/* packet-dns.c
 * Routines for TSDNS (TeamSpeak3 DNS) packet disassembly
 * Copyright 2018, Maciej Krueger <mkg20001@gmail.com>
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "config.h"

#include <epan/packet.h>
#include <epan/expert.h>
#include <wsutil/strtoi.h>

#define TSDNS_PORT  41144   /* Not IANA registered */

void proto_register_tsdns(void);
void proto_reg_handoff_tsdns(void);

static int proto_tsdns = -1;

static int hf_tsdns_data = -1;
static int hf_tsdns_request = -1;
static int hf_tsdns_request_domain = -1;
static int hf_tsdns_response = -1;
static int hf_tsdns_response_ip = -1;
static int hf_tsdns_response_address = -1;
static int hf_tsdns_response_port = -1;

static expert_field ei_response_port_malformed = EI_INIT;

static gint ett_tsdns = -1;

static int dissect_tsdns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{

  int         offset    = 0;
  gboolean    request   = FALSE;

  if (pinfo->destport == pinfo->match_uint) {
    request = TRUE;
  }

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "TSDNS");

  int pLen = tvb_reported_length(tvb);

  if (request) {
    col_set_str(pinfo->cinfo, COL_INFO, "Request");
    col_append_fstr(pinfo->cinfo, COL_INFO, " %.*s", pLen - 5, tvb_get_string_enc(wmem_packet_scope(), tvb, 0, pLen - 5, ENC_ASCII|ENC_NA));
  } else {
    col_set_str(pinfo->cinfo, COL_INFO, "Response");
    col_append_fstr(pinfo->cinfo, COL_INFO, " %.*s", pLen, tvb_get_string_enc(wmem_packet_scope(), tvb, 0, pLen, ENC_ASCII|ENC_NA));
  }

  proto_tree *tsdns_tree;
  proto_item *ti, *hidden_item, *address_item;

  ti = proto_tree_add_item(tree, proto_tsdns, tvb, offset, -1, ENC_NA);
  tsdns_tree = proto_item_add_subtree(ti, ett_tsdns);

  hidden_item = proto_tree_add_item(tsdns_tree, hf_tsdns_data, tvb, offset, -1, ENC_ASCII|ENC_NA);
  PROTO_ITEM_SET_HIDDEN(hidden_item);

  if (request) { // request is DOMAIN\n\r\r\r\n
    hidden_item = proto_tree_add_boolean(tsdns_tree, hf_tsdns_request, tvb, 0, 0, 1); // using pLen - 5 as the last chars are \n\r\r\r\n which are just indicating the end of the request
    proto_tree_add_item(tsdns_tree, hf_tsdns_request_domain, tvb, offset, pLen - 5, ENC_ASCII|ENC_NA);
  } else { // response is IP:PORT
    hidden_item = proto_tree_add_boolean(tsdns_tree, hf_tsdns_response, tvb, 0, 0, 1);
    address_item = proto_tree_add_item(tsdns_tree, hf_tsdns_response_address, tvb, offset, pLen, ENC_ASCII|ENC_NA);
    gchar** splitAddress;
    splitAddress = wmem_strsplit(wmem_packet_scope(), tvb_format_text(tvb, 0, pLen), ":", 1); // unsure if TSDNS also does IPv6...
    if (splitAddress[1] == NULL) {
      expert_add_info(pinfo, address_item, &ei_response_port_malformed);
    } else {
      proto_tree_add_string(tsdns_tree, hf_tsdns_response_ip, tvb, 0, pLen, splitAddress[0]);
      guint32 port;
      if (ws_strtou32(splitAddress[1], NULL, &port))
        proto_tree_add_uint(tsdns_tree, hf_tsdns_response_port, tvb, 0, pLen, port);
    }
  }
  PROTO_ITEM_SET_HIDDEN(hidden_item);

  return tvb_captured_length(tvb);

} /* dissect_tsdns */

void proto_register_tsdns(void)
{

  static hf_register_info hf[] = {
    { &hf_tsdns_data,
      { "Data",    "tsdns.data",
        FT_STRING,       BASE_NONE,      NULL,   0x0,
        NULL, HFILL }},
    { &hf_tsdns_request,
      { "Request", "tsdns.request",
        FT_BOOLEAN,     BASE_NONE,      NULL,   0x0,
        "TRUE if TSDNS Request", HFILL }},
    { &hf_tsdns_request_domain,
      { "Requested Domain", "tsdns.request.domain",
        FT_STRING,     BASE_NONE,      NULL,   0x0,
        NULL, HFILL }},
    { &hf_tsdns_response,
      { "Response","tsdns.response",
        FT_BOOLEAN,     BASE_NONE,      NULL,   0x0,
        "TRUE if TSDNS Response", HFILL }},
    { &hf_tsdns_response_address,
       { "Response Address","tsdns.response.address",
         FT_STRING,     BASE_NONE,      NULL,   0x0,
         NULL, HFILL }},
    { &hf_tsdns_response_ip,
      { "Response IP","tsdns.response.ip",
        FT_STRING,     BASE_NONE,      NULL,   0x0,
        NULL, HFILL }},
    { &hf_tsdns_response_port,
      { "Response Port","tsdns.response.port",
        FT_UINT16,     BASE_DEC,      NULL,   0x0,
        NULL, HFILL }}
  };

  static ei_register_info ei[] = {
          { &ei_response_port_malformed, { "tsdns.response.port.malformed", PI_MALFORMED, PI_ERROR, "Address port is not an integer or not contained in address", EXPFILL }}
  };
  expert_module_t* expert_tsdns;

  static gint *ett[] = {
    &ett_tsdns
  };

  proto_tsdns = proto_register_protocol("TeamSpeak3 DNS", "TSDNS", "tsdns");
  proto_register_field_array(proto_tsdns, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  expert_tsdns = expert_register_protocol(proto_tsdns);
  expert_register_field_array(expert_tsdns, ei, array_length(ei));
}

void proto_reg_handoff_tsdns(void)
{
  dissector_handle_t tsdns_handle;

  tsdns_handle = create_dissector_handle(dissect_tsdns, proto_tsdns);

  dissector_add_uint_with_preference("tcp.port", TSDNS_PORT, tsdns_handle);
}

/*
 * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 2
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */