/src/wireshark/epan/dissectors/packet-enc.c

Source (jump to first uncovered line)
/* packet-enc.c
 *
 * Copyright (c) 2003 Markus Friedl.  All rights reserved.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include "config.h"

#include <epan/packet.h>
#include <epan/capture_dissectors.h>
#include <epan/aftypes.h>
#include <wsutil/pint.h>

void proto_register_enc(void);
void proto_reg_handoff_enc(void);

static dissector_handle_t enc_handle;
static capture_dissector_handle_t enc_cap_handle;


/* The header in OpenBSD Encapsulating Interface files. */

struct enchdr {
  uint32_t af;
  uint32_t spi;
  uint32_t flags;
};
#define BSD_ENC_HDRLEN    12

#define BSD_ENC_M_CONF          0x00000400  /* payload encrypted */
#define BSD_ENC_M_AUTH          0x00000800  /* payload authenticated */
#define BSD_ENC_M_COMP          0x00001000  /* payload compressed */
#define BSD_ENC_M_AUTH_AH       0x00002000  /* header authenticated */

#define BSD_ENC_M_RESERVED      0xFFFFC3FF  /* Reserved/unused flags */

static dissector_table_t enc_dissector_table;

/* header fields */
static int proto_enc;
static int hf_enc_af;
static int hf_enc_spi;
static int hf_enc_flags;
static int hf_enc_flags_payload_enc;
static int hf_enc_flags_payload_auth;
static int hf_enc_flags_payload_compress;
static int hf_enc_flags_header_auth;
static int hf_enc_flags_reserved;

static int ett_enc;
static int ett_enc_flag;

static bool
capture_enc(const unsigned char *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
{
  uint32_t af;

  if (!BYTES_ARE_IN_FRAME(0, len, BSD_ENC_HDRLEN))
    return false;

  memcpy((char *)&af, (const char *)&pd[0], sizeof(af));
  if ((af & 0xFFFF0000) != 0) {
    /*
     * BSD AF_ types will always have the upper 16 bits as 0, so if any
     * of them are non-zero, the af field must be byte-swapped, and
     * will, at least in DLT_ENC headers, always have at least one of
     * the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
     * 0), so if the af field is byte-swapped, at least one of the
     * upper 16 bits will be 0.
     */
    af = GUINT32_SWAP_LE_BE(af);
  }
  return try_capture_dissector("enc", af, pd, BSD_ENC_HDRLEN, len, cpinfo, pseudo_header);
}

static const value_string af_vals[] = {
  { BSD_AF_INET,  "IPv4" },
  { BSD_AF_INET6_BSD, "IPv6" },
  { 0, NULL }
};

static int
dissect_enc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
  struct enchdr  ench;
  unsigned       writer_encoding;
  tvbuff_t      *next_tvb;
  proto_tree    *enc_tree;
  proto_item    *ti;

  static int * const flags[] = {
    &hf_enc_flags_payload_enc,
    &hf_enc_flags_payload_auth,
    &hf_enc_flags_payload_compress,
    &hf_enc_flags_header_auth,
    &hf_enc_flags_reserved,
    NULL
  };

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENC");

  /*
   * Initially assume the file was written by a host with our byte order.
   */
  writer_encoding = ENC_HOST_ENDIAN;
  ench.af = tvb_get_h_uint32(tvb, 0);
  if ((ench.af & 0xFFFF0000) != 0) {
    /*
     * BSD AF_ types will always have the upper 16 bits as 0, so if any
     * of them are non-zero, the af field must be byte-swapped, and
     * will, at least in DLT_ENC headers, always have at least one of
     * the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
     * 0), so if the af field is byte-swapped, at least one of the
     * upper 16 bits will be 0.
     */
    ench.af = GUINT32_SWAP_LE_BE(ench.af);

    /*
     * It was written by a host with the *opposite* byte order.
     */
    writer_encoding = ENC_ANTI_HOST_ENDIAN;
  }
  ench.spi = tvb_get_ntohl(tvb, 4);

  if (tree) {
    ti = proto_tree_add_protocol_format(tree, proto_enc, tvb, 0,
                                        BSD_ENC_HDRLEN,
                                        "Enc %s, SPI 0x%8.8x",
                                        val_to_str(ench.af, af_vals, "unknown (%u)"),
                                        ench.spi);
    enc_tree = proto_item_add_subtree(ti, ett_enc);

    proto_tree_add_item(enc_tree, hf_enc_af, tvb, 0, 4, writer_encoding);
    proto_tree_add_item(enc_tree, hf_enc_spi, tvb, 4, 4, ENC_BIG_ENDIAN);
    proto_tree_add_bitmask(enc_tree, tvb, 8, hf_enc_flags, ett_enc_flag, flags, writer_encoding);
  }

  /* Set the tvbuff for the payload after the header */
  next_tvb = tvb_new_subset_remaining(tvb, BSD_ENC_HDRLEN);
  if (!dissector_try_uint(enc_dissector_table, ench.af, next_tvb, pinfo, tree))
    call_data_dissector(next_tvb, pinfo, tree);

  return tvb_captured_length(tvb);
}

void
proto_register_enc(void)
{
  static hf_register_info hf[] = {
    { &hf_enc_af,
      { "Address Family", "enc.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
        "Protocol (IPv4 vs IPv6)", HFILL }},
    { &hf_enc_spi,
      { "SPI", "enc.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
        "Security Parameter Index", HFILL }},
    { &hf_enc_flags,
      { "Flags", "enc.flags", FT_UINT32, BASE_HEX, NULL, 0x0,
        "ENC flags", HFILL }},
    { &hf_enc_flags_payload_enc,
      { "Payload encrypted", "enc.flags.payload_enc", FT_BOOLEAN, 32, NULL, BSD_ENC_M_CONF,
        NULL, HFILL }},
    { &hf_enc_flags_payload_auth,
      { "Payload authenticated", "enc.flags.payload_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH,
        NULL, HFILL }},
    { &hf_enc_flags_payload_compress,
      { "Payload compressed", "enc.flags.payload_compress", FT_BOOLEAN, 32, NULL, BSD_ENC_M_COMP,
        NULL, HFILL }},
    { &hf_enc_flags_header_auth,
      { "Header authenticated", "enc.flags.header_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH_AH,
        NULL, HFILL }},
    { &hf_enc_flags_reserved,
      { "Reserved", "enc.flags.reserved", FT_UINT32, BASE_HEX, NULL, BSD_ENC_M_RESERVED,
        NULL, HFILL }},
  };
  static int *ett[] =
  {
      &ett_enc,
      &ett_enc_flag
  };

  proto_enc = proto_register_protocol("OpenBSD Encapsulating device",
                                      "ENC", "enc");
  proto_register_field_array(proto_enc, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));

  enc_dissector_table = register_dissector_table("enc", "OpenBSD Encapsulating device", proto_enc, FT_UINT32, BASE_DEC);
  register_capture_dissector_table("enc", "ENC");

  enc_handle  = register_dissector("enc", dissect_enc, proto_enc);
  enc_cap_handle = register_capture_dissector("enc", capture_enc, proto_enc);
}

void
proto_reg_handoff_enc(void)
{
  dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_handle);
  capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_cap_handle);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local Variables:
 * c-basic-offset: 2
 * tab-width: 8
 * indent-tabs-mode: nil
 * End:
 *
 * ex: set shiftwidth=2 tabstop=8 expandtab:
 * :indentSize=2:tabSize=8:noTabs=true:
 */

Coverage Report

Created: 2025-02-15 06:25

Line	Count	Source (jump to first uncovered line)
1		/* packet-enc.c
2		*
3		* Copyright (c) 2003 Markus Friedl. All rights reserved.
4		*
5		* SPDX-License-Identifier: BSD-2-Clause
6		*/
7
8		#include "config.h"
9
10		#include <epan/packet.h>
11		#include <epan/capture_dissectors.h>
12		#include <epan/aftypes.h>
13		#include <wsutil/pint.h>
14
15		void proto_register_enc(void);
16		void proto_reg_handoff_enc(void);
17
18		static dissector_handle_t enc_handle;
19		static capture_dissector_handle_t enc_cap_handle;
20
21
22		/* The header in OpenBSD Encapsulating Interface files. */
23
24		struct enchdr {
25		uint32_t af;
26		uint32_t spi;
27		uint32_t flags;
28		};
29	2	#define BSD_ENC_HDRLEN 12
30
31	14	#define BSD_ENC_M_CONF 0x00000400 /* payload encrypted */
32	14	#define BSD_ENC_M_AUTH 0x00000800 /* payload authenticated */
33	14	#define BSD_ENC_M_COMP 0x00001000 /* payload compressed */
34	14	#define BSD_ENC_M_AUTH_AH 0x00002000 /* header authenticated */
35
36	14	#define BSD_ENC_M_RESERVED 0xFFFFC3FF /* Reserved/unused flags */
37
38		static dissector_table_t enc_dissector_table;
39
40		/* header fields */
41		static int proto_enc;
42		static int hf_enc_af;
43		static int hf_enc_spi;
44		static int hf_enc_flags;
45		static int hf_enc_flags_payload_enc;
46		static int hf_enc_flags_payload_auth;
47		static int hf_enc_flags_payload_compress;
48		static int hf_enc_flags_header_auth;
49		static int hf_enc_flags_reserved;
50
51		static int ett_enc;
52		static int ett_enc_flag;
53
54		static bool
55		capture_enc(const unsigned char pd, int offset _U_, int len, capture_packet_info_t cpinfo, const union wtap_pseudo_header *pseudo_header)
56	0	{
57	0	uint32_t af;
58
59	0	if (!BYTES_ARE_IN_FRAME(0, len, BSD_ENC_HDRLEN))
60	0	return false;
61
62	0	memcpy((char )&af, (const char )&pd[0], sizeof(af));
63	0	if ((af & 0xFFFF0000) != 0) {
64		/*
65		* BSD AF_ types will always have the upper 16 bits as 0, so if any
66		* of them are non-zero, the af field must be byte-swapped, and
67		* will, at least in DLT_ENC headers, always have at least one of
68		* the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
69		* 0), so if the af field is byte-swapped, at least one of the
70		* upper 16 bits will be 0.
71		*/
72	0	af = GUINT32_SWAP_LE_BE(af);
73	0	}
74	0	return try_capture_dissector("enc", af, pd, BSD_ENC_HDRLEN, len, cpinfo, pseudo_header);
75	0	}
76
77		static const value_string af_vals[] = {
78		{ BSD_AF_INET, "IPv4" },
79		{ BSD_AF_INET6_BSD, "IPv6" },
80		{ 0, NULL }
81		};
82
83		static int
84		dissect_enc(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
85	1	{
86	1	struct enchdr ench;
87	1	unsigned writer_encoding;
88	1	tvbuff_t *next_tvb;
89	1	proto_tree *enc_tree;
90	1	proto_item *ti;
91
92	1	static int * const flags[] = {
93	1	&hf_enc_flags_payload_enc,
94	1	&hf_enc_flags_payload_auth,
95	1	&hf_enc_flags_payload_compress,
96	1	&hf_enc_flags_header_auth,
97	1	&hf_enc_flags_reserved,
98	1	NULL
99	1	};
100
101	1	col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENC");
102
103		/*
104		* Initially assume the file was written by a host with our byte order.
105		*/
106	1	writer_encoding = ENC_HOST_ENDIAN;
107	1	ench.af = tvb_get_h_uint32(tvb, 0);
108	1	if ((ench.af & 0xFFFF0000) != 0) {
109		/*
110		* BSD AF_ types will always have the upper 16 bits as 0, so if any
111		* of them are non-zero, the af field must be byte-swapped, and
112		* will, at least in DLT_ENC headers, always have at least one of
113		* the lower 16 bits not being 0 (it won't be AF_UNSPEC, which is
114		* 0), so if the af field is byte-swapped, at least one of the
115		* upper 16 bits will be 0.
116		*/
117	1	ench.af = GUINT32_SWAP_LE_BE(ench.af);
118
119		/*
120		* It was written by a host with the opposite byte order.
121		*/
122	1	writer_encoding = ENC_ANTI_HOST_ENDIAN;
123	1	}
124	1	ench.spi = tvb_get_ntohl(tvb, 4);
125
126	1	if (tree) {
127	1	ti = proto_tree_add_protocol_format(tree, proto_enc, tvb, 0,
128	1	BSD_ENC_HDRLEN,
129	1	"Enc %s, SPI 0x%8.8x",
130	1	val_to_str(ench.af, af_vals, "unknown (%u)"),
131	1	ench.spi);
132	1	enc_tree = proto_item_add_subtree(ti, ett_enc);
133
134	1	proto_tree_add_item(enc_tree, hf_enc_af, tvb, 0, 4, writer_encoding);
135	1	proto_tree_add_item(enc_tree, hf_enc_spi, tvb, 4, 4, ENC_BIG_ENDIAN);
136	1	proto_tree_add_bitmask(enc_tree, tvb, 8, hf_enc_flags, ett_enc_flag, flags, writer_encoding);
137	1	}
138
139		/* Set the tvbuff for the payload after the header */
140	1	next_tvb = tvb_new_subset_remaining(tvb, BSD_ENC_HDRLEN);
141	1	if (!dissector_try_uint(enc_dissector_table, ench.af, next_tvb, pinfo, tree))
142	1	call_data_dissector(next_tvb, pinfo, tree);
143
144	1	return tvb_captured_length(tvb);
145	1	}
146
147		void
148		proto_register_enc(void)
149	14	{
150	14	static hf_register_info hf[] = {
151	14	{ &hf_enc_af,
152	14	{ "Address Family", "enc.af", FT_UINT32, BASE_DEC, VALS(af_vals), 0x0,
153	14	"Protocol (IPv4 vs IPv6)", HFILL }},
154	14	{ &hf_enc_spi,
155	14	{ "SPI", "enc.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
156	14	"Security Parameter Index", HFILL }},
157	14	{ &hf_enc_flags,
158	14	{ "Flags", "enc.flags", FT_UINT32, BASE_HEX, NULL, 0x0,
159	14	"ENC flags", HFILL }},
160	14	{ &hf_enc_flags_payload_enc,
161	14	{ "Payload encrypted", "enc.flags.payload_enc", FT_BOOLEAN, 32, NULL, BSD_ENC_M_CONF,
162	14	NULL, HFILL }},
163	14	{ &hf_enc_flags_payload_auth,
164	14	{ "Payload authenticated", "enc.flags.payload_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH,
165	14	NULL, HFILL }},
166	14	{ &hf_enc_flags_payload_compress,
167	14	{ "Payload compressed", "enc.flags.payload_compress", FT_BOOLEAN, 32, NULL, BSD_ENC_M_COMP,
168	14	NULL, HFILL }},
169	14	{ &hf_enc_flags_header_auth,
170	14	{ "Header authenticated", "enc.flags.header_auth", FT_BOOLEAN, 32, NULL, BSD_ENC_M_AUTH_AH,
171	14	NULL, HFILL }},
172	14	{ &hf_enc_flags_reserved,
173	14	{ "Reserved", "enc.flags.reserved", FT_UINT32, BASE_HEX, NULL, BSD_ENC_M_RESERVED,
174	14	NULL, HFILL }},
175	14	};
176	14	static int *ett[] =
177	14	{
178	14	&ett_enc,
179	14	&ett_enc_flag
180	14	};
181
182	14	proto_enc = proto_register_protocol("OpenBSD Encapsulating device",
183	14	"ENC", "enc");
184	14	proto_register_field_array(proto_enc, hf, array_length(hf));
185	14	proto_register_subtree_array(ett, array_length(ett));
186
187	14	enc_dissector_table = register_dissector_table("enc", "OpenBSD Encapsulating device", proto_enc, FT_UINT32, BASE_DEC);
188	14	register_capture_dissector_table("enc", "ENC");
189
190	14	enc_handle = register_dissector("enc", dissect_enc, proto_enc);
191	14	enc_cap_handle = register_capture_dissector("enc", capture_enc, proto_enc);
192	14	}
193
194		void
195		proto_reg_handoff_enc(void)
196	14	{
197	14	dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_handle);
198	14	capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ENC, enc_cap_handle);
199	14	}
200
201		/*
202		* Editor modelines - https://www.wireshark.org/tools/modelines.html
203		*
204		* Local Variables:
205		* c-basic-offset: 2
206		* tab-width: 8
207		* indent-tabs-mode: nil
208		* End:
209		*
210		* ex: set shiftwidth=2 tabstop=8 expandtab:
211		* :indentSize=2:tabSize=8:noTabs=true:
212		*/