/src/wireshark/epan/dissectors/packet-dcc.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* packet-dcc.c |
2 | | * Routines for Distributed Checksum Clearinghouse packet dissection |
3 | | * DCC Home: http://www.rhyolite.com/anti-spam/dcc/ |
4 | | * |
5 | | * Copyright 1999, Nathan Neulinger <nneul@umr.edu> |
6 | | * |
7 | | * Wireshark - Network traffic analyzer |
8 | | * By Gerald Combs <gerald@wireshark.org> |
9 | | * Copyright 1998 Gerald Combs |
10 | | * |
11 | | * Copied from packet-tftp.c |
12 | | * |
13 | | * SPDX-License-Identifier: GPL-2.0-or-later |
14 | | */ |
15 | | |
16 | | #include "config.h" |
17 | | |
18 | | #include <epan/packet.h> |
19 | | #include <epan/expert.h> |
20 | | |
21 | | #include "packet-dcc.h" |
22 | | |
23 | | void proto_register_dcc(void); |
24 | | void proto_reg_handoff_dcc(void); |
25 | | |
26 | | static int proto_dcc; |
27 | | static int hf_dcc_len; |
28 | | static int hf_dcc_pkt_vers; |
29 | | static int hf_dcc_op; |
30 | | static int hf_dcc_clientid; |
31 | | static int hf_dcc_opnums_host; |
32 | | static int hf_dcc_opnums_pid; |
33 | | static int hf_dcc_opnums_report; |
34 | | static int hf_dcc_opnums_retrans; |
35 | | |
36 | | static int hf_dcc_signature; |
37 | | static int hf_dcc_max_pkt_vers; |
38 | | static int hf_dcc_qdelay_ms; |
39 | | static int hf_dcc_brand; |
40 | | |
41 | | static int hf_dcc_ck_type; |
42 | | static int hf_dcc_ck_len; |
43 | | static int hf_dcc_ck_sum; |
44 | | |
45 | | static int hf_dcc_date; |
46 | | |
47 | | static int hf_dcc_target; |
48 | | static int hf_dcc_response_text; |
49 | | |
50 | | static int hf_dcc_adminop; |
51 | | static int hf_dcc_adminval; |
52 | | static int hf_dcc_floodop; |
53 | | static int hf_dcc_trace; |
54 | | static int hf_dcc_trace_admin; |
55 | | static int hf_dcc_trace_anon; |
56 | | static int hf_dcc_trace_client; |
57 | | static int hf_dcc_trace_rlim; |
58 | | static int hf_dcc_trace_query; |
59 | | static int hf_dcc_trace_ridc; |
60 | | static int hf_dcc_trace_flood; |
61 | | |
62 | | static int hf_dcc_addr; |
63 | | static int hf_dcc_id; |
64 | | static int hf_dcc_last_used; |
65 | | static int hf_dcc_requests; |
66 | | static int hf_dcc_pad; |
67 | | static int hf_dcc_unused; |
68 | | |
69 | | static int ett_dcc; |
70 | | static int ett_dcc_opnums; |
71 | | static int ett_dcc_op; |
72 | | static int ett_dcc_ck; |
73 | | static int ett_dcc_trace; |
74 | | |
75 | | static expert_field ei_dcc_len; |
76 | | |
77 | | /* Utility macros */ |
78 | | #define D_SIGNATURE() \ |
79 | 8 | proto_tree_add_item(dcc_optree, hf_dcc_signature, tvb, \ |
80 | 8 | offset, (int)sizeof(DCC_SIGNATURE), ENC_NA); \ |
81 | 8 | offset += (int)sizeof(DCC_SIGNATURE); |
82 | | |
83 | | #define D_LABEL(hf_label, len, encoding) \ |
84 | 1 | proto_tree_add_item(dcc_optree, hf_label, tvb, offset, len, encoding); \ |
85 | 1 | offset += len; |
86 | | |
87 | 0 | #define D_TEXT(hf_label, endpad) { \ |
88 | 0 | int next_offset,left; \ |
89 | 0 | while (tvb_offset_exists(tvb, offset+endpad)) { \ |
90 | 0 | left = tvb_reported_length_remaining(tvb,offset) - endpad; \ |
91 | 0 | tvb_find_line_end(tvb, offset, left, &next_offset, \ |
92 | 0 | false); \ |
93 | 0 | proto_tree_add_item(dcc_optree, hf_label, tvb, offset, \ |
94 | 0 | next_offset - offset, ENC_ASCII|ENC_NA); \ |
95 | 0 | offset = next_offset; \ |
96 | 0 | } \ |
97 | 0 | } |
98 | | |
99 | | |
100 | | #define D_TARGET() \ |
101 | 6 | proto_tree_add_item(dcc_tree, hf_dcc_target, tvb, \ |
102 | 6 | offset, (int)sizeof(DCC_TGTS), ENC_BIG_ENDIAN); \ |
103 | 6 | offset += (int)sizeof(DCC_TGTS); |
104 | | |
105 | 0 | #define D_DATE() { \ |
106 | 0 | proto_tree_add_item(dcc_optree, hf_dcc_date, tvb, offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN); \ |
107 | 0 | offset += 4; \ |
108 | 0 | } |
109 | | |
110 | | |
111 | 34 | #define D_CHECKSUM() { \ |
112 | 34 | proto_tree *cktree; \ |
113 | 34 | cktree = proto_tree_add_subtree_format(dcc_optree, tvb, offset, (int)sizeof(DCC_CK), \ |
114 | 34 | ett_dcc_ck, NULL, "Checksum - %s", val_to_str(tvb_get_uint8(tvb,offset), \ |
115 | 34 | dcc_cktype_vals, \ |
116 | 34 | "Unknown Type: %u")); \ |
117 | 34 | proto_tree_add_item(cktree, hf_dcc_ck_type, tvb, offset, 1, ENC_BIG_ENDIAN); \ |
118 | 34 | offset += 1; \ |
119 | 34 | proto_tree_add_item(cktree, hf_dcc_ck_len, tvb, offset, 1, ENC_BIG_ENDIAN); \ |
120 | 34 | offset += 1; \ |
121 | 34 | proto_tree_add_item(cktree, hf_dcc_ck_sum, tvb, offset, \ |
122 | 34 | (int)sizeof(DCC_SUM), ENC_NA); \ |
123 | 34 | offset += (int)sizeof(DCC_SUM); \ |
124 | 34 | } |
125 | | |
126 | | |
127 | | /* Lookup string tables */ |
128 | | static const value_string dcc_op_vals[] = { |
129 | | {DCC_OP_INVALID, "Invalid Op"}, |
130 | | {DCC_OP_NOP, "No-Op"}, |
131 | | {DCC_OP_REPORT, "Report and Query"}, |
132 | | {DCC_OP_QUERY, "Query"}, |
133 | | {DCC_OP_QUERY_RESP, "Server Response"}, |
134 | | {DCC_OP_ADMN, "Admin"}, |
135 | | {DCC_OP_OK, "Ok"}, |
136 | | {DCC_OP_ERROR, "Server Failing"}, |
137 | | {DCC_OP_DELETE, "Delete Checksum(s)"}, |
138 | | {0, NULL} |
139 | | }; |
140 | | |
141 | | static const value_string dcc_cktype_vals[] = { |
142 | | {DCC_CK_INVALID, "Invalid/Deleted from DB when seen"}, |
143 | | {DCC_CK_IP, "MD5 of binary source IPv6 address"}, |
144 | | {DCC_CK_ENV_FROM, "MD5 of envelope Mail From value"}, |
145 | | {DCC_CK_FROM, "MD5 of header From: line"}, |
146 | | {DCC_CK_SUB, "MD5 of substitute header line"}, |
147 | | {DCC_CK_MESSAGE_ID, "MD5 of header Message-ID: line"}, |
148 | | {DCC_CK_RECEIVED, "MD5 of last header Received: line"}, |
149 | | {DCC_CK_BODY, "MD5 of body"}, |
150 | | {DCC_CK_FUZ1, "MD5 of filtered body - FUZ1"}, |
151 | | {DCC_CK_FUZ2, "MD5 of filtered body - FUZ2"}, |
152 | | {DCC_CK_FUZ3, "MD5 of filtered body - FUZ3"}, |
153 | | {DCC_CK_FUZ4, "MD5 of filtered body - FUZ4"}, |
154 | | {DCC_CK_SRVR_ID, "hostname for server-ID check "}, |
155 | | {DCC_CK_ENV_TO, "MD5 of envelope Rcpt To value"}, |
156 | | {0, NULL}, |
157 | | }; |
158 | | |
159 | | static const value_string dcc_adminop_vals[] = { |
160 | | {DCC_AOP_OK, "Never sent"}, |
161 | | {DCC_AOP_STOP, "Stop Gracefully"}, |
162 | | {DCC_AOP_NEW_IDS, "Load keys and client IDs"}, |
163 | | {DCC_AOP_FLOD, "Flood control"}, |
164 | | {DCC_AOP_DB_UNLOCK, "Start Switch to new database"}, |
165 | | {DCC_AOP_DB_NEW, "Finish Switch to new database"}, |
166 | | {DCC_AOP_STATS, "Return counters"}, |
167 | | {DCC_AOP_STATS_CLEAR, "Return and zero counters"}, |
168 | | {DCC_AOP_TRACE_ON, "Enable tracing"}, |
169 | | {DCC_AOP_TRACE_OFF, "Disable tracing"}, |
170 | | {DCC_AOP_CUR_CLIENTS, "List clients"}, |
171 | | {0, NULL}, |
172 | | }; |
173 | | |
174 | | static const value_string dcc_target_vals[] = { |
175 | | {DCC_TGTS_TOO_MANY, "Targets (>= 16777200)"}, |
176 | | {DCC_TGTS_OK, "Certified not spam"}, |
177 | | {DCC_TGTS_OK2, "Half certified not spam"}, |
178 | | {DCC_TGTS_DEL, "Deleted checksum"}, |
179 | | {DCC_TGTS_INVALID, "Invalid"}, |
180 | | {0, NULL}, |
181 | | }; |
182 | | |
183 | | static const value_string dcc_floodop_vals[] = { |
184 | | {DCC_AOP_FLOD_CHECK, "Check"}, |
185 | | {DCC_AOP_FLOD_SHUTDOWN, "Shutdown"}, |
186 | | {DCC_AOP_FLOD_HALT, "Halt"}, |
187 | | {DCC_AOP_FLOD_RESUME, "Resume"}, |
188 | | {DCC_AOP_FLOD_REWIND, "Rewind"}, |
189 | | {DCC_AOP_FLOD_LIST, "List"}, |
190 | | {DCC_AOP_FLOD_STATS, "Stats"}, |
191 | | {DCC_AOP_FLOD_STATS_CLEAR, "Clear Stats"}, |
192 | | {0,NULL}, |
193 | | }; |
194 | | |
195 | | static bool |
196 | | dissect_dcc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) |
197 | 1.59k | { |
198 | 1.59k | proto_tree *dcc_tree, *dcc_optree, *dcc_opnumtree, *ti; |
199 | 1.59k | proto_tree *dcc_tracetree; |
200 | 1.59k | proto_item *len_item; |
201 | 1.59k | int offset = 0; |
202 | 1.59k | int client_is_le = 0; |
203 | 1.59k | int op = 0; |
204 | 1.59k | int i, is_response; |
205 | | |
206 | 1.59k | if (pinfo->srcport != DCC_PORT && pinfo->destport != DCC_PORT) { |
207 | | /* Not the right port - not a DCC packet. */ |
208 | 1.58k | return false; |
209 | 1.58k | } |
210 | | |
211 | | /* get at least a full packet structure */ |
212 | 13 | if ( tvb_reported_length(tvb) < sizeof(DCC_HDR) ) { |
213 | | /* Doesn't have enough bytes to contain packet header. */ |
214 | 2 | return false; |
215 | 2 | } |
216 | | |
217 | 11 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCC"); |
218 | | |
219 | 11 | offset = 0; |
220 | 11 | is_response = pinfo->srcport == DCC_PORT; |
221 | | |
222 | 11 | col_add_fstr(pinfo->cinfo, COL_INFO, |
223 | 11 | "%s: %s", |
224 | 11 | is_response ? "Response" : "Request", |
225 | 11 | val_to_str(tvb_get_uint8(tvb, offset+3), |
226 | 11 | dcc_op_vals, "Unknown Op: %u")); |
227 | | |
228 | 11 | ti = proto_tree_add_item(tree, proto_dcc, tvb, offset, -1, |
229 | 11 | ENC_NA); |
230 | 11 | dcc_tree = proto_item_add_subtree(ti, ett_dcc); |
231 | | |
232 | 11 | len_item = proto_tree_add_item(dcc_tree, hf_dcc_len, tvb, |
233 | 11 | offset, 2, ENC_BIG_ENDIAN); |
234 | | |
235 | 11 | if ( tvb_reported_length(tvb) < tvb_get_ntohs(tvb, offset)) { |
236 | | /* Doesn't have number of bytes that header claims. */ |
237 | 10 | expert_add_info(pinfo, len_item, &ei_dcc_len); |
238 | 10 | } |
239 | 11 | offset += 2; |
240 | | |
241 | 11 | if (tree) { |
242 | 11 | proto_tree_add_item(dcc_tree, hf_dcc_pkt_vers, tvb, |
243 | 11 | offset, 1, ENC_BIG_ENDIAN); |
244 | 11 | offset += 1; |
245 | | |
246 | 11 | op = tvb_get_uint8(tvb, offset); |
247 | 11 | proto_tree_add_item(dcc_tree, hf_dcc_op, tvb, |
248 | 11 | offset, 1, ENC_BIG_ENDIAN); |
249 | 11 | offset += 1; |
250 | | |
251 | 11 | proto_tree_add_item(dcc_tree, hf_dcc_clientid, tvb, |
252 | 11 | offset, 4, ENC_BIG_ENDIAN); |
253 | 11 | offset += 4; |
254 | | |
255 | 11 | dcc_opnumtree = proto_tree_add_subtree(dcc_tree, tvb, offset, -1, ett_dcc_opnums, NULL, "Operation Numbers (Opaque to Server)"); |
256 | | |
257 | | /* Note - these are indeterminate - they are sortof considered opaque to the client */ |
258 | | /* Make some attempt to figure out if this data is little endian, not guaranteed to be |
259 | | correct if connection went through a firewall or similar. */ |
260 | | |
261 | | /* Very hokey check - if all three of pid/report/retrans look like little-endian |
262 | | numbers, host is probably little endian. Probably innacurate on super-heavily-used |
263 | | DCC clients though. This should be good enough for now. */ |
264 | 11 | client_is_le = ( (tvb_get_uint8(tvb, offset+4) | tvb_get_uint8(tvb, offset+5)) && |
265 | 11 | (tvb_get_uint8(tvb, offset+8) | tvb_get_uint8(tvb, offset+9)) && |
266 | 11 | (tvb_get_uint8(tvb, offset+12) | tvb_get_uint8(tvb, offset+13)) ); |
267 | | |
268 | 11 | proto_tree_add_item(dcc_opnumtree, hf_dcc_opnums_host, tvb, |
269 | 11 | offset, 4, client_is_le); |
270 | 11 | offset += 4; |
271 | | |
272 | 11 | proto_tree_add_item(dcc_opnumtree, hf_dcc_opnums_pid, tvb, |
273 | 11 | offset, 4, client_is_le); |
274 | 11 | offset += 4; |
275 | | |
276 | 11 | proto_tree_add_item(dcc_opnumtree, hf_dcc_opnums_report, tvb, |
277 | 11 | offset, 4, client_is_le); |
278 | 11 | offset += 4; |
279 | | |
280 | 11 | proto_tree_add_item(dcc_opnumtree, hf_dcc_opnums_retrans, tvb, |
281 | 11 | offset, 4, client_is_le); |
282 | 11 | offset += 4; |
283 | | |
284 | 11 | dcc_optree = proto_tree_add_subtree_format(dcc_tree, tvb, offset, -1, ett_dcc_op, NULL, |
285 | 11 | "Operation: %s", val_to_str(op, dcc_op_vals, "Unknown Op: %u")); |
286 | | |
287 | 11 | switch(op) { |
288 | 1 | case DCC_OP_NOP: |
289 | 1 | D_SIGNATURE(); |
290 | 1 | break; |
291 | | |
292 | 6 | case DCC_OP_REPORT: |
293 | 6 | D_TARGET(); |
294 | 40 | for (i=0; i<=DCC_QUERY_MAX && |
295 | 40 | tvb_bytes_exist(tvb, offset+(int)sizeof(DCC_SIGNATURE),1); i++) |
296 | 34 | { |
297 | 34 | D_CHECKSUM(); |
298 | 34 | } |
299 | 6 | D_SIGNATURE(); |
300 | 6 | break; |
301 | | |
302 | 0 | case DCC_OP_QUERY_RESP: |
303 | 0 | for (i=0; i<=DCC_QUERY_MAX && |
304 | 0 | tvb_bytes_exist(tvb, offset+(int)sizeof(DCC_SIGNATURE),1); i++) |
305 | 0 | { |
306 | 0 | D_TARGET(); |
307 | 0 | } |
308 | 0 | D_SIGNATURE(); |
309 | 0 | break; |
310 | | |
311 | 0 | case DCC_OP_ADMN: |
312 | 0 | if ( is_response ) |
313 | 0 | { |
314 | 0 | int left_local = tvb_reported_length_remaining(tvb, offset) - |
315 | 0 | (int)sizeof(DCC_SIGNATURE); |
316 | 0 | if ( left_local == sizeof(DCC_ADMN_RESP_CLIENTS) ) |
317 | 0 | { |
318 | 0 | D_LABEL(hf_dcc_addr, 16, ENC_NA); |
319 | 0 | D_LABEL(hf_dcc_id, (int)sizeof(DCC_CLNT_ID), ENC_BIG_ENDIAN); |
320 | 0 | D_LABEL(hf_dcc_last_used, 4, ENC_BIG_ENDIAN); |
321 | 0 | D_LABEL(hf_dcc_requests, 4, ENC_BIG_ENDIAN); |
322 | 0 | } |
323 | 0 | else |
324 | 0 | { |
325 | 0 | D_TEXT(hf_dcc_response_text, (int)sizeof(DCC_SIGNATURE)); |
326 | 0 | } |
327 | 0 | D_SIGNATURE(); |
328 | 0 | } |
329 | 0 | else |
330 | 0 | { |
331 | 0 | int aop; |
332 | |
|
333 | 0 | D_DATE(); |
334 | |
|
335 | 0 | aop = tvb_get_uint8(tvb, offset+4); |
336 | 0 | proto_tree_add_item(dcc_optree, hf_dcc_adminop, tvb, offset+4, |
337 | 0 | 1, ENC_BIG_ENDIAN); |
338 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", |
339 | 0 | val_to_str(tvb_get_uint8(tvb,offset+4), |
340 | 0 | dcc_adminop_vals, "Unknown (%u)")); |
341 | |
|
342 | 0 | if (aop == DCC_AOP_TRACE_ON || aop == DCC_AOP_TRACE_OFF ) |
343 | 0 | { |
344 | 0 | ti = proto_tree_add_item(dcc_optree, hf_dcc_trace, tvb, offset, |
345 | 0 | 4, ENC_BIG_ENDIAN); |
346 | 0 | dcc_tracetree = proto_item_add_subtree(ti, ett_dcc_trace); |
347 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_admin, tvb, offset, 4, ENC_BIG_ENDIAN); |
348 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_anon, tvb, offset, 4, ENC_BIG_ENDIAN); |
349 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_client, tvb, offset, 4, ENC_BIG_ENDIAN); |
350 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_rlim, tvb, offset, 4, ENC_BIG_ENDIAN); |
351 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_query, tvb, offset, 4, ENC_BIG_ENDIAN); |
352 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_ridc, tvb, offset, 4, ENC_BIG_ENDIAN); |
353 | 0 | proto_tree_add_item(dcc_tracetree, hf_dcc_trace_flood, tvb, offset, 4, ENC_BIG_ENDIAN); |
354 | 0 | } |
355 | 0 | else if ( aop == DCC_AOP_FLOD ) |
356 | 0 | { |
357 | 0 | proto_tree_add_item(dcc_optree, hf_dcc_floodop, |
358 | 0 | tvb, offset, 4, ENC_BIG_ENDIAN); |
359 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", |
360 | 0 | val_to_str(tvb_get_ntohl(tvb,offset), |
361 | 0 | dcc_floodop_vals, "Unknown (%u)")); |
362 | 0 | } |
363 | 0 | else |
364 | 0 | { |
365 | 0 | proto_tree_add_item(dcc_optree, hf_dcc_adminval, |
366 | 0 | tvb, offset, 4, ENC_BIG_ENDIAN); |
367 | 0 | } |
368 | 0 | offset += 4; |
369 | |
|
370 | 0 | offset += 1; /* admin op we did in reverse order */ |
371 | 0 | D_LABEL(hf_dcc_pad, 3, ENC_NA); |
372 | 0 | D_SIGNATURE(); |
373 | 0 | } |
374 | 0 | break; |
375 | | |
376 | 1 | case DCC_OP_OK: |
377 | 1 | proto_tree_add_item(dcc_optree, hf_dcc_max_pkt_vers, tvb, |
378 | 1 | offset, 1, ENC_BIG_ENDIAN); |
379 | 1 | offset += 1; |
380 | | |
381 | 1 | D_LABEL(hf_dcc_unused, 1, ENC_NA); |
382 | | |
383 | 1 | proto_tree_add_item(dcc_optree, hf_dcc_qdelay_ms, tvb, |
384 | 1 | offset, 2, ENC_BIG_ENDIAN); |
385 | 1 | offset += 2; |
386 | | |
387 | 1 | proto_tree_add_item(dcc_optree, hf_dcc_brand, tvb, |
388 | 1 | offset, (int)sizeof(DCC_BRAND), ENC_ASCII); |
389 | 1 | offset += (int)sizeof(DCC_BRAND); |
390 | | |
391 | 1 | D_SIGNATURE(); |
392 | 1 | break; |
393 | | |
394 | 2 | default: |
395 | | /* do nothing */ |
396 | 2 | break; |
397 | 11 | } |
398 | 11 | } |
399 | | |
400 | 3 | return true; |
401 | 11 | } |
402 | | |
403 | | void |
404 | | proto_register_dcc(void) |
405 | 14 | { |
406 | 14 | static hf_register_info hf[] = { |
407 | 14 | { &hf_dcc_len, { |
408 | 14 | "Packet Length", "dcc.len", FT_UINT16, BASE_DEC, |
409 | 14 | NULL, 0, NULL, HFILL }}, |
410 | | |
411 | 14 | { &hf_dcc_pkt_vers, { |
412 | 14 | "Packet Version", "dcc.pkt_vers", FT_UINT16, BASE_DEC, |
413 | 14 | NULL, 0, NULL, HFILL }}, |
414 | | |
415 | 14 | { &hf_dcc_op, { |
416 | 14 | "Operation Type", "dcc.op", FT_UINT8, BASE_DEC, |
417 | 14 | VALS(dcc_op_vals), 0, NULL, HFILL }}, |
418 | | |
419 | 14 | { &hf_dcc_clientid, { |
420 | 14 | "Client ID", "dcc.clientid", FT_UINT32, BASE_DEC, |
421 | 14 | NULL, 0, NULL, HFILL }}, |
422 | | |
423 | 14 | { &hf_dcc_opnums_host, { |
424 | 14 | "Host", "dcc.opnums.host", FT_UINT32, BASE_DEC, |
425 | 14 | NULL, 0, NULL, HFILL }}, |
426 | | |
427 | 14 | { &hf_dcc_opnums_pid, { |
428 | 14 | "Process ID", "dcc.opnums.pid", FT_UINT32, BASE_DEC, |
429 | 14 | NULL, 0, NULL, HFILL }}, |
430 | | |
431 | 14 | { &hf_dcc_opnums_report, { |
432 | 14 | "Report", "dcc.opnums.report", FT_UINT32, BASE_DEC, |
433 | 14 | NULL, 0, NULL, HFILL }}, |
434 | | |
435 | 14 | { &hf_dcc_opnums_retrans, { |
436 | 14 | "Retransmission", "dcc.opnums.retrans", FT_UINT32, BASE_DEC, |
437 | 14 | NULL, 0, NULL, HFILL }}, |
438 | | |
439 | 14 | { &hf_dcc_signature, { |
440 | 14 | "Signature", "dcc.signature", FT_BYTES, BASE_NONE, |
441 | 14 | NULL, 0, NULL, HFILL }}, |
442 | | |
443 | 14 | { &hf_dcc_max_pkt_vers, { |
444 | 14 | "Maximum Packet Version", "dcc.max_pkt_vers", FT_UINT8, BASE_DEC, |
445 | 14 | NULL, 0, NULL, HFILL }}, |
446 | | |
447 | 14 | { &hf_dcc_qdelay_ms, { |
448 | 14 | "Client Delay", "dcc.qdelay_ms", FT_UINT16, BASE_DEC, |
449 | 14 | NULL, 0, NULL, HFILL }}, |
450 | | |
451 | 14 | { &hf_dcc_brand, { |
452 | 14 | "Server Brand", "dcc.brand", FT_STRING, BASE_NONE, |
453 | 14 | NULL, 0, NULL, HFILL }}, |
454 | | |
455 | 14 | { &hf_dcc_ck_type, { |
456 | 14 | "Type", "dcc.checksum.type", FT_UINT8, BASE_DEC, |
457 | 14 | VALS(dcc_cktype_vals), 0, "Checksum Type", HFILL }}, |
458 | | |
459 | 14 | { &hf_dcc_ck_len, { |
460 | 14 | "Length", "dcc.checksum.length", FT_UINT8, BASE_DEC, |
461 | 14 | NULL, 0, "Checksum Length", HFILL }}, |
462 | | |
463 | 14 | { &hf_dcc_ck_sum, { |
464 | 14 | "Sum", "dcc.checksum.sum", FT_BYTES, BASE_NONE, |
465 | 14 | NULL, 0, "Checksum", HFILL }}, |
466 | | |
467 | 14 | { &hf_dcc_target, { |
468 | 14 | "Target", "dcc.target", FT_UINT32, BASE_HEX, |
469 | 14 | VALS(dcc_target_vals), 0, NULL, HFILL }}, |
470 | | |
471 | 14 | { &hf_dcc_response_text, { |
472 | 14 | "Response Text", "dcc.response_text", FT_BYTES, BASE_NONE, |
473 | 14 | NULL, 0, NULL, HFILL }}, |
474 | | |
475 | 14 | { &hf_dcc_date, { |
476 | 14 | "Date", "dcc.date", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, |
477 | 14 | NULL, 0, NULL, HFILL }}, |
478 | | |
479 | 14 | { &hf_dcc_adminop, { |
480 | 14 | "Admin Op", "dcc.adminop", FT_UINT8, BASE_DEC, |
481 | 14 | VALS(dcc_adminop_vals), 0, NULL, HFILL }}, |
482 | | |
483 | 14 | { &hf_dcc_adminval, { |
484 | 14 | "Admin Value", "dcc.adminval", FT_UINT32, BASE_DEC, |
485 | 14 | NULL, 0, NULL, HFILL }}, |
486 | | |
487 | 14 | { &hf_dcc_trace, { |
488 | 14 | "Trace Bits", "dcc.trace", FT_UINT32, BASE_HEX, |
489 | 14 | NULL, 0, NULL, HFILL }}, |
490 | | |
491 | 14 | { &hf_dcc_trace_admin, { |
492 | 14 | "Admin Requests", "dcc.trace.admin", FT_BOOLEAN, 32, |
493 | 14 | NULL, 0x00000001, NULL, HFILL }}, |
494 | | |
495 | 14 | { &hf_dcc_trace_anon, { |
496 | 14 | "Anonymous Requests", "dcc.trace.anon", FT_BOOLEAN, 32, |
497 | 14 | NULL, 0x00000002, NULL, HFILL }}, |
498 | | |
499 | 14 | { &hf_dcc_trace_client, { |
500 | 14 | "Authenticated Client Requests", "dcc.trace.client", FT_BOOLEAN, 32, |
501 | 14 | NULL, 0x00000004, NULL, HFILL }}, |
502 | | |
503 | 14 | { &hf_dcc_trace_rlim, { |
504 | 14 | "Rate-Limited Requests", "dcc.trace.rlim", FT_BOOLEAN, 32, |
505 | 14 | NULL, 0x00000008, NULL, HFILL }}, |
506 | | |
507 | 14 | { &hf_dcc_trace_query, { |
508 | 14 | "Queries and Reports", "dcc.trace.query", FT_BOOLEAN, 32, |
509 | 14 | NULL, 0x00000010, NULL, HFILL }}, |
510 | | |
511 | 14 | { &hf_dcc_trace_ridc, { |
512 | 14 | "RID Cache Messages", "dcc.trace.ridc", FT_BOOLEAN, 32, |
513 | 14 | NULL, 0x00000020, NULL, HFILL }}, |
514 | | |
515 | 14 | { &hf_dcc_trace_flood, { |
516 | 14 | "Input/Output Flooding", "dcc.trace.flood", FT_BOOLEAN, 32, |
517 | 14 | NULL, 0x00000040, NULL, HFILL }}, |
518 | | |
519 | 14 | { &hf_dcc_floodop, { |
520 | 14 | "Flood Control Operation", "dcc.floodop", FT_UINT32, BASE_DEC, |
521 | 14 | VALS(dcc_floodop_vals), 0, NULL, HFILL }}, |
522 | | |
523 | 14 | { &hf_dcc_id, { |
524 | 14 | "Id", "dcc.id", FT_UINT32, BASE_DEC, |
525 | 14 | NULL, 0, NULL, HFILL }}, |
526 | | |
527 | 14 | { &hf_dcc_last_used, { |
528 | 14 | "Last Used", "dcc.last_used", FT_UINT32, BASE_DEC, |
529 | 14 | NULL, 0, NULL, HFILL }}, |
530 | | |
531 | 14 | { &hf_dcc_requests, { |
532 | 14 | "Requests", "dcc.requests", FT_UINT32, BASE_DEC, |
533 | 14 | NULL, 0, NULL, HFILL }}, |
534 | | |
535 | 14 | { &hf_dcc_addr, { |
536 | 14 | "Addr", "dcc.addr", FT_BYTES, BASE_NONE, |
537 | 14 | NULL, 0, NULL, HFILL }}, |
538 | | |
539 | 14 | { &hf_dcc_pad, { |
540 | 14 | "Pad", "dcc.pad", FT_BYTES, BASE_NONE, |
541 | 14 | NULL, 0, NULL, HFILL }}, |
542 | | |
543 | 14 | { &hf_dcc_unused, { |
544 | 14 | "Unused", "dcc.unused", FT_BYTES, BASE_NONE, |
545 | 14 | NULL, 0, NULL, HFILL }}, |
546 | 14 | }; |
547 | | |
548 | 14 | static int *ett[] = { |
549 | 14 | &ett_dcc, |
550 | 14 | &ett_dcc_op, |
551 | 14 | &ett_dcc_ck, |
552 | 14 | &ett_dcc_opnums, |
553 | 14 | &ett_dcc_trace, |
554 | 14 | }; |
555 | | |
556 | 14 | static ei_register_info ei[] = { |
557 | 14 | { &ei_dcc_len, { "dcc.len.short", PI_MALFORMED, PI_ERROR, "Error - packet is shorter than header claims!", EXPFILL }}, |
558 | 14 | }; |
559 | | |
560 | 14 | expert_module_t* expert_dcc; |
561 | | |
562 | 14 | proto_dcc = proto_register_protocol("Distributed Checksum Clearinghouse protocol", "DCC", "dcc"); |
563 | | |
564 | 14 | proto_register_field_array(proto_dcc, hf, array_length(hf)); |
565 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
566 | 14 | expert_dcc = expert_register_protocol(proto_dcc); |
567 | 14 | expert_register_field_array(expert_dcc, ei, array_length(ei)); |
568 | 14 | } |
569 | | |
570 | | void |
571 | | proto_reg_handoff_dcc(void) |
572 | 14 | { |
573 | 14 | heur_dissector_add("udp", dissect_dcc, "Distributed Checksum Clearinghouse over UDP", "dcc_udp", proto_dcc, HEURISTIC_ENABLE); |
574 | 14 | } |
575 | | |
576 | | /* |
577 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
578 | | * |
579 | | * Local variables: |
580 | | * c-basic-offset: 8 |
581 | | * tab-width: 8 |
582 | | * indent-tabs-mode: t |
583 | | * End: |
584 | | * |
585 | | * vi: set shiftwidth=8 tabstop=8 noexpandtab: |
586 | | * :indentSize=8:tabSize=8:noTabs=false: |
587 | | */ |