, string);
if(client_ip == 0xFFFFFFFF) { //if client_ip equal 255.255.255.255 (0xFFFFFFFF) is KeepAlive packet
/* Domain / KeepAlive (User) / Version */
len = tvb_find_guint8(tvb, offset, string_length, '/') - offset;
- proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII);
offset += (len + 1);
string_length -= (len + 1);
len = tvb_find_guint8(tvb, offset, string_length, '/') - offset;
- proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, len, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, len, ENC_ASCII);
offset += (len + 1);
string_length -= (len + 1);
- proto_tree_add_item(fsso_tree, hf_fsso_version, tvb, offset, string_length, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_version, tvb, offset, string_length, ENC_ASCII);
offset += (string_length);
} else {
/* Host / Domain / User */
len = tvb_find_guint8(tvb, offset, string_length, '/') - offset;
- proto_tree_add_item(fsso_tree, hf_fsso_host, tvb, offset, len, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_host, tvb, offset, len, ENC_ASCII);
offset += (len + 1);
string_length -= (len + 1);
len = tvb_find_guint8(tvb, offset, string_length, '/') - offset;
- proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_domain, tvb, offset, len, ENC_ASCII);
offset += (len + 1);
string_length -= (len + 1);
- proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, string_length, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(fsso_tree, hf_fsso_user, tvb, offset, string_length, ENC_ASCII);
offset += (string_length);
}
- if(tvb_reported_length_remaining(tvb, offset)) {
- guint16 value;
- guint32 number_port_range;
- value = tvb_get_ntohs(tvb, offset);
+ if(tvb_reported_length_remaining(tvb, offset) == 4) {
- if(value == 0x2002) { /* Not a TS Agent additionnal Data */
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 2, ENC_NA);
- offset += 2;
+ /* There is some packet with extra IPv4 address... */
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA);
+ offset += 4;
- proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA);
- offset += 4;
+ } else {
+
+ if(tvb_reported_length_remaining(tvb, offset)) {
+ guint16 value;
+ guint32 number_port_range;
+ value = tvb_get_ntohs(tvb, offset);
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA);
- offset += 6;
+ if(value == 0x2002) { /* Not a TS Agent additionnal Data */
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 2, ENC_NA);
+ offset += 2;
- proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA);
- offset += 4;
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA);
+ offset += 4;
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 1, ENC_NA);
- offset += 1;
- } else {
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 15, ENC_NA);
- offset += 15;
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA);
+ offset += 6;
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 5, ENC_NA);
- offset += 5;
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown_ipv4, tvb, offset, 4, ENC_NA);
+ offset += 4;
- proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA);
- offset += 6;
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 1, ENC_NA);
+ offset += 1;
+ } else {
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 15, ENC_NA);
+ offset += 15;
- /* Port Range assigned to user for TS Agent (RDP/Citrix) */
- proto_tree_add_item_ret_uint(fsso_tree, hf_fsso_tsagent_number_port_range, tvb, offset, 2, ENC_BIG_ENDIAN, &number_port_range);
- offset += 2;
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 5, ENC_NA);
+ offset += 5;
- while (number_port_range) {
+ proto_tree_add_item(fsso_tree, hf_fsso_unknown, tvb, offset, 6, ENC_NA);
+ offset += 6;
- proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_min, tvb, offset, 2, ENC_BIG_ENDIAN);
+ /* Port Range assigned to user for TS Agent (RDP/Citrix) */
+ proto_tree_add_item_ret_uint(fsso_tree, hf_fsso_tsagent_number_port_range, tvb, offset, 2, ENC_BIG_ENDIAN, &number_port_range);
offset += 2;
- proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_max, tvb, offset, 2, ENC_BIG_ENDIAN);
- offset += 2;
+ while (number_port_range) {
- number_port_range --;
+ proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_min, tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ proto_tree_add_item(fsso_tree, hf_fsso_tsagent_port_range_max, tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ number_port_range --;
+ }
}
}
+
}
return offset;
@@ -262,7 +272,7 @@ void
proto_reg_handoff_fortinet_sso(void)
{
dissector_add_uint_with_preference("udp.port", 0, fortinet_sso_handle);
- heur_dissector_add("udp", dissect_fortinet_fsso_heur, "fortinet_sso", "fortinet_sso", proto_fortinet_sso, HEURISTIC_ENABLE);
+ heur_dissector_add("udp", dissect_fortinet_fsso_heur, "Fortinet SSO over UDP", "fortinet_sso", proto_fortinet_sso, HEURISTIC_ENABLE);
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 15:22:01 +0000