diff options
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-xmpp-core.c | 27 | ||||
-rw-r--r-- | epan/dissectors/packet-xmpp-core.h | 36 | ||||
-rw-r--r-- | epan/dissectors/packet-xmpp-utils.h | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-xmpp.c | 25 |
4 files changed, 69 insertions, 21 deletions
diff --git a/epan/dissectors/packet-xmpp-core.c b/epan/dissectors/packet-xmpp-core.c index 0abfa9060e..70c3613d0e 100644 --- a/epan/dissectors/packet-xmpp-core.c +++ b/epan/dissectors/packet-xmpp-core.c @@ -702,7 +702,8 @@ xmpp_features_mechanisms(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xm } void -xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet) +xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info) { proto_item *tls_item; proto_tree *tls_tree; @@ -716,12 +717,21 @@ xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_ tls_item = proto_tree_add_item(tree, hf_xmpp_starttls, tvb, packet->offset, packet->length, ENC_BIG_ENDIAN); tls_tree = proto_item_add_subtree(tls_item, ett_xmpp_starttls); + if (xmpp_info->ssl_start && xmpp_info->ssl_start != pinfo->fd->num) { + expert_add_info_format(pinfo, tls_item, PI_PROTOCOL, PI_WARN, + "Already saw STARTTLS in frame %u", xmpp_info->ssl_start); + } + else { + xmpp_info->ssl_start = pinfo->fd->num; + } + xmpp_display_attrs(tls_tree, packet, pinfo, tvb, attrs_info, array_length(attrs_info)); xmpp_display_elems(tls_tree, packet, pinfo, tvb, NULL, 0); } void -xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet) +xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info) { proto_item *proceed_item; proto_tree *proceed_tree; @@ -735,6 +745,19 @@ xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t proceed_item = proto_tree_add_item(tree, hf_xmpp_proceed, tvb, packet->offset, packet->length, ENC_BIG_ENDIAN); proceed_tree = proto_item_add_subtree(proceed_item, ett_xmpp_proceed); + if (!xmpp_info->ssl_start) { + expert_add_info_format(pinfo, proceed_item, PI_PROTOCOL, PI_WARN, + "Haven't seen a STARTTLS, did the capture start in the middle of a session?"); + } + + if (xmpp_info->ssl_proceed && xmpp_info->ssl_proceed != pinfo->fd->num) { + expert_add_info_format(pinfo, proceed_item, PI_PROTOCOL, PI_WARN, + "Already saw PROCEED in frame %u", xmpp_info->ssl_proceed); + } + else { + xmpp_info->ssl_proceed = pinfo->fd->num; + } + xmpp_display_attrs(proceed_tree, packet, pinfo, tvb, attrs_info, array_length(attrs_info)); xmpp_display_elems(proceed_tree, packet, pinfo, tvb, NULL, 0); } diff --git a/epan/dissectors/packet-xmpp-core.h b/epan/dissectors/packet-xmpp-core.h index 221d4ab2e3..af36680b5e 100644 --- a/epan/dissectors/packet-xmpp-core.h +++ b/epan/dissectors/packet-xmpp-core.h @@ -35,18 +35,30 @@ extern tvbparse_wanted_t *want_ignore; extern tvbparse_wanted_t *want_stream_end_tag; extern tvbparse_wanted_t *want_stream_end_with_ns; -extern void xmpp_iq(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_presence(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_message(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_auth(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); +extern void xmpp_iq(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_presence(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_message(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_auth(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); extern void xmpp_challenge_response_success(proto_tree *tree, tvbuff_t *tvb, - packet_info *pinfo, xmpp_element_t *packet, gint hf, gint ett, const char *col_info); -extern void xmpp_failure(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_xml_header(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_stream(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern gboolean xmpp_stream_close(proto_tree *tree, tvbuff_t *tvb, packet_info* pinfo); -extern void xmpp_features(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); -extern void xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet); + packet_info *pinfo, xmpp_element_t *packet, gint hf, gint ett, + const char *col_info); +extern void xmpp_failure(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_xml_header(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_stream(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern gboolean xmpp_stream_close(proto_tree *tree, tvbuff_t *tvb, + packet_info* pinfo); +extern void xmpp_features(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet); +extern void xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info); +extern void xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info); #endif /* XMPP_CORE_H */ diff --git a/epan/dissectors/packet-xmpp-utils.h b/epan/dissectors/packet-xmpp-utils.h index 2cf8fd4bcd..99e8079692 100644 --- a/epan/dissectors/packet-xmpp-utils.h +++ b/epan/dissectors/packet-xmpp-utils.h @@ -114,6 +114,8 @@ typedef struct _xmpp_conv_info_t { emem_tree_t *jingle_sessions; emem_tree_t *ibb_sessions; emem_tree_t *gtalk_sessions; + guint32 ssl_start; + guint32 ssl_proceed; } xmpp_conv_info_t; /** Struct conatins frame numbers (request frame(IQ set/get) and diff --git a/epan/dissectors/packet-xmpp.c b/epan/dissectors/packet-xmpp.c index 292d7d3171..41bdd2e980 100644 --- a/epan/dissectors/packet-xmpp.c +++ b/epan/dissectors/packet-xmpp.c @@ -47,6 +47,7 @@ #define XMPP_PORT 5222 +static dissector_handle_t ssl_handle; static dissector_handle_t xml_handle; int proto_xmpp = -1; @@ -406,11 +407,21 @@ dissect_xmpp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { col_clear(pinfo->cinfo, COL_INFO); + conversation = find_or_create_conversation(pinfo); + xmpp_info = conversation_get_proto_data(conversation, proto_xmpp); + + if (xmpp_info && xmpp_info->ssl_proceed && + xmpp_info->ssl_proceed < pinfo->fd->num) + { + call_dissector(ssl_handle, tvb, pinfo, tree); + return; + } + /*if tree == NULL then xmpp_item and xmpp_tree will also NULL*/ xmpp_item = proto_tree_add_item(tree, proto_xmpp, tvb, 0, -1, ENC_NA); xmpp_tree = proto_item_add_subtree(xmpp_item, ett_xmpp); - call_dissector(xml_handle,tvb,pinfo,xmpp_tree); + call_dissector(xml_handle, tvb, pinfo, xmpp_tree); /* If XML dissector is disabled, we can't do much */ if (!proto_is_protocol_enabled(find_protocol_by_id(dissector_handle_get_protocol_index(xml_handle)))) @@ -437,19 +448,17 @@ dissect_xmpp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { if(!xml_frame) return; - conversation = find_or_create_conversation(pinfo); - xmpp_info = conversation_get_proto_data(conversation, proto_xmpp); - if (!xmpp_info) { xmpp_info = se_alloc(sizeof (xmpp_conv_info_t)); xmpp_info->req_resp = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_req_resp"); xmpp_info->jingle_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_jingle_sessions"); xmpp_info->ibb_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_ibb_sessions"); xmpp_info->gtalk_sessions = se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "xmpp_gtalk_sessions"); + xmpp_info->ssl_start = 0; + xmpp_info->ssl_proceed = 0; conversation_add_proto_data(conversation, proto_xmpp, (void *) xmpp_info); } - if (pinfo->match_uint == pinfo->destport) out_packet = TRUE; else @@ -507,9 +516,9 @@ dissect_xmpp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { } else if (strcmp(packet->name, "features") == 0) { xmpp_features(xmpp_tree, tvb, pinfo, packet); } else if (strcmp(packet->name, "starttls") == 0) { - xmpp_starttls(xmpp_tree, tvb, pinfo, packet); + xmpp_starttls(xmpp_tree, tvb, pinfo, packet, xmpp_info); }else if (strcmp(packet->name, "proceed") == 0) { - xmpp_proceed(xmpp_tree, tvb, pinfo, packet); + xmpp_proceed(xmpp_tree, tvb, pinfo, packet, xmpp_info); }else { xmpp_proto_tree_show_first_child(xmpp_tree); expert_add_info_format(pinfo, xmpp_tree, PI_UNDECODED, PI_NOTE, "Unknown packet: %s", packet->name); @@ -1415,6 +1424,8 @@ void proto_reg_handoff_xmpp(void) { static dissector_handle_t xmpp_handle; + ssl_handle = find_dissector("ssl"); + xml_handle = find_dissector("xml"); xmpp_handle = find_dissector("xmpp"); |