/src/wireshark/epan/dissectors/packet-edonkey.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* packet-edonkey.c |
2 | | * Routines for edonkey dissection |
3 | | * Copyright 2003, Xuan Zhang <xz@aemail4u.com> |
4 | | * Copyright 2007, Stefano Picerno <stefano.picerno@gmail.com> |
5 | | * Copyright 2008, Stefan Monhof <stefan.monhof@stud.uni-due.de> |
6 | | * |
7 | | * eDonkey dissector based on protocol descriptions from mldonkey: |
8 | | * ftp://ftp.chatnfiles.com/gnu-mirror/savannah/files/mldonkey/docs/Edonkey-Overnet/edonkey-protocol.txt |
9 | | * ftp://ftp.chatnfiles.com/gnu-mirror/savannah/files/mldonkey/docs/Edonkey-Overnet/overnet-protocol.txt |
10 | | * |
11 | | * Kademlia dissector based on source code inspection of aMule 2.1.3 and eMule 0.48a |
12 | | * Modified and added on the basis of information and names from the eMule 0.50 source code |
13 | | * found at http://www.emule-project.net |
14 | | * |
15 | | * Wireshark - Network traffic analyzer |
16 | | * By Gerald Combs <gerald@wireshark.org> |
17 | | * Copyright 1998 Gerald Combs |
18 | | * |
19 | | * SPDX-License-Identifier: GPL-2.0-or-later |
20 | | */ |
21 | | |
22 | | #include "config.h" |
23 | | |
24 | | #include <stdlib.h> |
25 | | |
26 | | #include <epan/packet.h> |
27 | | #include <epan/prefs.h> |
28 | | #include <epan/expert.h> |
29 | | #include "packet-edonkey.h" |
30 | | #include "packet-tcp.h" |
31 | | |
32 | | void proto_reg_handoff_edonkey(void); |
33 | | |
34 | | static dissector_handle_t edonkey_tcp_handle; |
35 | | static dissector_handle_t edonkey_udp_handle; |
36 | | |
37 | | static int proto_edonkey; |
38 | | |
39 | | static int hf_edonkey_message; |
40 | | static int hf_edonkey_protocol; |
41 | | static int hf_edonkey_message_length; |
42 | | static int hf_edonkey_message_type; |
43 | | static int hf_edonkey_client_hash; |
44 | | static int hf_edonkey_server_hash; |
45 | | static int hf_edonkey_file_hash; |
46 | | static int hf_edonkey_client_id; |
47 | | static int hf_edonkey_metatag_namesize; |
48 | | static int hf_edonkey_metatag_type; |
49 | | static int hf_edonkey_metatag; |
50 | | static int hf_edonkey_metatag_name; |
51 | | static int hf_edonkey_metatag_id; |
52 | | static int hf_edonkey_ip; |
53 | | static int hf_edonkey_port; |
54 | | static int hf_edonkey_hash; |
55 | | static int hf_edonkey_part_count; |
56 | | static int hf_edonkey_file_status; |
57 | | static int hf_edonkey_directory; |
58 | | static int hf_edonkey_string; |
59 | | static int hf_edonkey_string_length; |
60 | | static int hf_edonkey_fileinfo; |
61 | | static int hf_edonkey_clientinfo; |
62 | | static int hf_edonkey_serverinfo; |
63 | | static int hf_edonkey_tcp_flags; |
64 | | static int hf_edonkey_aux_port; |
65 | | static int hf_edonkey_server_reported_ip; |
66 | | static int hf_edonkey_soft_limit_files; |
67 | | static int hf_edonkey_hard_limit_files; |
68 | | static int hf_edonkey_number_of_lowid_users; |
69 | | static int hf_edonkey_udp_flags; |
70 | | static int hf_edonkey_udp_obfuscation_port; |
71 | | static int hf_edonkey_tcp_obfuscation_port; |
72 | | static int hf_edonkey_server_udp_key; |
73 | | static int hf_emule_aich_partnum; |
74 | | static int hf_emule_aich_root_hash; |
75 | | static int hf_emule_aich_hash_entry; |
76 | | static int hf_emule_aich_hash_id; |
77 | | static int hf_emule_aich_hash; |
78 | | static int hf_emule_multipacket_entry; |
79 | | static int hf_emule_multipacket_opcode; |
80 | | static int hf_emule_source_count; |
81 | | static int hf_emule_zlib; |
82 | | static int hf_emule_public_key; |
83 | | static int hf_emule_signature; |
84 | | static int hf_emule_sourceOBFU; |
85 | | static int hf_overnet_peer; |
86 | | |
87 | | static int hf_edonkey_unparsed_data_length; |
88 | | static int hf_kademlia; |
89 | | static int hf_kademlia_search_condition; |
90 | | static int hf_kademlia_search_condition_argument_uint32; |
91 | | static int hf_kademlia_search_condition_argument_uint64; |
92 | | /* static int hf_kademlia_unparsed_data_length; */ |
93 | | static int hf_kademlia_peer; |
94 | | static int hf_kademlia_peer_id; |
95 | | static int hf_kademlia_hash; |
96 | | static int hf_kademlia_file_id; |
97 | | static int hf_kademlia_keyword_hash; |
98 | | static int hf_kademlia_recipients_id; |
99 | | static int hf_kademlia_sender_id; |
100 | | static int hf_kademlia_target_id; |
101 | | static int hf_kademlia_distance; |
102 | | static int hf_kademlia_version; |
103 | | static int hf_kademlia_peertype; |
104 | | static int hf_kademlia_tag_float; |
105 | | static int hf_kademlia_tag_uint64; |
106 | | static int hf_kademlia_tag_uint32; |
107 | | static int hf_kademlia_tag_ipv4; |
108 | | static int hf_kademlia_tag_uint16; |
109 | | static int hf_kademlia_tag_uint8; |
110 | | static int hf_kademlia_tag_hash; |
111 | | static int hf_kademlia_tag_bsob; |
112 | | static int hf_kademlia_tag_string; |
113 | | static int hf_kademlia_udp_port; |
114 | | static int hf_kademlia_tcp_port; |
115 | | static int hf_kademlia_ip; |
116 | | static int hf_kademlia_tag_name; |
117 | | static int hf_kademlia_tag_name_length; |
118 | | static int hf_kademlia_tag_type; |
119 | | static int hf_kademlia_request_type; |
120 | | static int hf_kademlia_search_expression_type; |
121 | | static int hf_kademlia_search_bool_op; |
122 | | |
123 | | /* Generated from convert_proto_tree_add_text.pl */ |
124 | | static int hf_edonkey_list_size; |
125 | | static int hf_edonkey_meta_tag_value_revision; |
126 | | static int hf_edonkey_meta_tag_value_uint; |
127 | | static int hf_edonkey_boolean_array_length; |
128 | | static int hf_edonkey_blob_length; |
129 | | static int hf_edonkey_kademlia_string; |
130 | | static int hf_emule_public_key_length; |
131 | | static int hf_emule_signature_length; |
132 | | static int hf_edonkey_obfuscation_settings; |
133 | | static int hf_edonkey_start_offset; |
134 | | static int hf_edonkey_start_offset_64; |
135 | | static int hf_edonkey_end_offset; |
136 | | static int hf_edonkey_end_offset_64; |
137 | | static int hf_edonkey_emule_file_length; |
138 | | static int hf_edonkey_overnet_peer_type; |
139 | | static int hf_edonkey_more_search_file_results; |
140 | | static int hf_edonkey_file_size; |
141 | | static int hf_edonkey_large_file_size; |
142 | | static int hf_edonkey_number_of_users; |
143 | | static int hf_edonkey_number_of_files; |
144 | | static int hf_edonkey_message_data; |
145 | | static int hf_edonkey_emule_version; |
146 | | static int hf_edonkey_emule_queue_ranking; |
147 | | static int hf_edonkey_emule_ident_state; |
148 | | static int hf_edonkey_emule_rndchallenge; |
149 | | static int hf_edonkey_emule_sig_ip_used; |
150 | | static int hf_edonkey_packed_length; |
151 | | static int hf_edonkey_compressed_message_data; |
152 | | static int hf_edonkey_challenge; |
153 | | static int hf_edonkey_max_number_of_users; |
154 | | static int hf_edonkey_search_type; |
155 | | static int hf_edonkey_search_range_min; |
156 | | static int hf_edonkey_search_range_max; |
157 | | static int hf_edonkey_kademlia_uload; |
158 | | static int hf_edonkey_kademlia_start_position; |
159 | | static int hf_edonkey_kademlia_filesize; |
160 | | static int hf_edonkey_kademlia_restrictive; |
161 | | static int hf_edonkey_broken_compressed_data; |
162 | | static int hf_edonkey_search_limit; |
163 | | static int hf_edonkey_search_limit_type; |
164 | | static int hf_edonkey_search_ops; |
165 | | static int hf_edonkey_user_hash_length; |
166 | | |
167 | | static int ett_kademlia_tag; |
168 | | static int ett_edonkey_listitem; |
169 | | static int ett_kademlia_search_expression; |
170 | | static int ett_edonkey; |
171 | | static int ett_edonkey_message; |
172 | | static int ett_edonkey_metatag; |
173 | | static int ett_edonkey_search; |
174 | | static int ett_edonkey_fileinfo; |
175 | | static int ett_edonkey_serverinfo; |
176 | | static int ett_edonkey_clientinfo; |
177 | | static int ett_emule_aichhash; |
178 | | static int ett_emule_multipacket; |
179 | | static int ett_emule_zlib; |
180 | | static int ett_overnet_peer; |
181 | | static int ett_emule_sourceOBFU; |
182 | | |
183 | | static expert_field ei_kademlia_tag_type; |
184 | | static expert_field ei_kademlia_search_expression_type; |
185 | | |
186 | 14 | #define EDONKEY_TCP_PORT_RANGE "4661-4663" /* Not IANA registered */ |
187 | 14 | #define EDONKEY_UDP_PORT_RANGE "4665,4672" /* Not IANA registered */ |
188 | | |
189 | | /* desegmentation of eDonkey over TCP */ |
190 | | static bool edonkey_desegment = true; |
191 | | |
192 | | static const value_string kademlia_msgs[] = { |
193 | | { KADEMLIA2_BOOTSTRAP_REQ ,"KADEMLIA2_BOOTSTRAP_REQ" }, |
194 | | { KADEMLIA2_BOOTSTRAP_RES ,"KADEMLIA2_BOOTSTRAP_RES" }, |
195 | | { KADEMLIA2_HELLO_REQ ,"KADEMLIA2_HELLO_REQ" }, |
196 | | { KADEMLIA2_HELLO_RES ,"KADEMLIA2_HELLO_RES" }, |
197 | | { KADEMLIA2_PUBLISH_KEY_REQ ,"KADEMLIA2_PUBLISH_KEY_REQ" }, |
198 | | { KADEMLIA2_PUBLISH_NOTES_REQ ,"KADEMLIA2_PUBLISH_NOTES_REQ" }, |
199 | | { KADEMLIA2_PUBLISH_RES ,"KADEMLIA2_PUBLISH_RES" }, |
200 | | { KADEMLIA2_PUBLISH_SOURCE_REQ ,"KADEMLIA2_PUBLISH_SOURCE_REQ" }, |
201 | | { KADEMLIA2_REQ ,"KADEMLIA2_REQ" }, |
202 | | { KADEMLIA2_RES ,"KADEMLIA2_RES" }, |
203 | | { KADEMLIA2_SEARCH_KEY_REQ ,"KADEMLIA2_SEARCH_KEY_REQ" }, |
204 | | { KADEMLIA2_SEARCH_NOTES_REQ ,"KADEMLIA2_SEARCH_NOTES_REQ" }, |
205 | | { KADEMLIA2_SEARCH_RES ,"KADEMLIA2_SEARCH_RES" }, |
206 | | { KADEMLIA2_SEARCH_SOURCE_REQ ,"KADEMLIA2_SEARCH_SOURCE_REQ" }, |
207 | | { KADEMLIA_BOOTSTRAP_REQ ,"KADEMLIA_BOOTSTRAP_REQ" }, |
208 | | { KADEMLIA_BOOTSTRAP_RES ,"KADEMLIA_BOOTSTRAP_RES" }, |
209 | | { KADEMLIA_CALLBACK_REQ ,"KADEMLIA_CALLBACK_REQ" }, |
210 | | { KADEMLIA_FINDBUDDY_REQ ,"KADEMLIA_FINDBUDDY_REQ" }, |
211 | | { KADEMLIA_FINDBUDDY_RES ,"KADEMLIA_FINDBUDDY_RES" }, |
212 | | { KADEMLIA_FIREWALLED_ACK_RES ,"KADEMLIA_FIREWALLED_ACK_RES" }, |
213 | | { KADEMLIA_FIREWALLED_REQ ,"KADEMLIA_FIREWALLED_REQ" }, |
214 | | { KADEMLIA_FIREWALLED_RES ,"KADEMLIA_FIREWALLED_RES" }, |
215 | | { KADEMLIA_HELLO_REQ ,"KADEMLIA_HELLO_REQ" }, |
216 | | { KADEMLIA_HELLO_RES ,"KADEMLIA_HELLO_RES" }, |
217 | | { KADEMLIA_PUBLISH_NOTES_REQ ,"KADEMLIA_PUBLISH_NOTES_REQ" }, |
218 | | { KADEMLIA_PUBLISH_NOTES_RES ,"KADEMLIA_PUBLISH_NOTES_RES" }, |
219 | | { KADEMLIA_PUBLISH_REQ ,"KADEMLIA_PUBLISH_REQ" }, |
220 | | { KADEMLIA_PUBLISH_RES ,"KADEMLIA_PUBLISH_RES" }, |
221 | | { KADEMLIA_REQ ,"KADEMLIA_REQ" }, |
222 | | { KADEMLIA_RES ,"KADEMLIA_RES" }, |
223 | | { KADEMLIA_SEARCH_NOTES_REQ ,"KADEMLIA_SEARCH_NOTES_REQ" }, |
224 | | { KADEMLIA_SEARCH_NOTES_RES ,"KADEMLIA_SEARCH_NOTES_RES" }, |
225 | | { KADEMLIA_SEARCH_REQ ,"KADEMLIA_SEARCH_REQ" }, |
226 | | { KADEMLIA_SEARCH_RES ,"KADEMLIA_SEARCH_RES" }, |
227 | | { 0, NULL } |
228 | | }; |
229 | | |
230 | | static const value_string kademlia_tag_types[] = { |
231 | | { KADEMLIA_TAGTYPE_HASH ,"TAGTYPE_HASH" }, |
232 | | { KADEMLIA_TAGTYPE_STRING ,"TAGTYPE_STRING" }, |
233 | | { KADEMLIA_TAGTYPE_UINT32 ,"TAGTYPE_UINT32" }, |
234 | | { KADEMLIA_TAGTYPE_FLOAT32 ,"TAGTYPE_FLOAT32" }, |
235 | | { KADEMLIA_TAGTYPE_BOOL ,"TAGTYPE_BOOL" }, |
236 | | { KADEMLIA_TAGTYPE_BOOLARRAY ,"TAGTYPE_BOOLARRAY" }, |
237 | | { KADEMLIA_TAGTYPE_BLOB ,"TAGTYPE_BLOB" }, |
238 | | { KADEMLIA_TAGTYPE_UINT16 ,"TAGTYPE_UINT16" }, |
239 | | { KADEMLIA_TAGTYPE_UINT8 ,"TAGTYPE_UINT8" }, |
240 | | { KADEMLIA_TAGTYPE_BSOB ,"TAGTYPE_BSOB" }, |
241 | | { KADEMLIA_TAGTYPE_UINT64 ,"TAGTYPE_UINT64" }, |
242 | | |
243 | | { KADEMLIA_TAGTYPE_STR1 ,"TAGTYPE_STR1" }, |
244 | | { KADEMLIA_TAGTYPE_STR2 ,"TAGTYPE_STR2" }, |
245 | | { KADEMLIA_TAGTYPE_STR3 ,"TAGTYPE_STR3" }, |
246 | | { KADEMLIA_TAGTYPE_STR4 ,"TAGTYPE_STR4" }, |
247 | | { KADEMLIA_TAGTYPE_STR5 ,"TAGTYPE_STR5" }, |
248 | | { KADEMLIA_TAGTYPE_STR6 ,"TAGTYPE_STR6" }, |
249 | | { KADEMLIA_TAGTYPE_STR7 ,"TAGTYPE_STR7" }, |
250 | | { KADEMLIA_TAGTYPE_STR8 ,"TAGTYPE_STR8" }, |
251 | | { KADEMLIA_TAGTYPE_STR9 ,"TAGTYPE_STR9" }, |
252 | | { KADEMLIA_TAGTYPE_STR10 ,"TAGTYPE_STR10" }, |
253 | | { KADEMLIA_TAGTYPE_STR11 ,"TAGTYPE_STR11" }, |
254 | | { KADEMLIA_TAGTYPE_STR12 ,"TAGTYPE_STR12" }, |
255 | | { KADEMLIA_TAGTYPE_STR13 ,"TAGTYPE_STR13" }, |
256 | | { KADEMLIA_TAGTYPE_STR14 ,"TAGTYPE_STR14" }, |
257 | | { KADEMLIA_TAGTYPE_STR15 ,"TAGTYPE_STR15" }, |
258 | | { KADEMLIA_TAGTYPE_STR16 ,"TAGTYPE_STR16" }, |
259 | | { KADEMLIA_TAGTYPE_STR17 ,"TAGTYPE_STR17" }, |
260 | | { KADEMLIA_TAGTYPE_STR18 ,"TAGTYPE_STR18" }, |
261 | | { KADEMLIA_TAGTYPE_STR19 ,"TAGTYPE_STR19" }, |
262 | | { KADEMLIA_TAGTYPE_STR20 ,"TAGTYPE_STR20" }, |
263 | | { KADEMLIA_TAGTYPE_STR21 ,"TAGTYPE_STR21" }, |
264 | | { KADEMLIA_TAGTYPE_STR22 ,"TAGTYPE_STR22" }, |
265 | | { 0, NULL } |
266 | | }; |
267 | | |
268 | | static const value_string kademlia_tags[] = { |
269 | | { KADEMLIA_TAG_BUDDYHASH ,"TAG_BUDDYHASH" }, |
270 | | { KADEMLIA_TAG_CLIENTLOWID ,"TAG_CLIENTLOWID" }, |
271 | | { KADEMLIA_TAG_COLLECTION ,"TAG_COLLECTION" }, |
272 | | { KADEMLIA_TAG_COPIED ,"TAG_COPIED" }, |
273 | | { KADEMLIA_TAG_DESCRIPTION ,"TAG_DESCRIPTION" }, |
274 | | { KADEMLIA_TAG_ENCRYPTION ,"TAG_ENCRYPTION" }, |
275 | | { KADEMLIA_TAG_FAIL ,"TAG_FAIL" }, |
276 | | { KADEMLIA_TAG_FILECOMMENT ,"TAG_FILECOMMENT" }, |
277 | | { KADEMLIA_TAG_FILE_COUNT ,"TAG_FILE_COUNT" }, |
278 | | { KADEMLIA_TAG_FILEFORMAT ,"TAG_FILEFORMAT" }, |
279 | | { KADEMLIA_TAG_FILENAME ,"TAG_FILENAME" }, |
280 | | { KADEMLIA_TAG_FILERATING ,"TAG_FILERATING" }, |
281 | | { KADEMLIA_TAG_FILESIZE_HI ,"TAG_FILESIZE_HI" }, |
282 | | { KADEMLIA_TAG_FILESIZE ,"TAG_FILESIZE" }, |
283 | | { KADEMLIA_TAG_FILETYPE ,"TAG_FILETYPE" }, |
284 | | { KADEMLIA_TAG_GAP_END ,"TAG_GAP_END" }, |
285 | | { KADEMLIA_TAG_GAP_START ,"TAG_GAP_START" }, |
286 | | { KADEMLIA_TAG_IP_ADDRESS ,"TAG_IP_ADDRESS" }, |
287 | | { KADEMLIA_TAG_MEDIA_ALBUM ,"TAG_MEDIA_ALBUM" }, |
288 | | { KADEMLIA_TAG_MEDIA_ARTIST ,"TAG_MEDIA_ARTIST" }, |
289 | | { KADEMLIA_TAG_MEDIA_BITRATE ,"TAG_MEDIA_BITRATE"}, |
290 | | { KADEMLIA_TAG_MEDIA_CODEC ,"TAG_MEDIA_CODEC" }, |
291 | | { KADEMLIA_TAG_MEDIA_LENGTH ,"TAG_MEDIA_LENGTH" }, |
292 | | { KADEMLIA_TAG_MEDIA_TITLE ,"TAG_MEDIA_TITLE" }, |
293 | | { KADEMLIA_TAG_PART_HASH ,"TAG_PART_HASH" }, |
294 | | { KADEMLIA_TAG_PART_PATH ,"TAG_PART_PATH" }, |
295 | | { KADEMLIA_TAG_PARTS ,"TAG_PARTS" }, |
296 | | { KADEMLIA_TAG_PERMISSIONS ,"TAG_PERMISSIONS" }, |
297 | | { KADEMLIA_TAG_PING ,"TAG_PING" }, |
298 | | { KADEMLIA_TAG_PORT ,"TAG_PORT" }, |
299 | | { KADEMLIA_TAG_PREFERENCE ,"TAG_PREFERENCE" }, |
300 | | { KADEMLIA_TAG_PRIORITY ,"TAG_PRIORITY" }, |
301 | | { KADEMLIA_TAG_QTIME ,"TAG_QTIME" }, |
302 | | { KADEMLIA_TAG_SERVERIP ,"TAG_SERVERIP" }, |
303 | | { KADEMLIA_TAG_SERVERPORT ,"TAG_SERVERPORT" }, |
304 | | { KADEMLIA_TAG_SOURCEIP ,"TAG_SOURCEIP" }, |
305 | | { KADEMLIA_TAG_SOURCEPORT ,"TAG_SOURCEPORT" }, |
306 | | { KADEMLIA_TAG_SOURCES ,"TAG_SOURCES" }, |
307 | | { KADEMLIA_TAG_SOURCETYPE ,"TAG_SOURCETYPE" }, |
308 | | { KADEMLIA_TAG_SOURCEUPORT ,"TAG_SOURCEUPORT" }, |
309 | | { KADEMLIA_TAG_STATUS ,"TAG_STATUS" }, |
310 | | { KADEMLIA_TAG_TEMPFILE ,"TAG_TEMPFILE" }, |
311 | | { KADEMLIA_TAG_USER_COUNT ,"TAG_USER_COUNT" }, |
312 | | { KADEMLIA_TAG_VERSION ,"TAG_VERSION" }, |
313 | | |
314 | | { 0, NULL } |
315 | | }; |
316 | | |
317 | | static const value_string edonkey_protocols[] = { |
318 | | { EDONKEY_PROTO_EDONKEY, "eDonkey" }, |
319 | | { EDONKEY_PROTO_EMULE_EXT, "eMule Extensions" }, |
320 | | { EDONKEY_PROTO_EMULE_COMP, "eMule Compressed" }, |
321 | | { EDONKEY_PROTO_KADEMLIA, "Kademlia" }, |
322 | | { EDONKEY_PROTO_KADEMLIA_COMP, "Kademlia Compressed" }, |
323 | | { EDONKEY_PROTO_ADU_KADEMLIA, "KAdu" }, |
324 | | { EDONKEY_PROTO_ADU_KADEMLIA_COMP, "KAdu Compressed" }, |
325 | | { 0, NULL } |
326 | | }; |
327 | | |
328 | | static const value_string edonkey_tcp_msgs[] = { |
329 | | { EDONKEY_MSG_HELLO, "Hello" }, |
330 | | { EDONKEY_MSG_BAD_PROTO, "Bad Proto" }, |
331 | | { EDONKEY_MSG_GET_SERVER_LIST, "Get Server List" }, |
332 | | { EDONKEY_MSG_OFFER_FILES, "Offer Files" }, |
333 | | { EDONKEY_MSG_SEARCH_FILES, "Search Files" }, |
334 | | { EDONKEY_MSG_DISCONNECT, "Disconnect" }, |
335 | | { EDONKEY_MSG_GET_SOURCES, "Get Sources" }, |
336 | | { EDONKEY_MSG_GET_SOURCES_OBFU, "Get Sources Obfuscation" }, |
337 | | { EDONKEY_MSG_SEARCH_USER, "Search User" }, |
338 | | { EDONKEY_MSG_CLIENT_CB_REQ, "Client Callback Request" }, |
339 | | { EDONKEY_MSG_MORE_RESULTS, "More Results" }, |
340 | | { EDONKEY_MSG_SERVER_LIST, "Server List" }, |
341 | | { EDONKEY_MSG_SEARCH_FILE_RESULTS, "Search File Results" }, |
342 | | { EDONKEY_MSG_SERVER_STATUS, "Server Status" }, |
343 | | { EDONKEY_MSG_SERVER_CB_REQ, "Server Callback Request" }, |
344 | | { EDONKEY_MSG_CALLBACK_FAIL, "Callback Fail" }, |
345 | | { EDONKEY_MSG_SERVER_MESSAGE, "Server Message" }, |
346 | | { EDONKEY_MSG_ID_CHANGE, "ID Change" }, |
347 | | { EDONKEY_MSG_SERVER_INFO_DATA, "Server Info Data" }, |
348 | | { EDONKEY_MSG_FOUND_SOURCES, "Found Sources" }, |
349 | | { EDONKEY_MSG_FOUND_SOURCES_OBFU, "Found Sources Obfuscation"}, |
350 | | { EDONKEY_MSG_SEARCH_USER_RESULTS, "Search User Results" }, |
351 | | { EDONKEY_MSG_SENDING_PART, "Sending Part" }, |
352 | | { EDONKEY_MSG_REQUEST_PARTS, "Request Parts" }, |
353 | | { EDONKEY_MSG_NO_SUCH_FILE, "No Such File" }, |
354 | | { EDONKEY_MSG_END_OF_DOWNLOAD, "End of Download" }, |
355 | | { EDONKEY_MSG_VIEW_FILES, "View Files" }, |
356 | | { EDONKEY_MSG_VIEW_FILES_ANSWER, "View Files Answer" }, |
357 | | { EDONKEY_MSG_HELLO_ANSWER, "Hello Answer" }, |
358 | | { EDONKEY_MSG_NEW_CLIENT_ID, "New Client ID" }, |
359 | | { EDONKEY_MSG_CLIENT_MESSAGE, "Client Message" }, |
360 | | { EDONKEY_MSG_FILE_STATUS_REQUEST, "File Status Request" }, |
361 | | { EDONKEY_MSG_FILE_STATUS, "File Status" }, |
362 | | { EDONKEY_MSG_HASHSET_REQUEST, "Hashset Request" }, |
363 | | { EDONKEY_MSG_HASHSET_ANSWER, "Hashset Answer" }, |
364 | | { EDONKEY_MSG_SLOT_REQUEST, "Slot Request" }, |
365 | | { EDONKEY_MSG_SLOT_GIVEN, "Slot Given" }, |
366 | | { EDONKEY_MSG_SLOT_RELEASE, "Slot Release" }, |
367 | | { EDONKEY_MSG_SLOT_TAKEN, "Slot Taken" }, |
368 | | { EDONKEY_MSG_FILE_REQUEST, "File Request" }, |
369 | | { EDONKEY_MSG_FILE_REQUEST_ANSWER, "File Request Answer" }, |
370 | | { EDONKEY_MSG_GET_SHARED_DIRS, "Get Shared Directories" }, |
371 | | { EDONKEY_MSG_GET_SHARED_FILES, "Get Shared Files" }, |
372 | | { EDONKEY_MSG_SHARED_DIRS, "Shared Directories" }, |
373 | | { EDONKEY_MSG_SHARED_FILES, "Shared Files" }, |
374 | | { EDONKEY_MSG_SHARED_DENIED, "Shared Denied" }, |
375 | | { 0, NULL } |
376 | | }; |
377 | | |
378 | | static const value_string emule_tcp_msgs[] = { |
379 | | { EMULE_MSG_HELLO, "Hello" }, |
380 | | { EMULE_MSG_HELLO_ANSWER, "Hello Answer" }, |
381 | | { EMULE_MSG_DATA_COMPRESSED, "Data Compressed" }, |
382 | | { EMULE_MSG_QUEUE_RANKING, "Queue Ranking" }, |
383 | | { EMULE_MSG_FILE_DESC, "File Description" }, |
384 | | { EMULE_MSG_SOURCES_REQUEST, "Sources Request" }, |
385 | | { EMULE_MSG_SOURCES_ANSWER, "Sources Answer" }, |
386 | | { EMULE_MSG_SIGNATURE, "Signature" }, |
387 | | { EMULE_MSG_PUBLIC_KEY, "Public Key" }, |
388 | | { EMULE_MSG_SEC_IDENT_STATE, "Second Identification State" }, |
389 | | { EMULE_MSG_MULTIPACKET, "MultiPacket" }, |
390 | | { EMULE_MSG_MULTIPACKET_EXT, "MultiPacketExt" }, |
391 | | { EMULE_MSG_MULTIPACKET_ANSWER, "MultiPacket Answer" }, |
392 | | { EMULE_MSG_CALLBACK, "Callback" }, |
393 | | { EMULE_MSG_AICH_REQUEST, "AICH Hashset Request" }, |
394 | | { EMULE_MSG_AICH_ANSWER, "AICH Hashset Answer" }, |
395 | | { EMULE_MSG_AICHFILEHASH_ANSWER, "AICH Master Hash Request" }, |
396 | | { EMULE_MSG_AICHFILEHASH_REQUEST, "AICH Master Hash Answer" }, |
397 | | { EMULE_MSG_DATA_COMPRESSED_64, "Data Compressed (64bit)" }, |
398 | | { EMULE_MSG_SENDING_PART_64, "Sending Part (64bit)" }, |
399 | | { EMULE_MSG_REQUEST_PARTS_64, "Request Parts (64bit)" }, |
400 | | { 0, NULL } |
401 | | }; |
402 | | |
403 | | static const value_string edonkey_udp_msgs[] = { |
404 | | { EDONKEY_MSG_UDP_SERVER_STATUS_REQUEST, "Server Status Request" }, |
405 | | { EDONKEY_MSG_UDP_SERVER_STATUS, "Server Status" }, |
406 | | { EDONKEY_MSG_UDP_SEARCH_FILE, "Search File" }, |
407 | | { EDONKEY_MSG_UDP_SEARCH_FILE_RESULTS, "Search File Results" }, |
408 | | { EDONKEY_MSG_UDP_GET_SOURCES, "Get Sources" }, |
409 | | { EDONKEY_MSG_UDP_FOUND_SOURCES, "Found Sources" }, |
410 | | { EDONKEY_MSG_UDP_CALLBACK_REQUEST, "Callback Request" }, |
411 | | { EDONKEY_MSG_UDP_CALLBACK_FAIL, "Callback Fail" }, |
412 | | { EDONKEY_MSG_UDP_SERVER_LIST, "Server List" }, |
413 | | { EDONKEY_MSG_UDP_GET_SERVER_INFO, "Get Server Info" }, |
414 | | { EDONKEY_MSG_UDP_SERVER_INFO, "Server Info" }, |
415 | | { EDONKEY_MSG_UDP_GET_SERVER_LIST, "Get Server List" }, |
416 | | |
417 | | /* eMule Extensions */ |
418 | | { EMULE_MSG_UDP_REASKFILEPING, "Reask File Ping" }, |
419 | | { EMULE_MSG_UDP_REASKACK, "Reask ACK" }, |
420 | | { EMULE_MSG_UDP_FILE_NOT_FOUND, "File not found" }, |
421 | | { EMULE_MSG_UDP_QUEUE_FULL, "Queue Full" }, |
422 | | |
423 | | /* Overnet Extensions */ |
424 | | { OVERNET_MSG_UDP_CONNECT, "Connect" }, |
425 | | { OVERNET_MSG_UDP_CONNECT_REPLY, "Connect Reply" }, |
426 | | { OVERNET_MSG_UDP_PUBLICIZE, "Publicize" }, |
427 | | { OVERNET_MSG_UDP_PUBLICIZE_ACK, "Publicize ACK" }, |
428 | | { OVERNET_MSG_UDP_SEARCH, "Search" }, |
429 | | { OVERNET_MSG_UDP_SEARCH_NEXT, "Search Next" }, |
430 | | { OVERNET_MSG_UDP_SEARCH_INFO, "Search Info" }, |
431 | | { OVERNET_MSG_UDP_SEARCH_RESULT, "Search Result" }, |
432 | | { OVERNET_MSG_UDP_SEARCH_END, "Search End" }, |
433 | | { OVERNET_MSG_UDP_PUBLISH, "Publish" }, |
434 | | { OVERNET_MSG_UDP_PUBLISH_ACK, "Publish ACK" }, |
435 | | { OVERNET_MSG_UDP_IDENTIFY_REPLY, "Identify Reply" }, |
436 | | { OVERNET_MSG_UDP_IDENTIFY_ACK, "Identify ACK" }, |
437 | | { OVERNET_MSG_UDP_FIREWALL_CONNECTION, "Firewall Connection" }, |
438 | | { OVERNET_MSG_UDP_FIREWALL_CONNECTION_ACK, "Firewall Connection ACK" }, |
439 | | { OVERNET_MSG_UDP_FIREWALL_CONNECTION_NACK, "Firewall Connection NACK" }, |
440 | | { OVERNET_MSG_UDP_IP_QUERY, "IP Query" }, |
441 | | { OVERNET_MSG_UDP_IP_QUERY_ANSWER, "IP Query Answer" }, |
442 | | { OVERNET_MSG_UDP_IP_QUERY_END, "IP Query End" }, |
443 | | { OVERNET_MSG_UDP_IDENTIFY, "Identify" }, |
444 | | { 0, NULL } |
445 | | }; |
446 | | |
447 | | static const value_string edonkey_special_tags[] = { |
448 | | { EDONKEY_STAG_NAME, "Name" }, |
449 | | { EDONKEY_STAG_SIZE, "Size" }, |
450 | | { EDONKEY_STAG_TYPE, "Type" }, |
451 | | { EDONKEY_STAG_FORMAT, "Format" }, |
452 | | { EDONKEY_STAG_COLLECTION, "Collection" }, |
453 | | { EDONKEY_STAG_PART_PATH, "Part Path" }, |
454 | | { EDONKEY_STAG_PART_HASH, "Part Hash" }, |
455 | | { EDONKEY_STAG_COPIED, "Copied" }, |
456 | | { EDONKEY_STAG_GAP_START, "Gap Start" }, |
457 | | { EDONKEY_STAG_GAP_END, "Gap End" }, |
458 | | { EDONKEY_STAG_DESCRIPTION, "Description" }, |
459 | | { EDONKEY_STAG_PING, "Ping" }, |
460 | | { EDONKEY_STAG_FAIL, "Fail" }, |
461 | | { EDONKEY_STAG_PREFERENCE, "Preference" }, |
462 | | { EDONKEY_STAG_PORT, "Port" }, |
463 | | { EDONKEY_STAG_IP, "IP" }, |
464 | | { EDONKEY_STAG_VERSION, "Version" }, |
465 | | { EDONKEY_STAG_TEMPFILE, "Temporary File" }, |
466 | | { EDONKEY_STAG_PRIORITY, "Priority" }, |
467 | | { EDONKEY_STAG_STATUS, "Status" }, |
468 | | { EDONKEY_STAG_AVAILABILITY, "Availability" }, |
469 | | { EDONKEY_STAG_QTIME, "Queue Time" }, |
470 | | { EDONKEY_STAG_PARTS, "Parts" }, |
471 | | { EDONKEY_STAG_MOD_VERSION, "Mod Version" }, |
472 | | { EMULE_STAG_COMPRESSION, "Compression" }, |
473 | | { EMULE_STAG_UDP_CLIENT_PORT, "UDP Client Port" }, |
474 | | { EMULE_STAG_UDP_VERSION, "UDP Version" }, |
475 | | { EMULE_STAG_SOURCE_EXCHANGE, "Source Exchange" }, |
476 | | { EMULE_STAG_COMMENTS, "Comments" }, |
477 | | { EMULE_STAG_EXTENDED_REQUEST, "Extended Request" }, |
478 | | { EMULE_STAG_COMPATIBLE_CLIENT, "Compatible Client" }, |
479 | | { EMULE_STAG_COMPLETE_SOURCES, "Complete Sources" }, |
480 | | { EMULE_STAG_SIZE_HI, "Size (High Byte)" }, |
481 | | { EMULE_STAG_SERVER_VERSION, "Server Version" }, |
482 | | { EMULE_STAG_COMPAT_OPTIONS1, "Compatible Options" }, |
483 | | { EMULE_STAG_UDPPORTS, "UDP Ports" }, |
484 | | { EMULE_STAG_MISCOPTIONS1, "Misc Options 1" }, |
485 | | { EMULE_STAG_VERSION, "eMule Version" }, |
486 | | { EMULE_STAG_BUDDYIP, "Buddy IP" }, |
487 | | { EMULE_STAG_BUDDYUDP, "Buddy UDP" }, |
488 | | { EMULE_STAG_MISCOPTIONS2, "Misc Options 2" }, |
489 | | { 0, NULL } |
490 | | }; |
491 | | |
492 | | static const value_string edonkey_search_type_vals[] = { |
493 | | { EDONKEY_SEARCH_BOOL, "Boolean" }, |
494 | | { EDONKEY_SEARCH_NAME, "Name" }, |
495 | | { EDONKEY_SEARCH_META, "Metadata" }, |
496 | | { EDONKEY_SEARCH_LIMIT, "Limit" }, |
497 | | { 0, NULL } |
498 | | }; |
499 | | |
500 | | static const value_string edonkey_search_ext_type_vals[] = { |
501 | | { 0, "BoolOp" }, |
502 | | { 1, "String" }, |
503 | | { 2, "MetaTag" }, |
504 | | { 3, "32bitOp" }, |
505 | | { 4, "64bitOp" }, |
506 | | { 0, NULL } |
507 | | }; |
508 | | |
509 | | static const value_string edonkey_search_ops[] = { |
510 | | { EDONKEY_SEARCH_AND, "AND" }, |
511 | | { EDONKEY_SEARCH_OR, "OR" }, |
512 | | { EDONKEY_SEARCH_ANDNOT, "AND NOT" }, |
513 | | { 0, NULL } |
514 | | }; |
515 | | |
516 | | static const value_string edonkey_search_conds[] = { |
517 | | { EDONKEY_SEARCH_MIN, "MIN" }, |
518 | | { EDONKEY_SEARCH_MAX, "MAX" }, |
519 | | { 0, NULL } |
520 | | }; |
521 | | |
522 | | static const value_string kademlia_search_conds[] = { |
523 | | { 0, "=" }, |
524 | | { 1, ">" }, |
525 | | { 2, "<" }, |
526 | | { 3, ">=" }, |
527 | | { 4, "<=" }, |
528 | | { 5, "<>" }, |
529 | | { 0, NULL } |
530 | | }; |
531 | | |
532 | | static const value_string kademlia_versions[] = { |
533 | | { KADEMLIA_VERSION1_46c, " (eMule <= 0.46c or compatibles)" }, |
534 | | { KADEMLIA_VERSION2_47a, " (eMule 0.47a or compatibles)" }, |
535 | | { KADEMLIA_VERSION3_47b, " (eMule 0.47b or compatibles)" }, |
536 | | { KADEMLIA_VERSION5_48a, " (eMule 0.48a or compatibles)" }, |
537 | | { KADEMLIA_VERSION6_49aBETA, " (eMule 0.49aBETA1 or compatibles)" }, |
538 | | { KADEMLIA_VERSION7_49a, " (eMule 0.49a or compatibles)" }, |
539 | | { 0, NULL } |
540 | | }; |
541 | | |
542 | | static const value_string kademlia_parameter[] = { |
543 | | { KADEMLIA_FIND_VALUE, " (Find Value)" }, |
544 | | { KADEMLIA_STORE, " (Store)" }, |
545 | | { KADEMLIA_FIND_NODE, " (Find Node)" }, |
546 | | { 0, NULL } |
547 | | }; |
548 | | |
549 | | static const value_string kademlia_tag_sourcetype[] = { |
550 | | { 1, "HighID Source" }, |
551 | | { 3, "Firewalled Kad Source" }, |
552 | | { 4, ">4GB file HighID Source" }, |
553 | | { 5, ">4GB file Firewalled Kad Source" }, |
554 | | { 6, "Firewalled Source with Direct Callback (supports >4GB)" }, |
555 | | { 0, NULL } |
556 | | }; |
557 | | |
558 | | static const value_string kademlia_tag_encryption[] = { |
559 | | { 1, "Supports Crypt Layer" }, |
560 | | { 2, "Requests Crypt Layer" }, |
561 | | { 3, "Supports & Requests Crypt Layer" }, |
562 | | { 4, "Requires Crypt Layer" }, |
563 | | { 5, "Supports & Requires Crypt Layer" }, |
564 | | { 6, "Requests & Requires Crypt Layer" }, |
565 | | { 7, "Supports, Requests & Requires Crypt Layer" }, |
566 | | { 8, "Direct UDP Callback" }, |
567 | | { 9, "Supports Crypt Layer; Direct UDP Callback" }, |
568 | | { 10, "Requests Crypt Layer; Direct UDP Callback" }, |
569 | | { 11, "Supports & Requests Crypt Layer; Direct UDP Callback" }, |
570 | | { 12, "Requires Crypt Layer; Direct UDP Callback" }, |
571 | | { 13, "Supports & Requires Crypt Layer; Direct UDP Callback" }, |
572 | | { 14, "Requests & Requires Crypt Layer; Direct UDP Callback" }, |
573 | | { 15, "Supports, Requests & Requires Crypt Layer; Direct UDP Callback" }, |
574 | | { 0, NULL } |
575 | | }; |
576 | | |
577 | | static const range_string emule_ident_state_rvals[] = { |
578 | | { 0, 0, "nothing is needed" }, |
579 | | { 1, 1, "signature is needed" }, |
580 | | { 2, 255, "public key and signature are needed" }, |
581 | | { 0, 0, NULL } |
582 | | }; |
583 | | |
584 | | /* Dissects a generic eDonkey list */ |
585 | | static int dissect_edonkey_list(tvbuff_t *tvb, packet_info *pinfo, |
586 | | int offset, proto_tree *tree, |
587 | | int listnum_length, const char* listdesc, |
588 | | int (*item_dissector)(tvbuff_t *, packet_info *, int, proto_tree *)) |
589 | 193 | { |
590 | | /* <List> ::= <List Size> <Item>* */ |
591 | 193 | uint32_t listnum, i; |
592 | 193 | proto_tree *subtree; |
593 | 193 | proto_item* ti; |
594 | 193 | proto_item* list_ti; |
595 | 193 | int list_start_offset; |
596 | | |
597 | 193 | list_start_offset = offset; |
598 | | |
599 | 193 | switch (listnum_length) { |
600 | 0 | case -1: |
601 | 87 | case 1: |
602 | 87 | listnum = tvb_get_uint8(tvb, offset); |
603 | 87 | break; |
604 | | |
605 | 0 | case -2: |
606 | 0 | listnum = tvb_get_ntohs(tvb, offset); |
607 | 0 | break; |
608 | | |
609 | 43 | case 2: |
610 | 43 | listnum = tvb_get_letohs(tvb, offset); |
611 | 43 | break; |
612 | | |
613 | 63 | case 4: |
614 | 63 | listnum = tvb_get_letohl(tvb, offset); |
615 | 63 | break; |
616 | | |
617 | 0 | case -4: |
618 | 0 | listnum = tvb_get_ntohl(tvb, offset); |
619 | 0 | break; |
620 | | |
621 | 0 | default: |
622 | | /* Not Supported */ |
623 | 0 | return offset; |
624 | 193 | } |
625 | 192 | if (listnum_length < 0) |
626 | 0 | listnum_length = -listnum_length; |
627 | | |
628 | | /* keep the tree item object, its length will be set at the end of the function */ |
629 | 192 | list_ti = proto_tree_add_uint_format(tree, hf_edonkey_list_size, tvb, offset, listnum_length, listnum, "%s List Size: %u", listdesc, listnum); |
630 | | |
631 | 192 | offset+= listnum_length; |
632 | | |
633 | 1.30k | for (i=0; i<listnum; i++) |
634 | 1.11k | { |
635 | 1.11k | int item_start_offset; |
636 | | |
637 | 1.11k | item_start_offset = offset; |
638 | 1.11k | subtree = proto_tree_add_subtree_format( tree, tvb, item_start_offset, 1, ett_edonkey_listitem, &ti, |
639 | 1.11k | "%s[%u/%u]", listdesc, i+1, listnum); |
640 | | |
641 | | /* dissect one list element */ |
642 | 1.11k | offset = (*item_dissector)(tvb, pinfo, offset, subtree); |
643 | | /* Set the container node length */ |
644 | 1.11k | proto_item_set_len( ti, offset - item_start_offset ); |
645 | 1.11k | } |
646 | | |
647 | | /* Set the container node length */ |
648 | 192 | proto_item_set_len(list_ti, offset - list_start_offset ); |
649 | 192 | return offset; |
650 | 193 | } |
651 | | |
652 | | static int lookup_str_index(char* str, int length, const value_string *vs) |
653 | 17 | { |
654 | 17 | int i = 0; |
655 | | |
656 | 17 | if (str == NULL) return -1; |
657 | | |
658 | 584 | while (vs[i].strptr) { |
659 | 573 | if (g_ascii_strncasecmp(str, vs[i].strptr, length) == 0) |
660 | 6 | return i; |
661 | 567 | i++; |
662 | 567 | } |
663 | | |
664 | 11 | return -1; |
665 | 17 | } |
666 | | |
667 | | static uint8_t edonkey_metatag_name_get_type(tvbuff_t *tvb, packet_info* pinfo, int start, int length, uint8_t special_tagtype) |
668 | 19 | { |
669 | 19 | uint8_t *tag_name; |
670 | | |
671 | 19 | if (try_val_to_str(special_tagtype, edonkey_special_tags) == NULL) { |
672 | 17 | int idx; |
673 | 17 | tag_name = tvb_get_string_enc(pinfo->pool, tvb, start, length, ENC_ASCII|ENC_NA); |
674 | 17 | idx = lookup_str_index(tag_name, length, edonkey_special_tags); |
675 | 17 | if (idx < 0) |
676 | 11 | return EDONKEY_STAG_UNKNOWN; |
677 | 6 | else return edonkey_special_tags[idx].value; |
678 | 17 | } |
679 | 2 | else return special_tagtype; |
680 | | |
681 | 19 | } |
682 | | |
683 | | static proto_item* edonkey_tree_add_metatag_name(proto_tree *tree, tvbuff_t *tvb, |
684 | | int start, int length, uint8_t special_tagtype) |
685 | 771 | { |
686 | 771 | const char *tag_name; |
687 | | |
688 | | /* |
689 | | * XXX - what, in the *protocol*, distinguishes integral from string |
690 | | * tag names? Name length > 1 means "string"? Something else? |
691 | | */ |
692 | 771 | tag_name = try_val_to_str(special_tagtype, edonkey_special_tags); |
693 | 771 | if (tag_name == NULL) { |
694 | 542 | return proto_tree_add_item(tree, hf_edonkey_metatag_name, tvb, start, length, ENC_ASCII); |
695 | 542 | } |
696 | 229 | else { |
697 | 229 | return proto_tree_add_uint_format(tree, hf_edonkey_metatag_id, tvb, start, length, |
698 | 229 | special_tagtype, "Meta Tag Name: %s (0x%02x)", |
699 | 229 | tag_name, special_tagtype); |
700 | 229 | } |
701 | 771 | } |
702 | | |
703 | | static int dissect_kademlia_search_condition_argument_uint64(tvbuff_t *tvb, packet_info *pinfo _U_, |
704 | | int offset, proto_tree *tree) |
705 | 1 | { |
706 | 1 | proto_tree_add_item( tree, hf_kademlia_search_condition_argument_uint64, tvb, offset, 8, ENC_LITTLE_ENDIAN ); |
707 | 1 | return offset + 8; |
708 | 1 | } |
709 | | |
710 | | static int dissect_kademlia_search_condition_argument_uint32(tvbuff_t *tvb, packet_info *pinfo _U_, |
711 | | int offset, proto_tree *tree) |
712 | 2 | { |
713 | 2 | proto_tree_add_item( tree, hf_kademlia_search_condition_argument_uint32, tvb, offset, 4, ENC_LITTLE_ENDIAN ); |
714 | 2 | return offset + 4; |
715 | 2 | } |
716 | | |
717 | | static int dissect_kademlia_search_condition(tvbuff_t *tvb, packet_info *pinfo _U_, |
718 | | int offset, proto_tree *tree ) |
719 | 3 | { |
720 | 3 | proto_item * ti; |
721 | 3 | uint16_t value = tvb_get_uint8(tvb, offset); |
722 | 3 | ti = proto_tree_add_item( tree, hf_kademlia_search_condition, tvb, offset, 1, ENC_BIG_ENDIAN ); |
723 | 3 | proto_item_append_text(ti, " [%s]", val_to_str_const( value, kademlia_search_conds, "Unknown") ); |
724 | | |
725 | 3 | return offset + 1; |
726 | 3 | } |
727 | | |
728 | | /* Dissects the eDonkey meta tag */ |
729 | | static int dissect_edonkey_metatag(tvbuff_t *tvb, packet_info *pinfo, |
730 | | int offset, proto_tree *tree) |
731 | 789 | { |
732 | | /* <Meta Tag> ::= <Tag Type (uint8_t)> <Tag Name> <Tag> */ |
733 | | /* <Tag Name> ::= <Tag Name Size (uint16_t)> <Special Tag> || <String> */ |
734 | | /* <Tag Name> ::= <Special Tag> iff Tag Type had the top bit set */ |
735 | 789 | proto_item *ti; |
736 | 789 | proto_tree *metatag_tree; |
737 | 789 | uint8_t real_tag_type, tag_type, special_tagtype, trans_tagtype; |
738 | 789 | uint16_t tag_name_size, string_length, array_length; |
739 | 789 | uint32_t tag_length, blob_length; |
740 | 789 | int tag_offset; |
741 | | |
742 | 789 | real_tag_type = tag_type = tvb_get_uint8(tvb, offset); |
743 | 789 | if (tag_type & EDONKEY_MTAG_SHORTNAME) { |
744 | 572 | real_tag_type &= ~EDONKEY_MTAG_SHORTNAME; |
745 | 572 | tag_name_size = 1; |
746 | 572 | special_tagtype = tvb_get_uint8(tvb, offset+1); |
747 | 572 | tag_length = 2; |
748 | 572 | } else { |
749 | 217 | tag_name_size = tvb_get_letohs(tvb, offset+1); |
750 | 217 | special_tagtype = tvb_get_uint8(tvb, offset+3); |
751 | 217 | tag_length = 3 + tag_name_size; |
752 | 217 | } |
753 | | |
754 | 789 | tag_offset = offset + tag_length; |
755 | | |
756 | 789 | switch (real_tag_type) |
757 | 789 | { |
758 | 7 | case EDONKEY_MTAG_HASH: |
759 | | /* <Tag> ::= HASH */ |
760 | 7 | tag_length += 16; |
761 | 7 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
762 | 7 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
763 | 7 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
764 | 7 | if (tag_type==real_tag_type) |
765 | 5 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
766 | 7 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
767 | 7 | proto_tree_add_item(metatag_tree, hf_edonkey_hash, tvb, tag_offset, 16, ENC_NA); |
768 | 7 | break; |
769 | | |
770 | 2 | case EDONKEY_MTAG_STRING: |
771 | | /* <Tag> ::= <Length (uint16_t)> <String> */ |
772 | 2 | string_length = tvb_get_letohs(tvb, tag_offset); |
773 | 2 | tag_length += 2+string_length; |
774 | 2 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
775 | 2 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
776 | 2 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
777 | 2 | if (tag_type==real_tag_type) |
778 | 1 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
779 | 2 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
780 | 2 | proto_tree_add_uint(metatag_tree, hf_edonkey_string_length, tvb, tag_offset, 2, string_length); |
781 | 2 | proto_tree_add_item(metatag_tree, hf_edonkey_string, tvb, tag_offset+2, string_length, ENC_ASCII); |
782 | 2 | break; |
783 | | |
784 | 19 | case EDONKEY_MTAG_DWORD: |
785 | | /* <Tag> ::= uint32_t */ |
786 | 19 | tag_length += 4; |
787 | 19 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
788 | 19 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
789 | 19 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
790 | 19 | if (tag_type==real_tag_type) |
791 | 2 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
792 | 19 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
793 | 19 | trans_tagtype = edonkey_metatag_name_get_type(tvb, pinfo, offset+3, tag_name_size, special_tagtype); |
794 | 19 | if (trans_tagtype == EDONKEY_STAG_IP) { |
795 | 1 | proto_tree_add_item(metatag_tree, hf_edonkey_ip, tvb, tag_offset, 4, ENC_BIG_ENDIAN); |
796 | 1 | } |
797 | 18 | else if (trans_tagtype == EMULE_STAG_SERVER_VERSION) { |
798 | 1 | proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_revision, tvb, tag_offset, 4, ENC_LITTLE_ENDIAN); |
799 | 1 | } |
800 | 17 | else { |
801 | 17 | proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 4, ENC_LITTLE_ENDIAN); |
802 | 17 | } |
803 | 19 | break; |
804 | | |
805 | 30 | case EDONKEY_MTAG_FLOAT: |
806 | | /* <Tag> ::= 4 byte float */ |
807 | 30 | tag_length += 4; |
808 | 30 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
809 | 30 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
810 | 30 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
811 | 30 | if (tag_type==real_tag_type) |
812 | 2 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
813 | 30 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
814 | 30 | break; |
815 | | |
816 | 27 | case EDONKEY_MTAG_WORD: |
817 | | /* <Tag> ::= uint16_t */ |
818 | 27 | tag_length += 2; |
819 | 27 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
820 | 27 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
821 | 27 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
822 | 27 | if (tag_type==real_tag_type) |
823 | 3 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
824 | 27 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
825 | | |
826 | 27 | proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN); |
827 | 27 | break; |
828 | | |
829 | 8 | case EDONKEY_MTAG_BYTE: |
830 | | /* <Tag> ::= uint8_t */ |
831 | 8 | tag_length += 1; |
832 | 8 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
833 | 8 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
834 | 8 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
835 | 8 | if (tag_type==real_tag_type) |
836 | 3 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
837 | 8 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
838 | 8 | proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 1, ENC_LITTLE_ENDIAN); |
839 | 8 | break; |
840 | | |
841 | 15 | case EDONKEY_MTAG_BOOL: |
842 | | /* <Tag> ::= <Bool (uint8_t)> */ |
843 | 15 | tag_length += 1; |
844 | 15 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
845 | 15 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
846 | 15 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
847 | 15 | if (tag_type==real_tag_type) |
848 | 1 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
849 | 15 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
850 | 15 | proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 1, ENC_LITTLE_ENDIAN); |
851 | 15 | break; |
852 | | |
853 | 6 | case EDONKEY_MTAG_BOOL_ARRAY: |
854 | | /* <Tag> ::= <Length (uint16_t)> <BoolArray> */ |
855 | 6 | array_length = tvb_get_letohs(tvb, tag_offset); |
856 | | /* |
857 | | * This is allegedly what the protocol uses, rather than the |
858 | | * correct value of (array_length+7)/8 |
859 | | * Therefore an extra unused byte is transmitted if the array |
860 | | * is a multiple of 8 longs. |
861 | | */ |
862 | 6 | tag_length += 2+(array_length/8)+1; |
863 | 6 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
864 | 6 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
865 | 6 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
866 | 6 | if (tag_type==real_tag_type) |
867 | 4 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
868 | 6 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
869 | 6 | proto_tree_add_item(metatag_tree, hf_edonkey_boolean_array_length, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN); |
870 | 6 | break; |
871 | | |
872 | 3 | case EDONKEY_MTAG_BLOB: |
873 | | /* <Tag> ::= <Length (uint32_t)> <BLOB> */ |
874 | 3 | blob_length = tvb_get_letohl(tvb, tag_offset); |
875 | 3 | tag_length += 4+blob_length; |
876 | 3 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
877 | 3 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
878 | 3 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
879 | 3 | if (tag_type==real_tag_type) |
880 | 1 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
881 | 3 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
882 | 3 | proto_tree_add_item(metatag_tree, hf_edonkey_blob_length, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN); |
883 | 3 | break; |
884 | | |
885 | 0 | case EDONKEY_MTAG_BSOB: |
886 | | /* This is possibly a Binary Small OBject, like a BLOB but with an 8 or 16-bit length field */ |
887 | | /* That's a complete guess though, so don't handle it yet. */ |
888 | 145 | case EDONKEY_MTAG_UNKNOWN: |
889 | 656 | default: |
890 | 656 | if (real_tag_type>=EDONKEY_MTAG_STR1 && real_tag_type<=EDONKEY_MTAG_STR16) { |
891 | | /* <Tag> ::= <String> */ |
892 | 83 | string_length = real_tag_type-EDONKEY_MTAG_STR1+1; |
893 | 83 | tag_length += string_length; |
894 | 83 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
895 | 83 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
896 | 83 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type); |
897 | 83 | if (real_tag_type==tag_type) |
898 | 8 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
899 | 83 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
900 | 83 | proto_tree_add_item(metatag_tree, hf_edonkey_string, tvb, tag_offset, string_length, ENC_ASCII); |
901 | | |
902 | 573 | } else { |
903 | | /* Unknown tag type - actual tag length is also unknown */ |
904 | 573 | ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA); |
905 | 573 | metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag); |
906 | 573 | proto_tree_add_uint_format(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type, "Unknown Meta Tag Type (0x%02x)", tag_type); |
907 | 573 | if (real_tag_type==tag_type) |
908 | 169 | proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size); |
909 | 573 | edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype); |
910 | 573 | } |
911 | 656 | break; |
912 | | |
913 | 789 | } |
914 | | |
915 | 728 | return offset + tag_length; |
916 | 789 | } |
917 | | |
918 | | /* Dissects the eDonkey address */ |
919 | | static int dissect_edonkey_address(tvbuff_t *tvb, packet_info *pinfo _U_, |
920 | | int offset, proto_tree *tree) |
921 | 127 | { |
922 | | /* <Address> ::= <IP> <Port> */ |
923 | | /* uint32_t ip = tvb_get_letohl(tvb, offset); |
924 | | proto_tree_add_ipv4(tree, hf_edonkey_ip, tvb, offset, 4, ip); */ |
925 | 127 | proto_tree_add_item(tree, hf_edonkey_ip, tvb, offset, 4, ENC_BIG_ENDIAN); |
926 | 127 | proto_tree_add_item(tree, hf_edonkey_port, tvb, offset+4, 2, ENC_LITTLE_ENDIAN); |
927 | 127 | return offset+6; |
928 | 127 | } |
929 | | |
930 | | |
931 | | static int dissect_kademlia_udp_port(tvbuff_t *tvb, packet_info *pinfo _U_, |
932 | | int offset, proto_tree *tree) |
933 | 73 | { |
934 | 73 | proto_tree_add_item(tree, hf_kademlia_udp_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
935 | 73 | return offset +2; |
936 | 73 | } |
937 | | |
938 | | static int dissect_kademlia_tcp_port(tvbuff_t *tvb, packet_info *pinfo _U_, |
939 | | int offset, proto_tree *tree) |
940 | 80 | { |
941 | 80 | proto_tree_add_item(tree, hf_kademlia_tcp_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
942 | 80 | return offset +2; |
943 | 80 | } |
944 | | |
945 | | |
946 | | static int dissect_kademlia_ip_address(tvbuff_t *tvb, packet_info *pinfo _U_, |
947 | | int offset, proto_tree *tree) |
948 | 74 | { |
949 | 74 | proto_tree_add_item(tree, hf_kademlia_ip, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
950 | 74 | return offset + 4; |
951 | 74 | } |
952 | | |
953 | | |
954 | | static int dissect_kademlia_address(tvbuff_t *tvb, packet_info *pinfo, |
955 | | int offset, proto_tree *tree) |
956 | 74 | { |
957 | | /* <Address> ::= <IP> <Port> <Tcp Port>*/ |
958 | 74 | offset = dissect_kademlia_ip_address( tvb, pinfo, offset, tree ); |
959 | | |
960 | 74 | offset = dissect_kademlia_udp_port( tvb, pinfo, offset, tree ); |
961 | | |
962 | 74 | offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree ); |
963 | | |
964 | 74 | return offset; |
965 | 74 | } |
966 | | |
967 | | static int dissect_kademlia_tagname(tvbuff_t *tvb, packet_info *pinfo, |
968 | | int offset, proto_tree *tree, const char** outputTagName, const char** outputExtendedTagName) |
969 | 38 | { |
970 | | /* <String> ::= <String length (uint16_t)> DATA */ |
971 | 38 | const char * tagname; |
972 | 38 | const char * tag_full_name = NULL; |
973 | 38 | uint8_t tagname_value; |
974 | 38 | proto_item *ti, *hidden_item; |
975 | | |
976 | 38 | uint16_t string_length = tvb_get_letohs(tvb, offset); |
977 | | |
978 | 38 | proto_tree_add_uint(tree, hf_kademlia_tag_name_length, tvb, offset, 2, string_length); |
979 | | |
980 | 38 | hidden_item = proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length); |
981 | 38 | proto_item_set_hidden(hidden_item); |
982 | | |
983 | 38 | tagname = tvb_get_string_enc(pinfo->pool, tvb, offset + 2, string_length, ENC_ASCII|ENC_NA); |
984 | | |
985 | 38 | tag_full_name = "UnknownTagName"; |
986 | | |
987 | 38 | if ( tagname && string_length == 1 ) { |
988 | 3 | tagname_value = *(const uint8_t*)tagname; |
989 | | /* lookup tagname */ |
990 | 3 | tag_full_name = val_to_str_const( tagname_value, kademlia_tags, tag_full_name ); |
991 | 3 | } |
992 | | |
993 | 38 | ti = proto_tree_add_item(tree, hf_kademlia_tag_name, tvb, offset + 2, string_length, ENC_BIG_ENDIAN); |
994 | 38 | proto_item_append_text(ti, " [%s]", tag_full_name); |
995 | | |
996 | 38 | if (outputTagName) |
997 | 8 | *outputTagName = tagname; |
998 | | |
999 | 38 | if (outputExtendedTagName) |
1000 | 8 | *outputExtendedTagName = tag_full_name; |
1001 | | |
1002 | 38 | return offset+2+string_length; |
1003 | 38 | } |
1004 | | |
1005 | | static int dissect_kademlia_string(tvbuff_t *tvb, packet_info *pinfo _U_, |
1006 | | int offset, proto_tree *tree) |
1007 | 11 | { |
1008 | | /* <String> ::= <String length (uint16_t)> DATA */ |
1009 | 11 | uint16_t string_length = tvb_get_letohs(tvb, offset); |
1010 | | |
1011 | 11 | proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length); |
1012 | | |
1013 | | /* TODO: ASCII or UTF-8? */ |
1014 | 11 | proto_tree_add_item(tree, hf_edonkey_kademlia_string, tvb, offset+2, string_length, ENC_ASCII); |
1015 | | |
1016 | 11 | return offset+2+string_length; |
1017 | 11 | } |
1018 | | |
1019 | | /* Dissects the eDonkey address list */ |
1020 | | static int dissect_edonkey_address_list(tvbuff_t *tvb, packet_info *pinfo, |
1021 | | int offset, proto_tree *tree) |
1022 | 4 | { |
1023 | | /* <Address List> ::= <List Size (uint8_t)> <Address>* */ |
1024 | 4 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Address", dissect_edonkey_address); |
1025 | 4 | } |
1026 | | |
1027 | | /* Dissects the eDonkey hash */ |
1028 | | static int dissect_edonkey_hash(tvbuff_t *tvb, packet_info *pinfo _U_, |
1029 | | int offset, proto_tree *tree) |
1030 | 194 | { |
1031 | | /* <hash> ::= HASH (16 word MD4 digest) */ |
1032 | 194 | proto_tree_add_item(tree, hf_edonkey_hash, tvb, offset, 16, ENC_NA); |
1033 | 194 | return offset+16; |
1034 | 194 | } |
1035 | | |
1036 | | /* Dissects the eDonkey file hash */ |
1037 | | static int dissect_edonkey_file_hash(tvbuff_t *tvb, packet_info *pinfo _U_, |
1038 | | int offset, proto_tree *tree) |
1039 | 4 | { |
1040 | | /* <File hash> ::= HASH (16 word MD4 digest) */ |
1041 | 4 | proto_tree_add_item(tree, hf_edonkey_file_hash, tvb, offset, 16, ENC_NA); |
1042 | 4 | return offset+16; |
1043 | 4 | } |
1044 | | |
1045 | | /* Dissects the eMule public key */ |
1046 | | static int dissect_edonkey_public_key(tvbuff_t *tvb, packet_info *pinfo _U_, |
1047 | | int offset, proto_tree *tree) |
1048 | 0 | { |
1049 | 0 | uint8_t length = tvb_get_uint8(tvb, offset); |
1050 | 0 | proto_tree_add_item(tree, hf_emule_public_key_length, tvb, offset, 1, ENC_NA); |
1051 | 0 | offset++; |
1052 | 0 | proto_tree_add_item(tree, hf_emule_public_key, tvb, offset, length, ENC_NA); |
1053 | 0 | return offset + length; |
1054 | 0 | } |
1055 | | |
1056 | | /* Dissects the eMule signature */ |
1057 | | static int dissect_edonkey_signature(tvbuff_t *tvb, packet_info *pinfo _U_, |
1058 | | int offset, proto_tree *tree) |
1059 | 0 | { |
1060 | 0 | uint8_t length = tvb_get_uint8(tvb, offset); |
1061 | 0 | proto_tree_add_item(tree, hf_emule_signature_length, tvb, offset, 1, ENC_NA); |
1062 | 0 | offset++; |
1063 | 0 | proto_tree_add_item(tree, hf_emule_signature, tvb, offset, length, ENC_NA); |
1064 | 0 | return offset + length; |
1065 | 0 | } |
1066 | | |
1067 | 544 | static const char *kademlia_hash(wmem_allocator_t *scope, tvbuff_t *tvb, int offset) { |
1068 | 544 | uint32_t hash[4]; |
1069 | 544 | int i; |
1070 | | |
1071 | 2.69k | for (i = 0; i < 4; i++) |
1072 | 2.14k | hash[i] = tvb_get_letohl(tvb, offset + i*4); |
1073 | | |
1074 | 544 | return wmem_strdup_printf(scope, |
1075 | 544 | "%08X%08X%08X%08X", hash[0], hash[1], hash[2], hash[3]); |
1076 | 544 | } |
1077 | | |
1078 | | static int dissect_kademlia_hash_hidden(tvbuff_t *tvb, packet_info *pinfo, |
1079 | 262 | int offset, proto_tree *tree) { |
1080 | 262 | proto_item *hidden_item; |
1081 | 262 | const char *hash; |
1082 | | |
1083 | 262 | hash = kademlia_hash(pinfo->pool, tvb, offset); |
1084 | | |
1085 | | /* <File hash> ::= HASH (16 word MD4 digest) */ |
1086 | 262 | hidden_item = proto_tree_add_string(tree, hf_kademlia_hash, tvb, offset, 16, hash); |
1087 | 262 | proto_item_set_hidden(hidden_item); |
1088 | | |
1089 | 262 | return offset+16; |
1090 | 262 | } |
1091 | | |
1092 | | /* Dissects the Kademlia hash*/ |
1093 | | static int dissect_kademlia_hash(tvbuff_t *tvb, packet_info *pinfo, |
1094 | 278 | int offset, proto_tree *tree, int *value_ptr) { |
1095 | 278 | const char *hash; |
1096 | | |
1097 | 278 | hash = kademlia_hash(pinfo->pool, tvb, offset); |
1098 | | |
1099 | | /* <File hash> ::= HASH (16 word MD4 digest) */ |
1100 | 278 | proto_tree_add_string(tree, *value_ptr, tvb, offset, 16, hash); |
1101 | | |
1102 | 278 | return dissect_kademlia_hash_hidden(tvb, pinfo, offset, tree); |
1103 | 278 | } |
1104 | | |
1105 | | static int dissect_kademlia_tag_hash_hidden(tvbuff_t *tvb, packet_info *pinfo, |
1106 | 2 | int offset, proto_tree *tree) { |
1107 | 2 | proto_item *hidden_item; |
1108 | 2 | const char *hash; |
1109 | | |
1110 | 2 | hash = kademlia_hash(pinfo->pool, tvb, offset); |
1111 | | |
1112 | | /* <File hash> ::= HASH (16 word MD4 digest) */ |
1113 | 2 | hidden_item = proto_tree_add_string(tree, hf_kademlia_tag_hash, tvb, offset, 16, hash); |
1114 | 2 | proto_item_set_hidden(hidden_item); |
1115 | | |
1116 | 2 | return offset+16; |
1117 | 2 | } |
1118 | | |
1119 | | static int dissect_kademlia_tag_hash(tvbuff_t *tvb, packet_info *pinfo, |
1120 | 2 | int offset, proto_tree *tree) { |
1121 | 2 | const char *hash; |
1122 | | |
1123 | 2 | hash = kademlia_hash(pinfo->pool, tvb, offset); |
1124 | | |
1125 | | /* <File hash> ::= HASH (16 word MD4 digest) */ |
1126 | 2 | proto_tree_add_string(tree, hf_kademlia_hash, tvb, offset, 16, hash); |
1127 | 2 | return dissect_kademlia_tag_hash_hidden( tvb, pinfo, offset, tree ); |
1128 | 2 | } |
1129 | | |
1130 | | static int dissect_kademlia_tag_bsob(tvbuff_t *tvb, packet_info *pinfo, |
1131 | | int offset, proto_tree *tree, const char** string_value ) |
1132 | 0 | { |
1133 | 0 | uint16_t bsob_length; |
1134 | |
|
1135 | 0 | bsob_length = tvb_get_uint8(tvb, offset); |
1136 | 0 | *string_value = tvb_bytes_to_str(pinfo->pool, tvb, offset + 1, bsob_length ); |
1137 | |
|
1138 | 0 | proto_tree_add_item(tree, hf_kademlia_tag_bsob, tvb, offset + 1, bsob_length, ENC_NA); |
1139 | 0 | return offset + 1 + bsob_length; |
1140 | 0 | } |
1141 | | |
1142 | | |
1143 | | static int dissect_kademlia_tag_string(tvbuff_t *tvb, packet_info *pinfo, |
1144 | | int offset, proto_tree *tree, const uint8_t** string_value) |
1145 | 0 | { |
1146 | 0 | proto_item *hidden_item; |
1147 | 0 | uint16_t string_length = tvb_get_letohs(tvb, offset); |
1148 | |
|
1149 | 0 | hidden_item = proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length); |
1150 | 0 | proto_item_set_hidden(hidden_item); |
1151 | 0 | hidden_item = proto_tree_add_item_ret_string(tree, hf_edonkey_string, tvb, offset + 2, string_length, ENC_ASCII|ENC_NA, pinfo->pool, string_value); |
1152 | 0 | proto_item_set_hidden(hidden_item); |
1153 | |
|
1154 | 0 | proto_tree_add_item(tree, hf_kademlia_tag_string, tvb, offset + 2, string_length, ENC_ASCII); |
1155 | 0 | return offset + 2 + string_length; |
1156 | 0 | } |
1157 | | |
1158 | | /* Dissects the eDonkey hash list */ |
1159 | | static int dissect_edonkey_hash_list(tvbuff_t *tvb, packet_info *pinfo, |
1160 | | int offset, proto_tree *tree) |
1161 | 0 | { |
1162 | | /* <Hash List> ::= <File Hash> <List Size (uint16_t)> <Hash>* */ |
1163 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1164 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Hash", dissect_edonkey_hash); |
1165 | 0 | } |
1166 | | |
1167 | | /* Dissects the eDonkey meta tag list */ |
1168 | | static int dissect_edonkey_metatag_list(tvbuff_t *tvb, packet_info *pinfo, |
1169 | | int offset, proto_tree *tree) |
1170 | 63 | { |
1171 | | /* <Meta Tag List> ::= <List Size (uint32_t)> <Meta tag>* */ |
1172 | 63 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Meta Tag", dissect_edonkey_metatag); |
1173 | 63 | } |
1174 | | |
1175 | | /* Dissects the eDonkey String */ |
1176 | | static int dissect_edonkey_string(tvbuff_t *tvb, packet_info *pinfo _U_, |
1177 | | int offset, proto_tree *tree) |
1178 | 3 | { |
1179 | | /* <String> ::= <String length (uint16_t)> DATA */ |
1180 | 3 | uint16_t string_length = tvb_get_letohs(tvb, offset); |
1181 | 3 | proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length); |
1182 | 3 | proto_tree_add_item(tree, hf_edonkey_string, tvb, offset+2, string_length, ENC_ASCII); |
1183 | 3 | return offset+2+string_length; |
1184 | 3 | } |
1185 | | |
1186 | | /* Dissects the eDonkey Directory */ |
1187 | | static int dissect_edonkey_directory(tvbuff_t *tvb, packet_info *pinfo _U_, |
1188 | | int offset, proto_tree *tree) |
1189 | 0 | { |
1190 | | /* <Directory> ::= <String> */ |
1191 | 0 | uint16_t string_length = tvb_get_letohs(tvb, offset); |
1192 | 0 | proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length); |
1193 | 0 | proto_tree_add_item(tree, hf_edonkey_directory, tvb, offset+2, string_length, ENC_ASCII); |
1194 | 0 | return offset+2+string_length; |
1195 | 0 | } |
1196 | | |
1197 | | /* Dissects the eDonkey Filename */ |
1198 | | static int dissect_edonkey_file_name(tvbuff_t *tvb, packet_info *pinfo, |
1199 | | int offset, proto_tree *tree) |
1200 | 0 | { |
1201 | | /* <Filename> ::= <String> */ |
1202 | 0 | return dissect_edonkey_string(tvb, pinfo, offset, tree); |
1203 | 0 | } |
1204 | | |
1205 | | /* Dissects the eDonkey File Status */ |
1206 | | static int dissect_edonkey_file_status(tvbuff_t *tvb, packet_info *pinfo _U_, |
1207 | | int offset, proto_tree *tree) |
1208 | 0 | { |
1209 | 0 | uint16_t partcount, arrlen; |
1210 | | |
1211 | | /* <File Status> ::= <Part Count> <Part Status> */ |
1212 | 0 | partcount = tvb_get_letohs(tvb, offset); |
1213 | 0 | arrlen = (partcount+7)/8; |
1214 | |
|
1215 | 0 | proto_tree_add_uint(tree, hf_edonkey_part_count, tvb, offset, 2, partcount); |
1216 | 0 | if (partcount>0) { |
1217 | 0 | proto_tree_add_item(tree, hf_edonkey_file_status, tvb, offset+2, arrlen, ENC_NA); |
1218 | 0 | } |
1219 | 0 | return offset+2+arrlen; |
1220 | 0 | } |
1221 | | |
1222 | | |
1223 | | /* Dissects the eDonkey directory list */ |
1224 | | static int dissect_edonkey_directory_list(tvbuff_t *tvb, packet_info *pinfo, |
1225 | | int offset, proto_tree *tree) |
1226 | 0 | { |
1227 | | /* <Directory List> ::= <List Size (uint32_t)> <Directory>* */ |
1228 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Directory", dissect_edonkey_directory); |
1229 | 0 | } |
1230 | | |
1231 | | /* Dissects the eDonkey server hash */ |
1232 | | static int dissect_edonkey_server_hash(tvbuff_t *tvb, packet_info *pinfo _U_, |
1233 | | int offset, proto_tree *tree) |
1234 | 0 | { |
1235 | | /* <Server hash> ::= HASH (16 word MD4 digest) */ |
1236 | 0 | proto_tree_add_item(tree, hf_edonkey_server_hash, tvb, offset, 16, ENC_NA); |
1237 | 0 | return offset+16; |
1238 | 0 | } |
1239 | | |
1240 | | /* Dissects the eDonkey client hash */ |
1241 | | static int dissect_edonkey_client_hash(tvbuff_t *tvb, packet_info *pinfo _U_, |
1242 | | int offset, proto_tree *tree) |
1243 | 2 | { |
1244 | | /* <Client hash> ::= HASH (16 word MD4 digest) */ |
1245 | 2 | proto_tree_add_item(tree, hf_edonkey_client_hash, tvb, offset, 16, ENC_NA); |
1246 | 2 | return offset+16; |
1247 | 2 | } |
1248 | | |
1249 | | /* Dissects the eMule sourceOBFU */ |
1250 | | static int dissect_emule_sourceOBFU(tvbuff_t *tvb, packet_info *pinfo, |
1251 | | int offset, proto_tree *tree) |
1252 | 0 | { |
1253 | |
|
1254 | 0 | proto_item *ti; |
1255 | 0 | proto_tree *sourceOBFU_tree; |
1256 | 0 | uint8_t settings = tvb_get_uint8(tvb, offset+6); |
1257 | | /* Add subtree for client info */ |
1258 | 0 | ti = proto_tree_add_item(tree, hf_emule_sourceOBFU, tvb, offset, 7 + ((settings & 0x80) ? 16 : 0), ENC_NA); |
1259 | 0 | sourceOBFU_tree = proto_item_add_subtree(ti, ett_emule_sourceOBFU); |
1260 | |
|
1261 | 0 | proto_tree_add_item(sourceOBFU_tree, hf_edonkey_ip, tvb, offset, 4, ENC_BIG_ENDIAN); |
1262 | 0 | proto_tree_add_item(sourceOBFU_tree, hf_edonkey_port, tvb, offset+4, 2, ENC_LITTLE_ENDIAN); |
1263 | 0 | proto_tree_add_item(sourceOBFU_tree, hf_edonkey_obfuscation_settings, tvb, offset+6, 1, ENC_NA); |
1264 | 0 | offset += 7; |
1265 | 0 | if (settings & 0x80) |
1266 | 0 | offset = dissect_edonkey_client_hash(tvb, pinfo, offset, sourceOBFU_tree); |
1267 | 0 | return offset; |
1268 | 0 | } |
1269 | | |
1270 | | |
1271 | | /* Dissects the eMule sourceOBFU list */ |
1272 | | static int dissect_emule_sourceOBFU_list(tvbuff_t *tvb, packet_info *pinfo, |
1273 | | int offset, proto_tree *tree) |
1274 | 0 | { |
1275 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Sources Obfuscation", dissect_emule_sourceOBFU); |
1276 | 0 | } |
1277 | | |
1278 | | |
1279 | | /* Dissects the eDonkey client ID */ |
1280 | | static int dissect_edonkey_client_id(tvbuff_t *tvb, packet_info *pinfo _U_, |
1281 | | int offset, proto_tree *tree, bool fileinfo) |
1282 | 0 | { |
1283 | 0 | proto_item *ti; |
1284 | | /* <Client ID> ::= uint32_t */ |
1285 | | /* uint32_t ip = tvb_get_letohl(tvb, offset); |
1286 | | proto_tree_add_ipv4(tree, hf_edonkey_client_id, tvb, offset, 4, ip); */ |
1287 | 0 | ti = proto_tree_add_item(tree, hf_edonkey_client_id, tvb, offset, 4, ENC_BIG_ENDIAN); |
1288 | 0 | if (fileinfo) { |
1289 | 0 | uint32_t ip = tvb_get_letohl(tvb, offset); |
1290 | 0 | uint16_t port = tvb_get_letohs(tvb, offset+4); |
1291 | 0 | if (ip==0xfcfcfcfc && port==0xfcfc) { |
1292 | 0 | proto_item_append_text(ti, " (myself, incomplete file)"); |
1293 | 0 | } else if (ip==0xfbfbfbfb && port==0xfbfb) { |
1294 | 0 | proto_item_append_text(ti, " (myself, complete file)"); |
1295 | 0 | } |
1296 | 0 | } |
1297 | 0 | return offset+4; |
1298 | 0 | } |
1299 | | |
1300 | | /* Dissects the eDonkey port */ |
1301 | | static int dissect_edonkey_port(tvbuff_t *tvb, packet_info *pinfo _U_, |
1302 | | int offset, proto_tree *tree) |
1303 | 0 | { |
1304 | | /* <Port> ::= uint16_t */ |
1305 | 0 | proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
1306 | 0 | return offset+2; |
1307 | 0 | } |
1308 | | |
1309 | | /* Dissects the eDonkey start offset */ |
1310 | | static int dissect_edonkey_start_offset(tvbuff_t *tvb, packet_info *pinfo _U_, |
1311 | | int offset, proto_tree *tree) |
1312 | 0 | { |
1313 | | /* <Start Offset> ::= uint32_t */ |
1314 | 0 | proto_tree_add_item(tree, hf_edonkey_start_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1315 | 0 | return offset+4; |
1316 | 0 | } |
1317 | | |
1318 | | static int dissect_edonkey_start_offset_64(tvbuff_t *tvb, packet_info *pinfo _U_, |
1319 | | int offset, proto_tree *tree) |
1320 | 0 | { |
1321 | | /* <Start Offset> ::= uint64_t */ |
1322 | 0 | proto_tree_add_item(tree, hf_edonkey_start_offset_64, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
1323 | 0 | return offset+8; |
1324 | 0 | } |
1325 | | |
1326 | | /* Dissects the eDonkey end offset */ |
1327 | | static int dissect_edonkey_end_offset(tvbuff_t *tvb, packet_info *pinfo _U_, |
1328 | | int offset, proto_tree *tree) |
1329 | 0 | { |
1330 | | /* <End Offset> ::= uint32_t */ |
1331 | 0 | proto_tree_add_item(tree, hf_edonkey_end_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1332 | 0 | return offset+4; |
1333 | 0 | } |
1334 | | |
1335 | | static int dissect_edonkey_end_offset_64(tvbuff_t *tvb, packet_info *pinfo _U_, |
1336 | | int offset, proto_tree *tree) |
1337 | 0 | { |
1338 | | /* <End Offset> ::= uint64_t */ |
1339 | 0 | proto_tree_add_item(tree, hf_edonkey_end_offset_64, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
1340 | 0 | return offset+8; |
1341 | 0 | } |
1342 | | |
1343 | | /* Dissects the eDonkey client info */ |
1344 | | static int dissect_edonkey_client_info(tvbuff_t *tvb, packet_info *pinfo, |
1345 | | int offset, proto_tree *tree) |
1346 | 0 | { |
1347 | | /* <Client info> ::= <Client hash> <Client ID> <Port> <Meta tag list> */ |
1348 | 0 | proto_item *ti; |
1349 | 0 | proto_tree *clientinfo_tree; |
1350 | | /* Add subtree for client info */ |
1351 | 0 | ti = proto_tree_add_item(tree, hf_edonkey_clientinfo, tvb, offset, 0, ENC_NA); |
1352 | 0 | clientinfo_tree = proto_item_add_subtree(ti, ett_edonkey_clientinfo); |
1353 | 0 | offset = dissect_edonkey_client_hash(tvb, pinfo, offset, clientinfo_tree); |
1354 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, clientinfo_tree, false); |
1355 | 0 | offset = dissect_edonkey_port(tvb, pinfo, offset, clientinfo_tree); |
1356 | 0 | offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, clientinfo_tree); |
1357 | 0 | return offset; |
1358 | 0 | } |
1359 | | |
1360 | | /* Dissects the eDonkey client info list */ |
1361 | | static int dissect_edonkey_client_info_list(tvbuff_t *tvb, packet_info *pinfo, |
1362 | | int offset, proto_tree *tree) |
1363 | 0 | { |
1364 | | /* <Client Info List> ::= <List Size (uint32_t)> <Client Info>* */ |
1365 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Client Info", dissect_edonkey_client_info); |
1366 | 0 | } |
1367 | | |
1368 | | /* Dissects the eDonkey server info */ |
1369 | | static int dissect_edonkey_server_info(tvbuff_t *tvb, packet_info *pinfo, |
1370 | | int offset, proto_tree *tree) |
1371 | 0 | { |
1372 | | /* <Server info> ::= <Server hash> <Server Address> <Meta tag list> */ |
1373 | 0 | proto_item *ti; |
1374 | 0 | proto_tree *serverinfo_tree; |
1375 | | /* Add subtree for server info */ |
1376 | 0 | ti = proto_tree_add_item(tree, hf_edonkey_serverinfo, tvb, offset, 0, ENC_NA); |
1377 | 0 | serverinfo_tree = proto_item_add_subtree(ti, ett_edonkey_serverinfo); |
1378 | 0 | offset = dissect_edonkey_server_hash(tvb, pinfo, offset, serverinfo_tree); |
1379 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, serverinfo_tree); |
1380 | 0 | offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, serverinfo_tree); |
1381 | 0 | return offset; |
1382 | 0 | } |
1383 | | |
1384 | | /* Dissects the eDonkey file info */ |
1385 | | static int dissect_edonkey_file_info(tvbuff_t *tvb, packet_info *pinfo, |
1386 | | int offset, proto_tree *tree) |
1387 | 0 | { |
1388 | | /* <File info> ::= <File hash> <Client ID> <Port> <Meta tag list> */ |
1389 | 0 | proto_item *ti; |
1390 | 0 | proto_tree *fileinfo_tree; |
1391 | 0 | int startoff; |
1392 | | /* Add subtree for file info */ |
1393 | 0 | ti = proto_tree_add_item(tree, hf_edonkey_fileinfo, tvb, offset, 0, ENC_NA); |
1394 | 0 | startoff = offset; |
1395 | 0 | fileinfo_tree = proto_item_add_subtree(ti, ett_edonkey_fileinfo); |
1396 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, fileinfo_tree); |
1397 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, fileinfo_tree, true); |
1398 | 0 | offset = dissect_edonkey_port(tvb, pinfo, offset, fileinfo_tree); |
1399 | 0 | offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, fileinfo_tree); |
1400 | 0 | proto_item_set_len(ti, offset-startoff); |
1401 | 0 | return offset; |
1402 | 0 | } |
1403 | | |
1404 | | /* Dissects the eDonkey file info list */ |
1405 | | static int dissect_edonkey_file_info_list(tvbuff_t *tvb, packet_info *pinfo, |
1406 | | int offset, proto_tree *tree) |
1407 | 0 | { |
1408 | | /* <File Info List> ::= <List Size (uint32_t)> <File Info>* */ |
1409 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "File Info", dissect_edonkey_file_info); |
1410 | 0 | } |
1411 | | |
1412 | | |
1413 | | /* Dissects the eMule address list */ |
1414 | | static int dissect_emule_address_list(tvbuff_t *tvb, packet_info *pinfo, |
1415 | | int offset, proto_tree *tree) |
1416 | 0 | { |
1417 | | /* <Address List> ::= <List Size (uint16_t)> <Address>* */ |
1418 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Address", dissect_edonkey_address); |
1419 | 0 | } |
1420 | | |
1421 | | static int dissect_emule_aich_root_hash(tvbuff_t *tvb, packet_info *pinfo _U_, |
1422 | | int offset, proto_tree *tree) |
1423 | 0 | { |
1424 | | /* <AICH Root Hash> ::= HASH (20 byte SHA1 digest) */ |
1425 | 0 | proto_tree_add_item(tree, hf_emule_aich_root_hash, tvb, offset, 20, ENC_NA); |
1426 | 0 | return offset + 20; |
1427 | 0 | } |
1428 | | |
1429 | | static int dissect_emule_aich_hash_list_entry(tvbuff_t *tvb, packet_info *pinfo _U_, |
1430 | | int offset, proto_tree *tree) |
1431 | 0 | { |
1432 | 0 | uint16_t hashid; |
1433 | 0 | proto_item *ti; |
1434 | 0 | proto_tree *aichhash_tree; |
1435 | | /* <AICH Hash List Entry> ::= <AICH Hash ID> <AICH Hash> */ |
1436 | 0 | ti = proto_tree_add_item(tree, hf_emule_aich_hash_entry, tvb, offset, 22, ENC_NA); |
1437 | 0 | aichhash_tree = proto_item_add_subtree(ti, ett_emule_aichhash); |
1438 | |
|
1439 | 0 | hashid = tvb_get_letohs(tvb, offset); |
1440 | 0 | proto_tree_add_uint(aichhash_tree, hf_emule_aich_hash_id, tvb, offset, 2, hashid); |
1441 | 0 | proto_tree_add_item(aichhash_tree, hf_emule_aich_hash, tvb, offset+2, 20, ENC_NA); |
1442 | 0 | return offset + 22; |
1443 | 0 | } |
1444 | | |
1445 | | static int dissect_emule_aich_hash_list(tvbuff_t *tvb, packet_info *pinfo, |
1446 | | int offset, proto_tree *tree) |
1447 | 0 | { |
1448 | | /* <AICH Hash List> ::= <List Size (uint16_t)> < <AICH Hash ID> <AICH Hash> >* */ |
1449 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "AICH Hash", dissect_emule_aich_hash_list_entry); |
1450 | 0 | } |
1451 | | |
1452 | | static int dissect_emule_multipacket(tvbuff_t *tvb, packet_info *pinfo, |
1453 | | int offset, int eoffset, proto_tree *tree, int isext) |
1454 | 0 | { |
1455 | 0 | uint8_t opcode, nextop; |
1456 | 0 | uint16_t namelen, partcount, arrlen, oplen; |
1457 | 0 | uint32_t sourcecount; |
1458 | 0 | proto_item *ti; |
1459 | 0 | proto_tree *mp_tree; |
1460 | | |
1461 | | /* <MultiPacket> ::= <File Hash> <Opcodes>* */ |
1462 | | /* <MultiPacketExt> ::= <File Hash> <FileLength> <Opcodes>* */ |
1463 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1464 | |
|
1465 | 0 | if (isext) { |
1466 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_file_length, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
1467 | 0 | offset += 8; |
1468 | 0 | } |
1469 | |
|
1470 | 0 | while (offset<eoffset) { |
1471 | 0 | opcode = tvb_get_uint8(tvb, offset); |
1472 | |
|
1473 | 0 | switch (opcode) { |
1474 | 0 | case EDONKEY_MSG_FILE_STATUS_REQUEST: |
1475 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA); |
1476 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1477 | |
|
1478 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1479 | 0 | opcode, "File Status Request (0x%02x)", opcode); |
1480 | 0 | offset += 1; |
1481 | 0 | break; |
1482 | 0 | case EDONKEY_MSG_FILE_REQUEST: |
1483 | 0 | partcount = 443; /* Invalid */ |
1484 | 0 | sourcecount = 65536; /* Out of range */ |
1485 | 0 | arrlen = 0; |
1486 | 0 | oplen = 1; |
1487 | |
|
1488 | 0 | if (offset+2<eoffset) { |
1489 | 0 | nextop = tvb_get_uint8(tvb, offset+1); |
1490 | 0 | if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST && |
1491 | 0 | nextop!=EMULE_MSG_SOURCES_REQUEST && |
1492 | 0 | nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) { |
1493 | |
|
1494 | 0 | partcount = tvb_get_letohs(tvb, offset+1); |
1495 | 0 | if (partcount<=442) { |
1496 | 0 | arrlen = (partcount+7)/8; |
1497 | 0 | oplen += 2+arrlen; |
1498 | |
|
1499 | 0 | if (offset+2+arrlen+2<eoffset) { |
1500 | 0 | nextop = tvb_get_uint8(tvb, offset+2+arrlen+1); |
1501 | 0 | if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST && |
1502 | 0 | nextop!=EMULE_MSG_SOURCES_REQUEST && |
1503 | 0 | nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) { |
1504 | |
|
1505 | 0 | sourcecount = tvb_get_letohs(tvb, offset+2+arrlen+1); |
1506 | 0 | oplen += 2; |
1507 | 0 | } |
1508 | 0 | } |
1509 | 0 | } |
1510 | 0 | } |
1511 | 0 | } |
1512 | |
|
1513 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, oplen, ENC_NA); |
1514 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1515 | |
|
1516 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1517 | 0 | opcode, "File Name Request (0x%02x)", opcode); |
1518 | 0 | if (partcount<=442) { |
1519 | 0 | dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree); |
1520 | 0 | if (sourcecount<65536) { |
1521 | 0 | proto_tree_add_uint(mp_tree, hf_emule_source_count, tvb, offset+3+arrlen, 2, sourcecount); |
1522 | 0 | } |
1523 | 0 | } |
1524 | 0 | offset += oplen; |
1525 | 0 | break; |
1526 | 0 | case EMULE_MSG_SOURCES_REQUEST: |
1527 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA); |
1528 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1529 | |
|
1530 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1531 | 0 | opcode, "Sources Request (0x%02x)", opcode); |
1532 | 0 | offset += 1; |
1533 | 0 | break; |
1534 | 0 | case EMULE_MSG_AICHFILEHASH_REQUEST: |
1535 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA); |
1536 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1537 | |
|
1538 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1539 | 0 | opcode, "AICH Root Hash Request (0x%02x)", opcode); |
1540 | 0 | offset += 1; |
1541 | 0 | break; |
1542 | | |
1543 | 0 | case EDONKEY_MSG_FILE_STATUS: |
1544 | 0 | partcount = tvb_get_letohs(tvb, offset+1); |
1545 | 0 | arrlen = (partcount+7)/8; |
1546 | |
|
1547 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+arrlen, ENC_NA); |
1548 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1549 | |
|
1550 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1551 | 0 | opcode, "File Status (0x%02x)", opcode); |
1552 | 0 | offset = dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree); |
1553 | 0 | break; |
1554 | 0 | case EDONKEY_MSG_FILE_REQUEST_ANSWER: |
1555 | 0 | namelen = tvb_get_letohs(tvb, offset+1); |
1556 | |
|
1557 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+namelen, ENC_NA); |
1558 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1559 | |
|
1560 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1561 | 0 | opcode, "File Name (0x%02x)", opcode); |
1562 | 0 | offset = dissect_edonkey_file_name(tvb, pinfo, offset+1, mp_tree); |
1563 | 0 | break; |
1564 | 0 | case EMULE_MSG_AICHFILEHASH_ANSWER: |
1565 | 0 | ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 21, ENC_NA); |
1566 | 0 | mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); |
1567 | |
|
1568 | 0 | proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1569 | 0 | opcode, "AICH Root Hash (0x%02x)", opcode); |
1570 | 0 | proto_tree_add_item(mp_tree, hf_emule_aich_root_hash, tvb, offset+1, 20, ENC_NA); |
1571 | 0 | offset += 21; |
1572 | 0 | break; |
1573 | | |
1574 | 0 | default: |
1575 | | /* Unknown opcode means we can't continue parsing the stream */ |
1576 | 0 | proto_tree_add_uint_format(tree, hf_emule_multipacket_opcode, tvb, offset, 1, |
1577 | 0 | opcode, "Unknown MultiPacket opcode (0x%02x)", opcode); |
1578 | 0 | return offset+1; |
1579 | 0 | } |
1580 | 0 | } |
1581 | | |
1582 | 0 | return offset; |
1583 | 0 | } |
1584 | | |
1585 | | /* Dissects the Overnet peer type */ |
1586 | | static int dissect_overnet_peertype(tvbuff_t *tvb, packet_info *pinfo _U_, |
1587 | | int offset, proto_tree *tree) |
1588 | 56 | { |
1589 | | /* <Peer type> ::= uint8_t */ |
1590 | 56 | proto_tree_add_item(tree, hf_edonkey_overnet_peer_type, tvb, offset, 1, ENC_NA); |
1591 | 56 | return offset+1; |
1592 | 56 | } |
1593 | | |
1594 | | /* Dissects the Overnet peer */ |
1595 | | static int dissect_overnet_peer(tvbuff_t *tvb, packet_info *pinfo, |
1596 | | int offset, proto_tree *tree) |
1597 | 63 | { |
1598 | | /* <Peer> ::= <Hash> <Address> <Peer type> */ |
1599 | 63 | proto_item *ti; |
1600 | 63 | proto_tree *peer_tree; |
1601 | 63 | ti = proto_tree_add_item(tree, hf_overnet_peer, tvb, offset, 16 + 6 + 1, ENC_NA); |
1602 | 63 | peer_tree = proto_item_add_subtree(ti, ett_overnet_peer); |
1603 | 63 | offset = dissect_edonkey_hash(tvb, pinfo, offset, peer_tree); |
1604 | 63 | offset = dissect_edonkey_address(tvb, pinfo, offset, peer_tree); |
1605 | 63 | offset = dissect_overnet_peertype(tvb, pinfo, offset, peer_tree); |
1606 | 63 | return offset; |
1607 | 63 | } |
1608 | | |
1609 | | static int dissect_kademlia_peertype(tvbuff_t *tvb, packet_info *pinfo _U_, |
1610 | | int offset, proto_tree *tree) |
1611 | 15 | { |
1612 | | /* <Peer type> ::= 1bytes */ |
1613 | 15 | proto_tree_add_item( tree, hf_kademlia_peertype, tvb, offset, 1, ENC_BIG_ENDIAN ); |
1614 | 15 | return offset + 1; |
1615 | 15 | } |
1616 | | |
1617 | | /* Dissects the Kademlia peer */ |
1618 | | static int dissect_kademlia_peer(tvbuff_t *tvb, packet_info *pinfo, |
1619 | | int offset, proto_tree *tree) |
1620 | 64 | { |
1621 | | /* <Peer> ::= <Hash> <Address> <Peer type> */ |
1622 | 64 | proto_item *ti; |
1623 | 64 | proto_tree *peer_tree; |
1624 | | |
1625 | 64 | ti = proto_tree_add_item(tree, hf_kademlia_peer, tvb, offset, 16 + 4 + 4 + 1, ENC_NA); |
1626 | | |
1627 | 64 | peer_tree = proto_item_add_subtree(ti, ett_overnet_peer); |
1628 | | |
1629 | | /* 16 */ |
1630 | 64 | offset = dissect_kademlia_hash(tvb, pinfo, offset, peer_tree, &hf_kademlia_peer_id); |
1631 | | |
1632 | | /* 8 ( 4 ip + 2 tcp port + 2 udp port ) */ |
1633 | 64 | offset = dissect_kademlia_address(tvb, pinfo, offset, peer_tree); |
1634 | | |
1635 | | /* 1 */ |
1636 | | /* offset = dissect_kademlia_peertype(tvb, pinfo, offset, peer_tree); */ |
1637 | 64 | proto_tree_add_item(peer_tree, hf_kademlia_version, tvb, offset, 1, ENC_BIG_ENDIAN); |
1638 | 64 | return offset + 1; |
1639 | 64 | } |
1640 | | |
1641 | | /* Dissects the Kademlia2 peer */ |
1642 | | static int dissect_kademlia2_peer(tvbuff_t *tvb, packet_info *pinfo, |
1643 | | int offset, proto_tree *tree) |
1644 | 20 | { |
1645 | | /* <Peer> ::= <Hash> <Address> <Peer type> */ |
1646 | 20 | proto_item *ti; |
1647 | 20 | proto_tree *peer_tree; |
1648 | | |
1649 | 20 | ti = proto_tree_add_item(tree, hf_kademlia_peer, tvb, offset, 16 + 4 + 4 + 1, ENC_NA); |
1650 | | |
1651 | 20 | peer_tree = proto_item_add_subtree(ti, ett_overnet_peer); |
1652 | | |
1653 | | /* 16 */ |
1654 | 20 | offset = dissect_kademlia_hash(tvb, pinfo, offset, peer_tree, &hf_kademlia_peer_id); |
1655 | | |
1656 | | /* 8 ( 4 ip + 2 tcp port + 2 udp port ) */ |
1657 | 20 | offset = dissect_kademlia_address(tvb, pinfo, offset, peer_tree); |
1658 | | |
1659 | | /* 1 */ |
1660 | 20 | offset = dissect_kademlia_peertype(tvb, pinfo, offset, peer_tree); |
1661 | 20 | return offset; |
1662 | 20 | } |
1663 | | |
1664 | | |
1665 | | /* Dissects the eDonkey search query */ |
1666 | | // NOLINTNEXTLINE(misc-no-recursion) |
1667 | | static int dissect_edonkey_search_query(tvbuff_t *tvb, packet_info *pinfo, |
1668 | | int offset, proto_tree *tree) |
1669 | 0 | { |
1670 | | /* <Search Query> ::= <Search Type> <Search> */ |
1671 | 0 | proto_item *ti; |
1672 | 0 | proto_tree *search_tree; |
1673 | 0 | uint8_t search_type, special_tagtype; |
1674 | 0 | uint16_t tag_name_size, string_length; |
1675 | 0 | uint32_t search_length; |
1676 | 0 | int string_offset, tag_name_offset; |
1677 | |
|
1678 | 0 | search_type = tvb_get_uint8(tvb, offset); |
1679 | 0 | search_length = 1; |
1680 | 0 | ti = proto_tree_add_uint(tree, hf_edonkey_search_type, tvb, offset, 1, search_type); |
1681 | |
|
1682 | 0 | increment_dissection_depth(pinfo); |
1683 | 0 | switch (search_type) |
1684 | 0 | { |
1685 | 0 | case EDONKEY_SEARCH_BOOL: |
1686 | | /* <Search> ::= <Operator> <Search Query> <Search Query> */ |
1687 | 0 | search_length += 1; |
1688 | | |
1689 | | /* Add subtree for search entry */ |
1690 | 0 | proto_item_set_len(ti, search_length); |
1691 | 0 | search_tree = proto_item_add_subtree(ti, ett_edonkey_search); |
1692 | | |
1693 | | /* Add query info */ |
1694 | 0 | proto_tree_add_item(search_tree, hf_edonkey_search_ops, tvb, offset+1, 1, ENC_LITTLE_ENDIAN); |
1695 | |
|
1696 | 0 | offset+=2; |
1697 | 0 | offset = dissect_edonkey_search_query(tvb, pinfo, offset, search_tree); |
1698 | 0 | offset = dissect_edonkey_search_query(tvb, pinfo, offset, search_tree); |
1699 | 0 | break; |
1700 | | |
1701 | 0 | case EDONKEY_SEARCH_NAME: |
1702 | | /* <Search> ::= <String> */ |
1703 | 0 | string_offset = offset + search_length; |
1704 | 0 | string_length = tvb_get_letohs(tvb, string_offset); |
1705 | 0 | search_length += 2+string_length; |
1706 | | |
1707 | | /* Add subtree for search entry */ |
1708 | 0 | proto_item_set_len(ti, search_length); |
1709 | 0 | search_tree = proto_item_add_subtree(ti, ett_edonkey_search); |
1710 | | |
1711 | | /* Add query info */ |
1712 | 0 | proto_tree_add_uint(search_tree, hf_edonkey_string_length, tvb, string_offset, 2, string_length); |
1713 | 0 | proto_tree_add_item(search_tree, hf_edonkey_string, tvb, string_offset+2, string_length, ENC_ASCII); |
1714 | 0 | offset += search_length; |
1715 | 0 | break; |
1716 | | |
1717 | 0 | case EDONKEY_SEARCH_META: |
1718 | | /* <Search> ::= <String> <Meta tag Name> */ |
1719 | 0 | string_offset = offset + search_length; |
1720 | 0 | string_length = tvb_get_letohs(tvb, offset+1); |
1721 | 0 | search_length += 2+string_length; |
1722 | |
|
1723 | 0 | tag_name_offset = offset + search_length; |
1724 | 0 | tag_name_size = tvb_get_letohs(tvb, tag_name_offset); |
1725 | 0 | special_tagtype = tvb_get_uint8(tvb, tag_name_offset+2); |
1726 | 0 | search_length += 2 + tag_name_size; |
1727 | | |
1728 | | /* Add subtree for search entry */ |
1729 | 0 | proto_item_set_len(ti, search_length); |
1730 | 0 | search_tree = proto_item_add_subtree(ti, ett_edonkey_search); |
1731 | | |
1732 | | /* Add query info */ |
1733 | 0 | proto_tree_add_uint(search_tree, hf_edonkey_string_length, tvb, string_offset, 2, string_length); |
1734 | 0 | proto_tree_add_item(search_tree, hf_edonkey_string, tvb, string_offset+2, string_length, ENC_ASCII); |
1735 | 0 | proto_tree_add_uint(search_tree, hf_edonkey_metatag_namesize, tvb, tag_name_offset, 2, tag_name_size); |
1736 | 0 | edonkey_tree_add_metatag_name(search_tree, tvb, tag_name_offset+2, tag_name_size, special_tagtype); |
1737 | 0 | offset += search_length; |
1738 | 0 | break; |
1739 | | |
1740 | 0 | case EDONKEY_SEARCH_LIMIT: |
1741 | | /* <Search> ::= <Limit (uint32_t)> <Minmax> <Meta tag Name> */ |
1742 | 0 | search_length += 5; /* 4 bytes for the limit, one for the minmax */ |
1743 | |
|
1744 | 0 | tag_name_offset = offset + search_length; |
1745 | 0 | tag_name_size = tvb_get_letohs(tvb, tag_name_offset); |
1746 | 0 | special_tagtype = tvb_get_uint8(tvb, tag_name_offset+2); |
1747 | 0 | search_length += 2 + tag_name_size; |
1748 | | |
1749 | | /* Add subtree for search entry */ |
1750 | 0 | proto_item_set_len(ti, search_length); |
1751 | 0 | search_tree = proto_item_add_subtree(ti, ett_edonkey_search); |
1752 | | |
1753 | | /* Add query info */ |
1754 | 0 | proto_tree_add_item(search_tree, hf_edonkey_search_limit, tvb, offset+1, 4, ENC_LITTLE_ENDIAN); |
1755 | 0 | proto_tree_add_item(search_tree, hf_edonkey_search_limit_type, tvb, offset+5, 1, ENC_LITTLE_ENDIAN); |
1756 | 0 | proto_tree_add_uint(search_tree, hf_edonkey_metatag_namesize, tvb, tag_name_offset, 2, tag_name_size); |
1757 | 0 | edonkey_tree_add_metatag_name(search_tree, tvb, tag_name_offset+2, tag_name_size, special_tagtype); |
1758 | 0 | offset += search_length; |
1759 | 0 | break; |
1760 | | |
1761 | 0 | default: |
1762 | | /* Unknown search type - actual search length is also unknown */ |
1763 | 0 | proto_item_set_len(ti, search_length); |
1764 | 0 | offset += search_length; |
1765 | 0 | break; |
1766 | 0 | } |
1767 | 0 | decrement_dissection_depth(pinfo); |
1768 | |
|
1769 | 0 | return offset; |
1770 | 0 | } |
1771 | | |
1772 | | static void dissect_edonkey_tcp_message(uint8_t msg_type, |
1773 | | tvbuff_t *tvb, packet_info *pinfo, |
1774 | | int offset, int length, proto_tree *tree) |
1775 | 0 | { |
1776 | 0 | int msg_end, bytes_remaining; |
1777 | 0 | uint8_t helloClient; |
1778 | |
|
1779 | 0 | bytes_remaining = tvb_reported_length_remaining(tvb, offset); |
1780 | 0 | if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining; |
1781 | 0 | if (length <= 0) return; |
1782 | | |
1783 | 0 | msg_end = offset + length; |
1784 | |
|
1785 | 0 | switch (msg_type) { |
1786 | 0 | case EDONKEY_MSG_HELLO: |
1787 | | /* Client to Server: <Client Info> */ |
1788 | | /* Client to Client: 0x10 <Client Info> <Server address> */ |
1789 | | /* If Hello is sent to server 0x10 before UserHash is skipped, |
1790 | | but UserHash might starts with 0x10. To decrease posibility |
1791 | | of mistake, we check also 6th and 15h byte of UserHash - |
1792 | | they have constant value. The best way would be to process |
1793 | | whole packet to check it. */ |
1794 | 0 | helloClient = (tvb_get_uint8(tvb, offset) == 0x10 && tvb_get_uint8(tvb, offset + 6) == 0x0E && tvb_get_uint8(tvb, offset + 15) == 0x6F); |
1795 | 0 | if (helloClient) { |
1796 | 0 | proto_tree_add_uint(tree, hf_edonkey_user_hash_length, tvb, offset, 1, 16); |
1797 | 0 | offset += 1; |
1798 | 0 | } |
1799 | 0 | offset = dissect_edonkey_client_info(tvb, pinfo, offset, tree); |
1800 | 0 | if (helloClient) /* User's server ip is sent only to clients. */ |
1801 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, tree); |
1802 | 0 | break; |
1803 | | |
1804 | 0 | case EDONKEY_MSG_HELLO_ANSWER: /* Hello Answer: <Client Info> <Server address> */ |
1805 | 0 | offset = dissect_edonkey_client_info(tvb, pinfo, offset, tree); |
1806 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, tree); |
1807 | 0 | break; |
1808 | | |
1809 | 0 | case EDONKEY_MSG_SERVER_CB_REQ: /* Server Callback Request: <Client address> */ |
1810 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, tree); |
1811 | 0 | break; |
1812 | | |
1813 | 0 | case EDONKEY_MSG_SERVER_INFO_DATA: /* Server Info Data: <Server Info> */ |
1814 | 0 | offset = dissect_edonkey_server_info(tvb, pinfo, offset, tree); |
1815 | 0 | break; |
1816 | | |
1817 | 0 | case EDONKEY_MSG_SERVER_LIST: /* Server List: <Address List> */ |
1818 | 0 | offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree); |
1819 | 0 | break; |
1820 | | |
1821 | 0 | case EDONKEY_MSG_OFFER_FILES: /* Offer Files: <File info List> */ |
1822 | 0 | case EDONKEY_MSG_VIEW_FILES_ANSWER: /* View Files Answer: <File info list> */ |
1823 | 0 | offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree); |
1824 | 0 | break; |
1825 | | |
1826 | 0 | case EDONKEY_MSG_SEARCH_FILE_RESULTS: /* Search File Results: <File Info list> <More> */ |
1827 | 0 | offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree); |
1828 | 0 | proto_tree_add_item(tree, hf_edonkey_more_search_file_results, tvb, offset, 1, ENC_NA); |
1829 | 0 | break; |
1830 | | |
1831 | 0 | case EDONKEY_MSG_SEARCH_FILES: /* Search File: <Search query> */ |
1832 | 0 | case EDONKEY_MSG_SEARCH_USER: /* Search User: <Search query> */ |
1833 | 0 | offset = dissect_edonkey_search_query(tvb, pinfo, offset, tree); |
1834 | 0 | break; |
1835 | | |
1836 | 0 | case EDONKEY_MSG_GET_SOURCES: /* Get Sources: <File Hash> <Size> <Size 64> */ |
1837 | 0 | case EDONKEY_MSG_GET_SOURCES_OBFU: /* Get Sources: <File Hash> <Size> <Size 64> */ |
1838 | 0 | { |
1839 | 0 | uint32_t fileSize; |
1840 | 0 | proto_item* ti; |
1841 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1842 | 0 | fileSize = tvb_get_letohl(tvb, offset); |
1843 | 0 | ti = proto_tree_add_uint(tree, hf_edonkey_file_size, tvb, offset, 4, fileSize); |
1844 | 0 | offset += 4; |
1845 | | /* if fileSize = 0 then 64bit file size comes next */ |
1846 | 0 | if (fileSize == 0) { |
1847 | 0 | proto_item_append_text(ti, " (64bit file size used)"); |
1848 | 0 | proto_tree_add_item(tree, hf_edonkey_large_file_size, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
1849 | 0 | } |
1850 | 0 | } |
1851 | 0 | break; |
1852 | | |
1853 | 0 | case EDONKEY_MSG_NO_SUCH_FILE: /* No Such File: <File Hash> */ |
1854 | 0 | case EDONKEY_MSG_END_OF_DOWNLOAD: /* End of Download: <File Hash> */ |
1855 | 0 | case EDONKEY_MSG_FILE_STATUS_REQUEST: /* File Status Request: <File Hash> */ |
1856 | 0 | case EDONKEY_MSG_HASHSET_REQUEST: /* Hashset Request: <File Hash> */ |
1857 | 0 | case EDONKEY_MSG_SLOT_REQUEST: /* Slot Request: <File Hash> */ |
1858 | 0 | case EDONKEY_MSG_FILE_REQUEST: /* File Request: <File Hash> */ |
1859 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1860 | 0 | break; |
1861 | | |
1862 | 0 | case EDONKEY_MSG_FOUND_SOURCES_OBFU: /* Found Sources: <File Hash> <SourceOBFU List> */ |
1863 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1864 | 0 | offset = dissect_emule_sourceOBFU_list(tvb, pinfo, offset, tree); |
1865 | 0 | break; |
1866 | | |
1867 | 0 | case EDONKEY_MSG_FOUND_SOURCES: /* Found Sources: <File Hash> <Address List> */ |
1868 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1869 | 0 | offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree); |
1870 | 0 | break; |
1871 | | |
1872 | 0 | case EDONKEY_MSG_CLIENT_CB_REQ: /* Client Callback Request: <Client ID> */ |
1873 | 0 | case EDONKEY_MSG_CALLBACK_FAIL: /* Callback Fail: <Client ID> */ |
1874 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
1875 | 0 | break; |
1876 | | |
1877 | 0 | case EDONKEY_MSG_ID_CHANGE: /* ID Change: <Client ID> [<TCP Flags>] [<Aux Port>] [<Server IP> <Obfu Port>] */ |
1878 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
1879 | 0 | if (length >= 8) { |
1880 | 0 | proto_tree_add_item(tree, hf_edonkey_tcp_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1881 | 0 | offset += 4; |
1882 | 0 | } |
1883 | 0 | if (length >= 12) { |
1884 | 0 | proto_tree_add_item(tree, hf_edonkey_aux_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1885 | 0 | offset += 4; |
1886 | 0 | } |
1887 | 0 | if (length >= 20) { |
1888 | 0 | proto_tree_add_item(tree, hf_edonkey_server_reported_ip, tvb, offset, 4, ENC_BIG_ENDIAN); |
1889 | 0 | offset += 4; |
1890 | 0 | proto_tree_add_item(tree, hf_edonkey_tcp_obfuscation_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1891 | 0 | offset += 4; |
1892 | 0 | } |
1893 | 0 | break; |
1894 | | |
1895 | 0 | case EDONKEY_MSG_NEW_CLIENT_ID: /* New Client ID: <Client ID> <Client ID> */ |
1896 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
1897 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
1898 | 0 | break; |
1899 | | |
1900 | 0 | case EDONKEY_MSG_SERVER_MESSAGE: /* Server Message: <String> */ |
1901 | 0 | case EDONKEY_MSG_CLIENT_MESSAGE: /* Client Message: <String> */ |
1902 | 0 | offset = dissect_edonkey_string(tvb, pinfo, offset, tree); |
1903 | 0 | break; |
1904 | | |
1905 | 0 | case EDONKEY_MSG_SERVER_STATUS: /* Server Status: <Nusers> <Nfiles> */ |
1906 | 0 | proto_tree_add_item(tree, hf_edonkey_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1907 | 0 | proto_tree_add_item(tree, hf_edonkey_number_of_files, tvb, offset+4, 4, ENC_LITTLE_ENDIAN); |
1908 | 0 | break; |
1909 | | |
1910 | 0 | case EDONKEY_MSG_FILE_STATUS: /* File Status: <File hash> <Part Count> <Part Status>? */ |
1911 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1912 | 0 | offset = dissect_edonkey_file_status(tvb, pinfo, offset, tree); |
1913 | 0 | break; |
1914 | | |
1915 | 0 | case EDONKEY_MSG_FILE_REQUEST_ANSWER: /* File Request Answer: <File hash> <File name> */ |
1916 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1917 | 0 | offset = dissect_edonkey_file_name(tvb, pinfo, offset, tree); |
1918 | 0 | break; |
1919 | | |
1920 | 0 | case EDONKEY_MSG_REQUEST_PARTS: /* Request Parts: <File hash> <Start offset>(3) <End offset>(3) */ |
1921 | 0 | { |
1922 | 0 | int pairs, count; |
1923 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1924 | 0 | pairs = (msg_end - offset) / 8; |
1925 | |
|
1926 | 0 | for (count=0; count < pairs; count++) |
1927 | 0 | { |
1928 | 0 | offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree); |
1929 | 0 | } |
1930 | 0 | for (count=0; count < pairs; count++) |
1931 | 0 | { |
1932 | 0 | offset = dissect_edonkey_end_offset(tvb, pinfo, offset, tree); |
1933 | 0 | } |
1934 | 0 | } |
1935 | 0 | break; |
1936 | | |
1937 | 0 | case EDONKEY_MSG_SENDING_PART: /* Sending Part: <File hash> <Start offset> <End offset> DATA */ |
1938 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
1939 | 0 | offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree); |
1940 | 0 | offset = dissect_edonkey_end_offset(tvb, pinfo, offset, tree); |
1941 | 0 | if (msg_end > offset) { |
1942 | 0 | bytes_remaining = msg_end - offset; |
1943 | 0 | proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, bytes_remaining, ENC_NA); |
1944 | 0 | } |
1945 | 0 | break; |
1946 | | |
1947 | | |
1948 | 0 | case EDONKEY_MSG_SEARCH_USER_RESULTS: /* Search User Results: <Client info list> */ |
1949 | 0 | offset = dissect_edonkey_client_info_list(tvb, pinfo, offset, tree); |
1950 | 0 | break; |
1951 | | |
1952 | 0 | case EDONKEY_MSG_GET_SHARED_FILES: /* Get Shared Files: <Directory> */ |
1953 | 0 | offset = dissect_edonkey_directory(tvb, pinfo, offset, tree); |
1954 | 0 | break; |
1955 | | |
1956 | 0 | case EDONKEY_MSG_SHARED_DIRS: /* Shared Dirs: <Directory List> */ |
1957 | 0 | offset = dissect_edonkey_directory_list(tvb, pinfo, offset, tree); |
1958 | 0 | break; |
1959 | | |
1960 | 0 | case EDONKEY_MSG_SHARED_FILES: /* Shared Files: <Directory> <File info list> */ |
1961 | 0 | offset = dissect_edonkey_directory(tvb, pinfo, offset, tree); |
1962 | 0 | offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree); |
1963 | 0 | break; |
1964 | | |
1965 | 0 | case EDONKEY_MSG_HASHSET_ANSWER: /* Hashset Answer: <Hash List> */ |
1966 | 0 | offset = dissect_edonkey_hash_list(tvb, pinfo, offset, tree); |
1967 | 0 | break; |
1968 | | |
1969 | 0 | default: |
1970 | 0 | proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, length, ENC_NA); |
1971 | 0 | break; |
1972 | 0 | } |
1973 | | |
1974 | 0 | if (offset < msg_end) { |
1975 | 0 | int extra_bytes = msg_end - offset; |
1976 | | /* trailing garbage or broken packet */ |
1977 | 0 | proto_tree_add_uint_format(tree, hf_edonkey_unparsed_data_length, tvb, offset, extra_bytes, extra_bytes, |
1978 | 0 | "Trailing/Undecoded data: %d bytes", extra_bytes ); |
1979 | 0 | } |
1980 | 0 | return; |
1981 | 0 | } |
1982 | | |
1983 | | static void dissect_emule_tcp_message(uint8_t msg_type, |
1984 | | tvbuff_t *tvb, packet_info *pinfo, |
1985 | | int offset, int length, proto_tree *tree) |
1986 | 0 | { |
1987 | 0 | int msg_end, bytes_remaining; |
1988 | 0 | uint16_t partnum; |
1989 | |
|
1990 | 0 | bytes_remaining = tvb_reported_length_remaining(tvb, offset); |
1991 | 0 | if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining; |
1992 | 0 | if (length <= 0) return; |
1993 | | |
1994 | 0 | msg_end = offset + length; |
1995 | |
|
1996 | 0 | switch (msg_type) { |
1997 | 0 | case EMULE_MSG_HELLO: /* eMule Info: <eMule Version> <Meta tag list> */ |
1998 | 0 | case EMULE_MSG_HELLO_ANSWER: /* eMule Info Answer: <eMule Version> <Meta tag list> */ |
1999 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_version, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2000 | 0 | dissect_edonkey_metatag_list(tvb, pinfo, offset+2, tree); |
2001 | 0 | break; |
2002 | | |
2003 | 0 | case EMULE_MSG_QUEUE_RANKING: /* eMule Queue Ranking: <eMule Rank (uint16_t)> */ |
2004 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_queue_ranking, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2005 | 0 | break; |
2006 | | |
2007 | 0 | case EMULE_MSG_SOURCES_REQUEST: /* Sources Request: <File Hash> */ |
2008 | 0 | dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2009 | 0 | break; |
2010 | | |
2011 | 0 | case EMULE_MSG_SOURCES_ANSWER: /* Sources Answer: <File Hash> <Address List> */ |
2012 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2013 | 0 | dissect_emule_address_list(tvb, pinfo, offset, tree); |
2014 | 0 | break; |
2015 | | |
2016 | 0 | case EMULE_MSG_SEC_IDENT_STATE: |
2017 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_ident_state, tvb, offset, 1, ENC_NA); |
2018 | 0 | offset++; |
2019 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_rndchallenge, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2020 | 0 | break; |
2021 | | |
2022 | 0 | case EMULE_MSG_PUBLIC_KEY: /* Public Key: <1byte : len> <len bytes: pubkey> */ |
2023 | 0 | /* offset =*/ dissect_edonkey_public_key(tvb, pinfo, offset, tree); |
2024 | | /* offset = dissect_emule_publickey(tvb, pinfo, offset, tree); */ |
2025 | 0 | break; |
2026 | | |
2027 | 0 | case EMULE_MSG_SIGNATURE: |
2028 | 0 | offset = dissect_edonkey_signature(tvb, pinfo, offset, tree); |
2029 | 0 | if (msg_end != offset) { |
2030 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_sig_ip_used, tvb, offset, 1, ENC_NA); |
2031 | 0 | } |
2032 | 0 | break; |
2033 | | |
2034 | | |
2035 | | /* case EMULE_MSG_SIGNATURE: Public Key: <1byte : len> <len bytes: pubkey> */ |
2036 | | /* offset = dissect_emule_publickey(tvb, pinfo, offset, tree); */ |
2037 | | /* break; */ |
2038 | | |
2039 | | /* case EMULE_MSG_SECIDENTSTATE: Public Key: <1byte : len> <len bytes: pubkey> */ |
2040 | | /* offset = dissect_emule_secstate(tvb, pinfo, offset, tree); */ |
2041 | | /* offset = dissect_emule_challenge(tvb, pinfo, offset, tree); */ |
2042 | | /* break; */ |
2043 | | |
2044 | 0 | case EMULE_MSG_DATA_COMPRESSED: /* Data Compressed: <File Hash> <Start Offset> <Length (uint32_t)> <DATA> */ |
2045 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2046 | 0 | offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree); |
2047 | 0 | proto_tree_add_item(tree, hf_edonkey_packed_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2048 | 0 | offset += 4; |
2049 | 0 | if (msg_end > offset) { |
2050 | 0 | bytes_remaining = msg_end - offset; |
2051 | 0 | proto_tree_add_item(tree, hf_edonkey_compressed_message_data, tvb, offset, bytes_remaining, ENC_NA); |
2052 | 0 | } |
2053 | 0 | break; |
2054 | | |
2055 | 0 | case EMULE_MSG_DATA_COMPRESSED_64: /* Data Compressed: <File Hash> <Start Offset (uint64_t)> <Length (uint32_t)> <DATA> */ |
2056 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2057 | 0 | offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree); |
2058 | 0 | proto_tree_add_item(tree, hf_edonkey_packed_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2059 | 0 | offset += 4; |
2060 | 0 | if (msg_end > offset) { |
2061 | 0 | bytes_remaining = msg_end - offset; |
2062 | 0 | proto_tree_add_item(tree, hf_edonkey_compressed_message_data, tvb, offset, bytes_remaining, ENC_NA); |
2063 | 0 | } |
2064 | 0 | break; |
2065 | | |
2066 | 0 | case EMULE_MSG_REQUEST_PARTS_64: /* Request Parts: <File hash> <Start offset>(3) <End offset>(3) */ |
2067 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2068 | 0 | offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree); |
2069 | 0 | offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree); |
2070 | 0 | offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree); |
2071 | 0 | offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree); |
2072 | 0 | offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree); |
2073 | 0 | dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree); |
2074 | 0 | break; |
2075 | | |
2076 | 0 | case EMULE_MSG_SENDING_PART_64: /* Sending Part: <File hash> <Start offset> <End offset> DATA */ |
2077 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2078 | 0 | offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree); |
2079 | 0 | offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree); |
2080 | 0 | if (msg_end > offset) { |
2081 | 0 | bytes_remaining = msg_end - offset; |
2082 | 0 | proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, bytes_remaining, ENC_NA); |
2083 | 0 | } |
2084 | 0 | break; |
2085 | | |
2086 | 0 | case EMULE_MSG_CALLBACK: /* Callback: < hash ><hash> <uint16> */ |
2087 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2088 | 0 | /*offset = */dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2089 | | /* offset = dissect_edonkey_generic_uint16(tvb, pinfo, offset, tree, "uint16" ); */ |
2090 | 0 | break; |
2091 | | |
2092 | 0 | case EMULE_MSG_AICH_REQUEST: /* AICH Request: <File Hash> <PartNum> <AICH Hash> */ |
2093 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2094 | 0 | partnum = tvb_get_letohs(tvb, offset); |
2095 | 0 | proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum); |
2096 | 0 | offset += 2; |
2097 | 0 | dissect_emule_aich_root_hash(tvb, pinfo, offset, tree); |
2098 | 0 | break; |
2099 | | |
2100 | 0 | case EMULE_MSG_AICH_ANSWER: /* AICH Answer: <File Hash> <PartNum> <AICH Hash> <AICH Hash List> */ |
2101 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2102 | 0 | partnum = tvb_get_letohs(tvb, offset); |
2103 | 0 | proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum); |
2104 | 0 | offset += 2; |
2105 | 0 | offset = dissect_emule_aich_root_hash(tvb, pinfo, offset, tree); |
2106 | 0 | dissect_emule_aich_hash_list(tvb, pinfo, offset, tree); |
2107 | 0 | break; |
2108 | | |
2109 | 0 | case EMULE_MSG_MULTIPACKET: /* MultiPacket: <Hash> <Opcodes> */ |
2110 | 0 | case EMULE_MSG_MULTIPACKET_ANSWER: |
2111 | 0 | case EMULE_MSG_MULTIPACKET_EXT: /* MultiPacketExt: <Hash> <FileLength> <Opcodes> */ |
2112 | 0 | dissect_emule_multipacket(tvb, pinfo, offset, offset+length, tree, msg_type==EMULE_MSG_MULTIPACKET_EXT); |
2113 | 0 | break; |
2114 | | |
2115 | 0 | default: |
2116 | 0 | dissect_edonkey_tcp_message(msg_type, tvb, pinfo, offset, length, tree); |
2117 | 0 | break; |
2118 | 0 | } |
2119 | 0 | return; |
2120 | 0 | } |
2121 | | |
2122 | | static int dissect_edonkey_udp_message(uint8_t msg_type, |
2123 | | tvbuff_t *tvb, packet_info *pinfo, |
2124 | | int offset, int length, proto_tree *tree) |
2125 | 80 | { |
2126 | 80 | int msg_end, bytes_remaining; |
2127 | 80 | uint16_t ischal; |
2128 | | |
2129 | 80 | bytes_remaining = tvb_reported_length_remaining(tvb, offset); |
2130 | 80 | if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining; |
2131 | 80 | if (length <= 0) return offset; |
2132 | | |
2133 | 80 | msg_end = offset + length; |
2134 | | |
2135 | 80 | switch (msg_type) { |
2136 | | /* EDonkey UDP Messages */ |
2137 | 0 | case EDONKEY_MSG_UDP_CALLBACK_REQUEST: /* Callback Request: <Address> <Client ID> */ |
2138 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, tree); |
2139 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
2140 | 0 | break; |
2141 | | |
2142 | 0 | case EDONKEY_MSG_UDP_CALLBACK_FAIL: /* Callback Fail: <Client ID> */ |
2143 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
2144 | 0 | break; |
2145 | | |
2146 | 0 | case EDONKEY_MSG_UDP_GET_SERVER_INFO: /* Get Server Info: <Challenge> */ |
2147 | 0 | if (length>=2) { |
2148 | 0 | ischal = tvb_get_letohs(tvb, offset); |
2149 | 0 | if (ischal==0xf0ff) { |
2150 | 0 | proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2151 | 0 | offset += 4; |
2152 | 0 | } |
2153 | 0 | } |
2154 | 0 | break; |
2155 | | |
2156 | 0 | case EDONKEY_MSG_UDP_SERVER_INFO: /* Server Info: <String> <String>*/ |
2157 | 0 | ischal = tvb_get_letohs(tvb, offset); |
2158 | 0 | if (ischal==0xf0ff) { |
2159 | 0 | proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2160 | 0 | offset = dissect_edonkey_metatag_list(tvb, pinfo, offset+4, tree); |
2161 | 0 | } else { |
2162 | 0 | offset = dissect_edonkey_string(tvb, pinfo, offset, tree); |
2163 | 0 | offset = dissect_edonkey_string(tvb, pinfo, offset, tree); |
2164 | 0 | } |
2165 | 0 | break; |
2166 | | |
2167 | 0 | case EDONKEY_MSG_UDP_SERVER_LIST: /* Server List: <Address List> */ |
2168 | 0 | offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree); |
2169 | 0 | break; |
2170 | | |
2171 | 0 | case EDONKEY_MSG_UDP_SEARCH_FILE_RESULTS: /* Search File Result: <File Info> */ |
2172 | 0 | offset = dissect_edonkey_file_info(tvb, pinfo, offset, tree); |
2173 | 0 | break; |
2174 | | |
2175 | 0 | case EDONKEY_MSG_UDP_SEARCH_FILE: /* Search File: <Search query> */ |
2176 | 0 | offset = dissect_edonkey_search_query(tvb, pinfo, offset, tree); |
2177 | 0 | break; |
2178 | | |
2179 | 0 | case EDONKEY_MSG_UDP_GET_SOURCES: /* Get Sources: <File Hash> */ |
2180 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2181 | 0 | break; |
2182 | | |
2183 | 4 | case EDONKEY_MSG_UDP_FOUND_SOURCES: /* Found Sources: <File Hash> <Address List> */ |
2184 | 4 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2185 | 4 | offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree); |
2186 | 4 | break; |
2187 | | |
2188 | 0 | case EDONKEY_MSG_UDP_SERVER_STATUS_REQUEST: /* Server Status Request: <uint32_t> */ |
2189 | 0 | proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2190 | 0 | offset += 4; |
2191 | 0 | break; |
2192 | | |
2193 | 0 | case EDONKEY_MSG_UDP_SERVER_STATUS: /* Server Status: <uint32_t> <Nusers> <Nfiles> [<Nusersmax>] [<NsoftFiles> <NhardFiles>] [<UDPFlags>] [<NlowIdUsers>] [<UDPObfuscationPort> <TCPObfuscationPort> <ServerUDPKey>] */ |
2194 | 0 | proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2195 | 0 | offset += 4; |
2196 | 0 | proto_tree_add_item(tree, hf_edonkey_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2197 | 0 | proto_tree_add_item(tree, hf_edonkey_number_of_files, tvb, offset+4, 4, ENC_LITTLE_ENDIAN); |
2198 | 0 | offset += 8; |
2199 | 0 | if (offset < msg_end) { |
2200 | 0 | proto_tree_add_item(tree, hf_edonkey_max_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2201 | 0 | offset += 4; |
2202 | 0 | } |
2203 | 0 | if (offset + 8 <= msg_end) { |
2204 | 0 | proto_tree_add_item(tree, hf_edonkey_soft_limit_files, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2205 | 0 | offset += 4; |
2206 | 0 | proto_tree_add_item(tree, hf_edonkey_hard_limit_files, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2207 | 0 | offset += 4; |
2208 | 0 | } |
2209 | 0 | if (offset + 4 <= msg_end) { |
2210 | 0 | proto_tree_add_item(tree, hf_edonkey_udp_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2211 | 0 | offset += 4; |
2212 | 0 | } |
2213 | 0 | if (offset + 4 <= msg_end) { |
2214 | 0 | proto_tree_add_item(tree, hf_edonkey_number_of_lowid_users, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2215 | 0 | offset += 4; |
2216 | 0 | } |
2217 | 0 | if (offset + 8 <= msg_end) { |
2218 | 0 | proto_tree_add_item(tree, hf_edonkey_udp_obfuscation_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2219 | 0 | offset += 2; |
2220 | 0 | proto_tree_add_item(tree, hf_edonkey_tcp_obfuscation_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2221 | 0 | offset += 2; |
2222 | 0 | proto_tree_add_item(tree, hf_edonkey_server_udp_key, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2223 | 0 | offset += 4; |
2224 | 0 | } |
2225 | 0 | break; |
2226 | | |
2227 | | /* Overnet UDP Messages */ |
2228 | 0 | case OVERNET_MSG_UDP_CONNECT: /* Connect: <Peer (sender) > */ |
2229 | 1 | case OVERNET_MSG_UDP_PUBLICIZE: /* Publicize: <Peer (sender) > */ |
2230 | 1 | offset = dissect_overnet_peer(tvb, pinfo, offset, tree); |
2231 | 1 | break; |
2232 | | |
2233 | 3 | case OVERNET_MSG_UDP_CONNECT_REPLY: /* Connect Reply: <uint16_t Peer List> */ |
2234 | 3 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Overnet Peer", dissect_overnet_peer); |
2235 | 3 | break; |
2236 | | |
2237 | 0 | case OVERNET_MSG_UDP_SEARCH: /* Search: <search type (uint8_t)> <Hash> */ |
2238 | 0 | proto_tree_add_item(tree, hf_edonkey_search_type, tvb, offset, 1, ENC_NA); |
2239 | 0 | offset = dissect_edonkey_hash(tvb, pinfo, offset+1, tree); |
2240 | 0 | break; |
2241 | | |
2242 | 0 | case OVERNET_MSG_UDP_SEARCH_INFO: |
2243 | | /* Search Info: <Hash> <search type (uint8_t)> <min (uint16_t)> <max (uint16_t)>*/ |
2244 | 0 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2245 | 0 | proto_tree_add_item(tree, hf_edonkey_search_type, tvb, offset, 1, ENC_NA); |
2246 | 0 | proto_tree_add_item(tree, hf_edonkey_search_range_min, tvb, offset+1, 2, ENC_LITTLE_ENDIAN); |
2247 | 0 | proto_tree_add_item(tree, hf_edonkey_search_range_max, tvb, offset+3, 2, ENC_LITTLE_ENDIAN); |
2248 | 0 | break; |
2249 | | |
2250 | 3 | case OVERNET_MSG_UDP_SEARCH_NEXT: /* Search Next: <Hash> <uint8_t Peer List> */ |
2251 | 3 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2252 | 3 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Overnet Peer", dissect_overnet_peer); |
2253 | 3 | break; |
2254 | | |
2255 | 23 | case OVERNET_MSG_UDP_SEARCH_RESULT: /* Search Result: <Hash> <Hash> <Meta tag List> */ |
2256 | 64 | case OVERNET_MSG_UDP_PUBLISH: /* Publish: <Hash> <Hash> <Meta tag List> */ |
2257 | 64 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2258 | 64 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2259 | 64 | offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, tree); |
2260 | 64 | break; |
2261 | | |
2262 | 0 | case OVERNET_MSG_UDP_SEARCH_END: /* Search End: <Hash> */ |
2263 | 0 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2264 | 0 | break; |
2265 | | |
2266 | 0 | case OVERNET_MSG_UDP_PUBLISH_ACK: /* Publish ACK: <File Hash> */ |
2267 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2268 | 0 | break; |
2269 | | |
2270 | 1 | case OVERNET_MSG_UDP_IP_QUERY: /* IP Query: <TCP Port> */ |
2271 | 1 | proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2272 | 1 | break; |
2273 | | |
2274 | 0 | case OVERNET_MSG_UDP_IP_QUERY_ANSWER: /* IP Query Answer: <IP> */ |
2275 | 0 | offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, false); |
2276 | 0 | break; |
2277 | | |
2278 | 0 | case OVERNET_MSG_UDP_IDENTIFY_REPLY: /* Identify Reply: <Contact (sender)> */ |
2279 | | /* <Contact> ::= <Hash> <Address> */ |
2280 | 0 | offset = dissect_edonkey_hash(tvb, pinfo, offset, tree); |
2281 | 0 | offset = dissect_edonkey_address(tvb, pinfo, offset, tree); |
2282 | 0 | break; |
2283 | | |
2284 | 1 | case OVERNET_MSG_UDP_IDENTIFY_ACK: /* Identify Reply: <TCP Port (sender)> */ |
2285 | 1 | proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2286 | 1 | break; |
2287 | | |
2288 | 1 | case OVERNET_MSG_UDP_FIREWALL_CONNECTION: /* Firewall Connection Ack: <Hash> <TCP Port> */ |
2289 | 1 | offset = dissect_edonkey_client_hash(tvb, pinfo, offset, tree); |
2290 | 1 | proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2291 | 1 | break; |
2292 | | |
2293 | 0 | case OVERNET_MSG_UDP_FIREWALL_CONNECTION_ACK: /* Firewall Connection Ack: <Hash> */ |
2294 | 1 | case OVERNET_MSG_UDP_FIREWALL_CONNECTION_NACK: /* Firewall Connection NAck: <Hash> */ |
2295 | 1 | offset = dissect_edonkey_client_hash(tvb, pinfo, offset, tree); |
2296 | 1 | break; |
2297 | | |
2298 | 1 | default: |
2299 | 1 | proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, length, ENC_NA); |
2300 | 1 | offset+=length; |
2301 | 1 | break; |
2302 | 80 | } |
2303 | | |
2304 | 6 | return offset; |
2305 | 80 | } |
2306 | | |
2307 | | static int dissect_emule_udp_message(uint8_t msg_type, |
2308 | | tvbuff_t *tvb, packet_info *pinfo, |
2309 | | int offset, int length, proto_tree *tree) |
2310 | 1 | { |
2311 | 1 | int msg_end, bytes_remaining; |
2312 | | |
2313 | 1 | bytes_remaining = tvb_reported_length_remaining(tvb, offset); |
2314 | 1 | if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining; |
2315 | 1 | if (length <= 0) return offset; |
2316 | | |
2317 | 1 | msg_end = offset + length; |
2318 | | |
2319 | 1 | switch (msg_type) { |
2320 | 0 | case EMULE_MSG_UDP_REASKFILEPING: /* Reask File Ping: <File Hash> */ |
2321 | 0 | offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); |
2322 | 0 | if ( offset + 2 < msg_end ) { |
2323 | | /* Udp version > 3 */ |
2324 | 0 | offset = dissect_edonkey_file_status( tvb, pinfo, offset, tree ); |
2325 | 0 | } |
2326 | |
|
2327 | 0 | if ( msg_end == offset + 2 ) { |
2328 | | /* Udp version > 2 */ |
2329 | 0 | proto_tree_add_item( tree, hf_emule_source_count, tvb, offset, 2, ENC_LITTLE_ENDIAN ); |
2330 | 0 | offset += 2; |
2331 | 0 | } |
2332 | 0 | break; |
2333 | | |
2334 | 0 | case EMULE_MSG_UDP_REASKACK: /* Reask ACK: <eMule Rank> */ |
2335 | 0 | if ( offset + 2 < msg_end ) { |
2336 | | /* Udp version > 3 */ |
2337 | 0 | offset = dissect_edonkey_file_status( tvb, pinfo, offset, tree ); |
2338 | 0 | } |
2339 | |
|
2340 | 0 | proto_tree_add_item(tree, hf_edonkey_emule_queue_ranking, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2341 | 0 | offset += 2; |
2342 | 0 | break; |
2343 | | |
2344 | 1 | default: |
2345 | 1 | offset = dissect_edonkey_udp_message(msg_type, tvb, pinfo, offset, length,tree); |
2346 | 1 | break; |
2347 | 1 | } |
2348 | 1 | return offset; |
2349 | 1 | } |
2350 | | |
2351 | | static int dissect_kademlia_peer_list_2byte(tvbuff_t *tvb, packet_info *pinfo, |
2352 | | int offset, proto_tree *tree) |
2353 | 6 | { |
2354 | 6 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Peer", dissect_kademlia_peer ); |
2355 | 6 | } |
2356 | | |
2357 | | |
2358 | | static int dissect_kademlia_peer_list_1byte(tvbuff_t *tvb, packet_info *pinfo, |
2359 | | int offset, proto_tree *tree) |
2360 | 1 | { |
2361 | 1 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Peer", dissect_kademlia_peer ); |
2362 | 1 | } |
2363 | | |
2364 | | static int dissect_kademlia2_peer_list_2byte(tvbuff_t *tvb, packet_info *pinfo, |
2365 | | int offset, proto_tree *tree) |
2366 | 5 | { |
2367 | 5 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Peer", dissect_kademlia2_peer ); |
2368 | 5 | } |
2369 | | |
2370 | | static int dissect_kademlia2_peer_list_1byte(tvbuff_t *tvb, packet_info *pinfo, |
2371 | | int offset, proto_tree *tree) |
2372 | 0 | { |
2373 | 0 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Peer", dissect_kademlia2_peer ); |
2374 | 0 | } |
2375 | | |
2376 | | static int dissect_kademlia_tag(tvbuff_t *tvb, packet_info *pinfo, |
2377 | | int offset, proto_tree *tree) |
2378 | 32 | { |
2379 | 32 | uint8_t type; |
2380 | 32 | uint8_t tag_type; |
2381 | 32 | const char *str_type; |
2382 | 32 | proto_item *ti; |
2383 | 32 | proto_item* tag_node; |
2384 | 32 | proto_tree *subtree; |
2385 | 32 | int item_start_offset; |
2386 | 32 | proto_item * ti_tagtype; |
2387 | | |
2388 | 32 | item_start_offset = offset; |
2389 | | /* tag_node length is adjusted at the end of this function */ |
2390 | 32 | subtree = proto_tree_add_subtree( tree, tvb, offset, 1, ett_kademlia_tag, &tag_node, "Tag " ); |
2391 | | |
2392 | 32 | type = tvb_get_uint8( tvb, offset ); |
2393 | 32 | str_type = val_to_str_const(type, kademlia_tag_types, "Unknown" ); |
2394 | | |
2395 | 32 | ti_tagtype = proto_tree_add_item( subtree, hf_kademlia_tag_type, tvb, offset, 1, ENC_LITTLE_ENDIAN ); |
2396 | 32 | offset += 1; |
2397 | | |
2398 | 32 | { |
2399 | 32 | const char *tagname_string; |
2400 | 32 | const char *tagname_extended_string; |
2401 | | |
2402 | | /* Read tagname */ |
2403 | 32 | tag_type = tvb_get_uint8( tvb, offset+2 ); |
2404 | 32 | offset = dissect_kademlia_tagname( tvb, pinfo, offset, subtree, &tagname_string, &tagname_extended_string ); |
2405 | 32 | if ( strlen( tagname_string ) == 1 ) { |
2406 | 2 | const uint8_t tagname_uint = *(const uint8_t*)tagname_string; |
2407 | | |
2408 | 2 | proto_item_append_text( tag_node, " 0x%02X [%s] = ", tagname_uint, tagname_extended_string ); |
2409 | 2 | } |
2410 | 30 | else |
2411 | 30 | proto_item_append_text( tag_node, " \"%s\" [%s] = ", tagname_string, tagname_extended_string ); |
2412 | 32 | } |
2413 | | |
2414 | | /* Switch on type */ |
2415 | 32 | switch( type ) |
2416 | 32 | { |
2417 | 2 | case KADEMLIA_TAGTYPE_HASH: |
2418 | 2 | proto_item_append_text( tag_node, "%s", tvb_bytes_to_str(pinfo->pool, tvb, offset, 16 )); |
2419 | 2 | offset = dissect_kademlia_tag_hash( tvb, pinfo, offset, subtree ); |
2420 | 2 | break; |
2421 | 0 | case KADEMLIA_TAGTYPE_STRING: |
2422 | 0 | { |
2423 | 0 | const uint8_t* value; |
2424 | 0 | offset = dissect_kademlia_tag_string( tvb, pinfo, offset, subtree, &value ); |
2425 | |
|
2426 | 0 | proto_item_append_text( tag_node, "\"%s\"", value ); |
2427 | 0 | } |
2428 | 0 | break; |
2429 | 0 | case KADEMLIA_TAGTYPE_UINT8: |
2430 | 0 | { |
2431 | 0 | uint8_t value; |
2432 | 0 | ti = proto_tree_add_item( subtree, hf_kademlia_tag_uint8, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
2433 | |
|
2434 | 0 | value = tvb_get_uint8( tvb, offset ); |
2435 | 0 | proto_item_append_text( tag_node, "%u (0x%02X)", value, value ); |
2436 | 0 | switch (tag_type) { |
2437 | 0 | case KADEMLIA_TAG_SOURCETYPE: |
2438 | 0 | { |
2439 | 0 | proto_item_append_text(ti," (%s)", val_to_str_const(value, kademlia_tag_sourcetype, "Unknown")); |
2440 | 0 | } |
2441 | 0 | break; |
2442 | 0 | case KADEMLIA_TAG_ENCRYPTION: |
2443 | 0 | proto_item_append_text(ti, " (%s)", val_to_str_const(value, kademlia_tag_encryption, "Unknown")); |
2444 | 0 | break; |
2445 | 0 | } |
2446 | 0 | offset += 1; |
2447 | 0 | } |
2448 | 0 | break; |
2449 | 0 | case KADEMLIA_TAGTYPE_UINT16: |
2450 | 0 | { |
2451 | 0 | uint16_t value; |
2452 | 0 | proto_tree_add_item( subtree, hf_kademlia_tag_uint16, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2453 | |
|
2454 | 0 | value = tvb_get_letohs( tvb, offset ); |
2455 | 0 | proto_item_append_text( tag_node, "%u (0x%04X)", value, value ); |
2456 | |
|
2457 | 0 | offset += 2; |
2458 | 0 | } |
2459 | 0 | break; |
2460 | 0 | case KADEMLIA_TAGTYPE_UINT64: |
2461 | 0 | { |
2462 | 0 | uint64_t value; |
2463 | 0 | proto_tree_add_item( subtree, hf_kademlia_tag_uint64, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
2464 | |
|
2465 | 0 | value = tvb_get_letoh64( tvb, offset ); |
2466 | 0 | proto_item_append_text( tag_node, "%" PRIu64 " (0x%08" PRIX64 ")", value, value ); |
2467 | |
|
2468 | 0 | offset += 8; |
2469 | 0 | } |
2470 | 0 | break; |
2471 | 0 | case KADEMLIA_TAGTYPE_UINT32: |
2472 | 0 | { |
2473 | 0 | uint32_t value; |
2474 | | /* show ip as dotted decimal */ |
2475 | 0 | switch( tag_type) { |
2476 | 0 | case KADEMLIA_TAG_SERVERIP: |
2477 | 0 | case KADEMLIA_TAG_SOURCEIP: |
2478 | 0 | { |
2479 | 0 | int ipa = 0, ipb = 0, ipc = 0, ipd = 0; |
2480 | 0 | proto_tree_add_item( subtree, hf_kademlia_tag_ipv4, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2481 | 0 | value = tvb_get_letohl( tvb, offset ); |
2482 | 0 | ipa = (value / (256*256*256)) % 256; |
2483 | 0 | ipb = (value / (256*256)) % 256; |
2484 | 0 | ipc = (value / 256) % 256; |
2485 | 0 | ipd = value % 256; |
2486 | 0 | proto_item_append_text( tag_node, "%u.%u.%u.%u (0x%02X) ", ipa, ipb, ipc, ipd, value ); |
2487 | 0 | } |
2488 | 0 | break; |
2489 | 0 | default: |
2490 | 0 | proto_tree_add_item( subtree, hf_kademlia_tag_uint32, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2491 | 0 | value = tvb_get_letohl( tvb, offset ); |
2492 | 0 | proto_item_append_text( tag_node, "%u (0x%02X) ", value, value ); |
2493 | 0 | } |
2494 | | |
2495 | 0 | offset += 4; |
2496 | 0 | } |
2497 | 0 | break; |
2498 | 0 | case KADEMLIA_TAGTYPE_FLOAT32: |
2499 | 0 | { |
2500 | 0 | float value; |
2501 | 0 | proto_tree_add_item( subtree, hf_kademlia_tag_float, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
2502 | |
|
2503 | 0 | value = tvb_get_letohieee_float( tvb, offset ); |
2504 | 0 | proto_item_append_text( tag_node, "%f", value ); |
2505 | |
|
2506 | 0 | offset += 4; |
2507 | 0 | } |
2508 | 0 | break; |
2509 | 0 | case KADEMLIA_TAGTYPE_BSOB: |
2510 | 0 | { |
2511 | 0 | const char* value; |
2512 | 0 | offset = dissect_kademlia_tag_bsob( tvb, pinfo, offset, subtree, &value ); |
2513 | 0 | proto_item_append_text( tag_node, "%s", value ); |
2514 | 0 | } |
2515 | 0 | break; |
2516 | 6 | default: |
2517 | 6 | expert_add_info_format(pinfo, ti_tagtype, &ei_kademlia_tag_type, "Tag value not decoded for type: 0x%02X", type ); |
2518 | 32 | } |
2519 | | |
2520 | 8 | proto_item_append_text( tag_node, " (Type: %s)", str_type ); |
2521 | | |
2522 | 8 | proto_item_set_len( tag_node, offset - item_start_offset ); |
2523 | | |
2524 | 8 | return offset; |
2525 | 32 | } |
2526 | | |
2527 | | static int dissect_kademlia_taglist(tvbuff_t *tvb, packet_info *pinfo, |
2528 | | int offset, proto_tree *tree) |
2529 | 79 | { |
2530 | 79 | return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Tag", dissect_kademlia_tag ); |
2531 | 79 | } |
2532 | | |
2533 | | |
2534 | | static int dissect_kademlia_publish_req_entry_file(tvbuff_t *tvb, packet_info *pinfo, |
2535 | | int offset, proto_tree *tree) |
2536 | 52 | { |
2537 | | /* Get the hash */ |
2538 | 52 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id); |
2539 | | /* Read all the kad tags */ |
2540 | 52 | return dissect_kademlia_taglist( tvb, pinfo, offset, tree ); |
2541 | 52 | } |
2542 | | |
2543 | | static int dissect_kademlia_publish_req_entry_peer(tvbuff_t *tvb, packet_info *pinfo, |
2544 | | int offset, proto_tree *tree) |
2545 | 5 | { |
2546 | | /* Get the hash */ |
2547 | 5 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id); |
2548 | | /* Read all the kad tags */ |
2549 | 5 | return dissect_kademlia_taglist( tvb, pinfo, offset, tree ); |
2550 | 5 | } |
2551 | | |
2552 | | |
2553 | | static int dissect_kademlia_search_result(tvbuff_t *tvb, packet_info *pinfo, |
2554 | | int offset, proto_tree *tree) |
2555 | 24 | { |
2556 | | /* Get the hash */ |
2557 | 24 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash); |
2558 | | /* Read all the kad tags */ |
2559 | 24 | return dissect_kademlia_taglist( tvb, pinfo, offset, tree ); |
2560 | 24 | } |
2561 | | |
2562 | | // NOLINTNEXTLINE(misc-no-recursion) |
2563 | | static int dissect_kademlia_search_expression_tree(tvbuff_t *tvb, packet_info *pinfo, |
2564 | | int offset, proto_tree *tree) |
2565 | 480 | { |
2566 | 480 | int op, item_start_offset; |
2567 | 480 | proto_item* ti; |
2568 | | |
2569 | 480 | item_start_offset = offset; |
2570 | 480 | op = tvb_get_uint8(tvb, offset); |
2571 | 480 | ti = proto_tree_add_uint(tree, hf_kademlia_search_expression_type, tvb, offset, 1, op); |
2572 | 480 | tree = proto_item_add_subtree( ti, ett_kademlia_search_expression ); |
2573 | 480 | ++offset; |
2574 | 480 | increment_dissection_depth(pinfo); |
2575 | 480 | switch( op ) { |
2576 | 311 | case 0: /* Bool op */ |
2577 | 311 | proto_tree_add_item(tree, hf_kademlia_search_bool_op, tvb, offset, 1, ENC_NA ); |
2578 | 311 | ++offset; |
2579 | | |
2580 | | /* Left */ |
2581 | 311 | offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree ); |
2582 | | /* Right */ |
2583 | 311 | offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree ); |
2584 | 311 | break; |
2585 | | |
2586 | 11 | case 1: /* String */ |
2587 | 11 | offset = dissect_kademlia_string( tvb, pinfo, offset, tree ); |
2588 | 11 | break; |
2589 | 3 | case 2: /* Meta Tag */ |
2590 | | /* tag value */ |
2591 | 3 | offset = dissect_edonkey_string( tvb, pinfo, offset, tree ); |
2592 | | /* tag name */ |
2593 | 3 | offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL ); |
2594 | 3 | break; |
2595 | 2 | case 3: /* Min/Max - 32bit! */ |
2596 | 2 | offset = dissect_kademlia_search_condition_argument_uint32( tvb, pinfo, offset, tree ); |
2597 | 2 | offset = dissect_kademlia_search_condition( tvb, pinfo, offset, tree ); |
2598 | | /* tag name */ |
2599 | 2 | offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL ); |
2600 | 2 | break; |
2601 | 1 | case 8: /* Min/Max - 64bit! */ |
2602 | 1 | offset = dissect_kademlia_search_condition_argument_uint64( tvb, pinfo, offset, tree ); |
2603 | 1 | offset = dissect_kademlia_search_condition( tvb, pinfo, offset, tree ); |
2604 | | /* tag name */ |
2605 | 1 | offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL ); |
2606 | 1 | break; |
2607 | 151 | default: |
2608 | 151 | expert_add_info_format(pinfo, ti, &ei_kademlia_search_expression_type, "NOT DECODED op %x", op ); |
2609 | 480 | } |
2610 | 294 | decrement_dissection_depth(pinfo); |
2611 | 294 | proto_item_set_len( ti, offset - item_start_offset ); |
2612 | 294 | return offset; |
2613 | 480 | } |
2614 | | |
2615 | | static int dissect_kademlia2_prolog( tvbuff_t *tvb, packet_info *pinfo, |
2616 | | int offset, proto_tree *tree) |
2617 | 6 | { |
2618 | 6 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id); |
2619 | 6 | offset = dissect_kademlia_tcp_port(tvb, pinfo, offset, tree); |
2620 | | |
2621 | 6 | proto_tree_add_item(tree, hf_kademlia_version, tvb, offset, 1, ENC_BIG_ENDIAN); |
2622 | 6 | offset++; |
2623 | | |
2624 | 6 | return offset; |
2625 | 6 | } |
2626 | | |
2627 | | static int dissect_kademlia_uload( tvbuff_t *tvb, packet_info *pinfo _U_, |
2628 | | int offset, proto_tree *tree) |
2629 | 2 | { |
2630 | 2 | proto_tree_add_item(tree, hf_edonkey_kademlia_uload, tvb, offset, 1, ENC_NA); |
2631 | 2 | return offset +1; |
2632 | | |
2633 | 2 | } |
2634 | | static int dissect_kademlia_udp_message(uint8_t msg_type, |
2635 | | tvbuff_t *tvb, packet_info *pinfo, |
2636 | | int offset, int length, proto_tree *tree) |
2637 | 106 | { |
2638 | 106 | int msg_end, bytes_remaining; |
2639 | 106 | proto_item *hidden_item; |
2640 | | |
2641 | 106 | bytes_remaining = tvb_reported_length_remaining(tvb, offset); |
2642 | 106 | if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining; |
2643 | 106 | if (length <= 0) return offset; |
2644 | | |
2645 | 106 | hidden_item = proto_tree_add_item(tree, hf_kademlia, tvb, offset, 1, ENC_BIG_ENDIAN); |
2646 | 106 | proto_item_set_hidden(hidden_item); |
2647 | | |
2648 | 106 | msg_end = offset + length; |
2649 | | |
2650 | 106 | switch (msg_type) { |
2651 | 1 | case KADEMLIA_BOOTSTRAP_REQ:/* <PEER [25]> */ |
2652 | 1 | case KADEMLIA_HELLO_REQ: |
2653 | 1 | case KADEMLIA_HELLO_RES: |
2654 | 1 | offset = dissect_kademlia_peer(tvb, pinfo, offset, tree); |
2655 | 1 | break; |
2656 | 1 | case KADEMLIA2_BOOTSTRAP_REQ: |
2657 | 1 | offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree ); |
2658 | 1 | break; |
2659 | | |
2660 | 0 | case KADEMLIA2_HELLO_REQ: |
2661 | 0 | case KADEMLIA2_HELLO_RES: |
2662 | 0 | offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree ); |
2663 | 0 | offset = dissect_kademlia_taglist( tvb, pinfo, offset, tree ); |
2664 | 0 | break; |
2665 | 6 | case KADEMLIA_BOOTSTRAP_RES: /* <CNT [2]> <PEER [25]>*(CNT) */ |
2666 | 6 | offset = dissect_kademlia_peer_list_2byte( tvb, pinfo, offset, tree ); |
2667 | 6 | break; |
2668 | 5 | case KADEMLIA2_BOOTSTRAP_RES: |
2669 | 5 | offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree ); |
2670 | 5 | offset = dissect_kademlia2_peer_list_2byte( tvb, pinfo, offset, tree ); |
2671 | 5 | break; |
2672 | | |
2673 | 0 | case KADEMLIA2_SEARCH_SOURCE_REQ: |
2674 | 0 | { |
2675 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2676 | | /* start pos */ |
2677 | 0 | proto_tree_add_item(tree, hf_edonkey_kademlia_start_position, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2678 | 0 | offset +=2; |
2679 | | /* filesize */ |
2680 | 0 | proto_tree_add_item(tree, hf_edonkey_kademlia_filesize, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
2681 | 0 | offset +=8; |
2682 | 0 | } |
2683 | 0 | break; |
2684 | | |
2685 | 1 | case KADEMLIA_SEARCH_NOTES_REQ: /* <HASH (key) [16]> */ |
2686 | 1 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash); |
2687 | 1 | break; |
2688 | | |
2689 | 0 | case KADEMLIA2_SEARCH_KEY_REQ: |
2690 | 0 | { |
2691 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2692 | | /* start pos */ |
2693 | 0 | proto_tree_add_item(tree, hf_edonkey_kademlia_start_position, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2694 | 0 | offset += 2; |
2695 | 0 | } |
2696 | 0 | break; |
2697 | 1 | case KADEMLIA2_SEARCH_NOTES_REQ: |
2698 | | |
2699 | 2 | case KADEMLIA_PUBLISH_RES: |
2700 | 2 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2701 | 2 | if (offset<msg_end) { |
2702 | 2 | offset = dissect_kademlia_uload( tvb, pinfo, offset, tree ); |
2703 | 2 | } |
2704 | 2 | break; |
2705 | 0 | case KADEMLIA2_PUBLISH_RES: |
2706 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2707 | 0 | offset = dissect_kademlia_uload( tvb, pinfo, offset, tree ); |
2708 | 0 | break; |
2709 | | |
2710 | 22 | case KADEMLIA_REQ: /* <TYPE [1]> <HASH (target) [16]> <HASH (receiver) 16> */ |
2711 | 28 | case KADEMLIA2_REQ: |
2712 | 28 | { |
2713 | 28 | int type; |
2714 | 28 | uint8_t target_id[16]; |
2715 | 28 | uint8_t recipients_id[16]; |
2716 | 28 | proto_item *ti; |
2717 | 28 | int i, j, k, l; |
2718 | 28 | char binarray[129]; |
2719 | | |
2720 | 28 | type = tvb_get_uint8(tvb, offset); |
2721 | 28 | ti = proto_tree_add_uint_format_value(tree, hf_kademlia_request_type, tvb, offset, 1, type, "0x%02x", type ); |
2722 | 28 | proto_item_append_text(ti, "%s", val_to_str_const(type, kademlia_parameter, " Unknown")); |
2723 | 28 | offset +=1; |
2724 | | |
2725 | | /* get target id */ |
2726 | 137 | for (i=0; i<4; i++) { |
2727 | 542 | for (j=3; j>=0; j--) { |
2728 | 433 | l = (j+4*i); |
2729 | 433 | target_id[l] = tvb_get_uint8(tvb, offset + abs(8*i-(l-3))); |
2730 | 433 | } |
2731 | 109 | } |
2732 | | |
2733 | 28 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2734 | | |
2735 | | /* get recipient's id */ |
2736 | 130 | for (i=0; i<4; i++) { |
2737 | 509 | for (j=3; j>=0; j--) { |
2738 | 407 | l = (j+4*i); |
2739 | 407 | recipients_id[l] = tvb_get_uint8(tvb, offset + abs(8*i-(l-3))); |
2740 | 407 | } |
2741 | 102 | } |
2742 | | |
2743 | 28 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_recipients_id); |
2744 | | |
2745 | | /* target_id XOR recipients_id */ |
2746 | 428 | for (i=0; i<16; i++) { |
2747 | 400 | k = 128; |
2748 | 400 | l = target_id[i]^recipients_id[i]; |
2749 | 3.60k | for(j=8*i; j<8*i+8; j++) { |
2750 | 3.20k | if (l >= k) { |
2751 | 1.45k | binarray[j] = '1'; |
2752 | 1.45k | l = l-k; |
2753 | 1.45k | } |
2754 | 1.74k | else |
2755 | 1.74k | binarray[j] = '0'; |
2756 | 3.20k | k = k/2; |
2757 | 3.20k | } |
2758 | 400 | } |
2759 | 28 | binarray[128] = '\0'; |
2760 | 28 | proto_tree_add_string(tree, hf_kademlia_distance, tvb, offset, 0, binarray); |
2761 | 28 | } |
2762 | 28 | break; |
2763 | | |
2764 | 2 | case KADEMLIA_RES: /* <HASH (target) [16]> <CNT> <PEER [25]>*(CNT) */ |
2765 | 2 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2766 | 2 | offset = dissect_kademlia_peer_list_1byte( tvb, pinfo, offset, tree ); |
2767 | 2 | break; |
2768 | 0 | case KADEMLIA2_RES: |
2769 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2770 | 0 | offset = dissect_kademlia2_peer_list_1byte( tvb, pinfo, offset, tree ); |
2771 | 0 | break; |
2772 | | |
2773 | 0 | case KADEMLIA_FIREWALLED_RES: /* <IP (sender) [4]> */ |
2774 | 0 | offset = dissect_kademlia_ip_address( tvb, pinfo, offset, tree ); |
2775 | 0 | break; |
2776 | | |
2777 | 1 | case KADEMLIA_FIREWALLED_REQ: /* <TCPPORT (sender) [2]> */ |
2778 | 1 | offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree ); |
2779 | 1 | break; |
2780 | 0 | case KADEMLIA_CALLBACK_REQ: |
2781 | 0 | case KADEMLIA_FINDBUDDY_REQ: |
2782 | 0 | case KADEMLIA_FINDBUDDY_RES: |
2783 | | /* buddy id */ |
2784 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash); |
2785 | | /* userid */ |
2786 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash); |
2787 | 0 | offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree ); |
2788 | 0 | break; |
2789 | 1 | case KADEMLIA2_PUBLISH_SOURCE_REQ: |
2790 | 1 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id); |
2791 | 1 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id); |
2792 | 1 | offset = dissect_kademlia_taglist( tvb, pinfo, offset, tree ); |
2793 | 1 | break; |
2794 | 13 | case KADEMLIA_SEARCH_REQ: |
2795 | 13 | { |
2796 | 13 | int restrictive; |
2797 | | /* Target (16bytes) */ |
2798 | 13 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2799 | | /* Restrictive (1 byte) 0/1 */ |
2800 | 13 | restrictive = tvb_get_uint8(tvb, offset); |
2801 | 13 | proto_tree_add_item(tree, hf_edonkey_kademlia_restrictive, tvb, offset, 1, ENC_NA); |
2802 | 13 | offset +=1; |
2803 | | |
2804 | 13 | if ( offset < msg_end && restrictive ) |
2805 | 12 | offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree ); |
2806 | 13 | } |
2807 | 13 | break; |
2808 | 0 | case KADEMLIA_SEARCH_RES: |
2809 | | /* Target */ |
2810 | 0 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2811 | | /* Results list */ |
2812 | 0 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Result", dissect_kademlia_search_result ); |
2813 | 0 | break; |
2814 | 7 | case KADEMLIA2_SEARCH_RES: |
2815 | | /* Sender */ |
2816 | 7 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_sender_id); |
2817 | | /* Target */ |
2818 | 7 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id); |
2819 | | /* Results list */ |
2820 | 7 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Result", dissect_kademlia_search_result ); |
2821 | 7 | break; |
2822 | 6 | case KADEMLIA2_PUBLISH_KEY_REQ: |
2823 | 6 | { |
2824 | | /* Keyword Hash */ |
2825 | 6 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_keyword_hash); |
2826 | | /* Results list */ |
2827 | 6 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_file ); |
2828 | 6 | break; |
2829 | 0 | } |
2830 | 31 | case KADEMLIA_PUBLISH_REQ: /* 0x40 // <HASH (key) [16]> <CNT1 [2]> (<HASH (target) [16]> <CNT2 [2]> <META>*(CNT2))*(CNT1) */ |
2831 | 31 | { |
2832 | 31 | uint8_t tagname_value=0, taglist_size, type; |
2833 | 31 | int i=1, j=34; |
2834 | | |
2835 | | /* check if TAG_SOURCETYPE is set */ |
2836 | 31 | taglist_size = tvb_get_uint8(tvb, offset + j); |
2837 | 31 | j++; |
2838 | | |
2839 | 524 | while(i <= taglist_size) { |
2840 | 507 | type = tvb_get_uint8(tvb, offset + j); |
2841 | 507 | j +=3; |
2842 | 507 | tagname_value = tvb_get_uint8(tvb, offset + j); |
2843 | 507 | if (tagname_value == 0xff) |
2844 | 6 | i = taglist_size; |
2845 | 507 | j++; |
2846 | 507 | switch(type) { |
2847 | 20 | case KADEMLIA_TAGTYPE_HASH: |
2848 | 20 | j += 16; |
2849 | 20 | break; |
2850 | 5 | case KADEMLIA_TAGTYPE_STRING: |
2851 | 5 | { |
2852 | 5 | uint16_t string_length = tvb_get_letohs(tvb, offset+j); |
2853 | 5 | j += 2 + string_length; |
2854 | 5 | break; |
2855 | 0 | } |
2856 | 18 | case KADEMLIA_TAGTYPE_UINT8: |
2857 | 18 | j += 1; |
2858 | 18 | break; |
2859 | 3 | case KADEMLIA_TAGTYPE_UINT16: |
2860 | 3 | j += 2; |
2861 | 3 | break; |
2862 | 10 | case KADEMLIA_TAGTYPE_UINT32: |
2863 | 24 | case KADEMLIA_TAGTYPE_FLOAT32: |
2864 | 24 | j += 4; |
2865 | 24 | break; |
2866 | 5 | case KADEMLIA_TAGTYPE_UINT64: |
2867 | 5 | j += 8; |
2868 | 5 | break; |
2869 | 4 | case KADEMLIA_TAGTYPE_BSOB: |
2870 | 4 | { |
2871 | 4 | uint16_t bsob_length = tvb_get_uint8(tvb, offset); |
2872 | 4 | j += 1 + bsob_length; |
2873 | 4 | break; |
2874 | 10 | } |
2875 | 507 | } |
2876 | 493 | i++; |
2877 | 493 | } |
2878 | | |
2879 | 17 | switch (tagname_value) { |
2880 | 6 | case KADEMLIA_TAG_SOURCETYPE: |
2881 | 6 | { |
2882 | | /* Target */ |
2883 | 6 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id); |
2884 | | /* Results list */ |
2885 | 6 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_peer); |
2886 | 6 | } |
2887 | 6 | break; |
2888 | 11 | default: |
2889 | 11 | { |
2890 | | /* Target */ |
2891 | 11 | offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_keyword_hash); |
2892 | | /* Results list */ |
2893 | 11 | offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_file); |
2894 | 11 | } |
2895 | 17 | } |
2896 | 17 | } |
2897 | 106 | } |
2898 | | |
2899 | 38 | return offset; |
2900 | 106 | } |
2901 | | |
2902 | | static int dissect_kademlia_udp_compressed_message(uint8_t msg_type, |
2903 | | tvbuff_t *tvb, packet_info *pinfo, |
2904 | | int offset, int length, proto_tree *tree) |
2905 | 2 | { |
2906 | 2 | tvbuff_t *tvbraw = NULL; |
2907 | | |
2908 | | |
2909 | 2 | tvbraw = tvb_child_uncompress_zlib(tvb, tvb, offset, length); |
2910 | | |
2911 | 2 | if (tvbraw) { |
2912 | 0 | uint32_t raw_length; |
2913 | |
|
2914 | 0 | raw_length = tvb_captured_length( tvbraw ); |
2915 | 0 | add_new_data_source(pinfo, tvbraw, "Decompressed Data"); |
2916 | |
|
2917 | 0 | dissect_kademlia_udp_message( msg_type, tvbraw, pinfo, 0, raw_length, tree ); |
2918 | 0 | offset += length; |
2919 | 2 | } else { |
2920 | 2 | proto_tree_add_item(tree, hf_edonkey_broken_compressed_data, tvb, offset, length, ENC_NA); |
2921 | 2 | } |
2922 | 2 | return offset; |
2923 | 2 | } |
2924 | | |
2925 | | |
2926 | | static unsigned get_edonkey_tcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, |
2927 | | int offset, void *data _U_) |
2928 | 0 | { |
2929 | 0 | uint32_t msg_len; |
2930 | | |
2931 | | /* |
2932 | | * Get the length of the eDonkey packet. |
2933 | | */ |
2934 | 0 | msg_len = tvb_get_letohl(tvb, offset+1); |
2935 | | |
2936 | | /* |
2937 | | * That length doesn't include the header; add that in. |
2938 | | * XXX - what if it overflows? |
2939 | | */ |
2940 | 0 | return msg_len + EDONKEY_TCP_HEADER_LENGTH; |
2941 | 0 | } |
2942 | | |
2943 | | static int dissect_edonkey_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
2944 | 0 | { |
2945 | 0 | proto_item *ti; |
2946 | 0 | proto_tree *edonkey_tree, *edonkey_msg_tree = NULL, *emule_zlib_tree = NULL; |
2947 | 0 | int offset; |
2948 | 0 | uint8_t protocol, msg_type; |
2949 | 0 | uint32_t msg_len; |
2950 | 0 | const char *protocol_name, *message_name; |
2951 | 0 | void (*dissector)(uint8_t, tvbuff_t*, packet_info*, int, int, proto_tree*); |
2952 | 0 | tvbuff_t *tvbraw = NULL; |
2953 | |
|
2954 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "eDonkey"); |
2955 | |
|
2956 | 0 | ti = proto_tree_add_item(tree, proto_edonkey, tvb, 0, -1, ENC_NA); |
2957 | 0 | edonkey_tree = proto_item_add_subtree(ti, ett_edonkey); |
2958 | |
|
2959 | 0 | offset = 0; |
2960 | 0 | protocol = tvb_get_uint8(tvb, offset); |
2961 | 0 | msg_len = tvb_get_letohl(tvb, offset+1); |
2962 | |
|
2963 | 0 | protocol_name = val_to_str_const(protocol, edonkey_protocols, "Unknown"); |
2964 | |
|
2965 | 0 | col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "%s TCP", protocol_name); |
2966 | | |
2967 | | /* Add edonkey message tree */ |
2968 | 0 | if (edonkey_tree) { |
2969 | 0 | ti = proto_tree_add_item(edonkey_tree, hf_edonkey_message, tvb, |
2970 | 0 | offset, EDONKEY_TCP_HEADER_LENGTH + msg_len, ENC_NA); |
2971 | 0 | edonkey_msg_tree = proto_item_add_subtree(ti, ett_edonkey_message); |
2972 | |
|
2973 | 0 | proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_protocol, tvb, offset, 1, protocol); |
2974 | 0 | proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_message_length, tvb, offset+1, 4, msg_len); |
2975 | 0 | } |
2976 | | |
2977 | | |
2978 | | /* Skip past the EDONKEY Header */ |
2979 | 0 | offset += EDONKEY_TCP_HEADER_LENGTH; |
2980 | |
|
2981 | 0 | msg_type = tvb_get_uint8(tvb, offset); |
2982 | 0 | switch (protocol) { |
2983 | 0 | case EDONKEY_PROTO_EDONKEY: |
2984 | 0 | message_name = val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown"); |
2985 | 0 | dissector = dissect_edonkey_tcp_message; |
2986 | 0 | break; |
2987 | | |
2988 | 0 | case EDONKEY_PROTO_EMULE_EXT: |
2989 | 0 | message_name = val_to_str_const(msg_type, emule_tcp_msgs, |
2990 | 0 | val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown")); |
2991 | 0 | dissector = dissect_emule_tcp_message; |
2992 | 0 | break; |
2993 | | |
2994 | 0 | case EDONKEY_PROTO_EMULE_COMP: |
2995 | | /* |
2996 | | * These ought to be exactly the same as standard eDonkey (0xe5) messages, |
2997 | | * except that the payload (after the type byte) is a zlib compressed |
2998 | | * stream. |
2999 | | */ |
3000 | 0 | message_name = val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown"); |
3001 | 0 | tvbraw = tvb_child_uncompress_zlib(tvb, tvb, offset+1, msg_len-1); |
3002 | 0 | if (tvbraw) { |
3003 | 0 | dissector = dissect_edonkey_tcp_message; |
3004 | 0 | break; |
3005 | 0 | } |
3006 | | /* FALL THROUGH */ |
3007 | 0 | default: |
3008 | 0 | message_name = "Unknown"; |
3009 | 0 | dissector = NULL; |
3010 | 0 | break; |
3011 | 0 | } |
3012 | | |
3013 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ": %s", message_name); |
3014 | |
|
3015 | 0 | if (edonkey_msg_tree) { |
3016 | 0 | proto_tree_add_uint_format_value(edonkey_msg_tree, hf_edonkey_message_type, tvb, offset, 1, msg_type, |
3017 | 0 | "%s (0x%02x)", message_name, msg_type); |
3018 | 0 | if (dissector && (msg_len > 1)) { |
3019 | 0 | if (!tvbraw) { |
3020 | 0 | (*dissector)(msg_type, tvb, pinfo, offset+1, msg_len-1, edonkey_msg_tree); |
3021 | 0 | } else { |
3022 | 0 | ti = proto_tree_add_item(edonkey_msg_tree, hf_emule_zlib, tvb, |
3023 | 0 | offset+1, msg_len-1, ENC_NA); |
3024 | 0 | emule_zlib_tree = proto_item_add_subtree(ti, ett_emule_zlib); |
3025 | 0 | add_new_data_source(pinfo, tvbraw, "Decompressed Data"); |
3026 | 0 | (*dissector)(msg_type, tvbraw, pinfo, 0, tvb_captured_length(tvbraw), emule_zlib_tree); |
3027 | 0 | } |
3028 | 0 | } |
3029 | 0 | } |
3030 | |
|
3031 | 0 | return tvb_captured_length(tvb); |
3032 | 0 | } |
3033 | | |
3034 | | static int dissect_edonkey_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) |
3035 | 7 | { |
3036 | 7 | uint8_t protocol; |
3037 | | |
3038 | | /* An eDonkey TCP packet is at least 5 bytes long msg type + length */ |
3039 | 7 | if (!tvb_bytes_exist(tvb, 0, EDONKEY_TCP_HEADER_LENGTH)) |
3040 | 0 | return 0; |
3041 | | |
3042 | 7 | protocol = tvb_get_uint8(tvb, 0); |
3043 | 7 | if (try_val_to_str(protocol, edonkey_protocols) == NULL) |
3044 | 7 | return 0; /* Not a known protocol */ |
3045 | | |
3046 | 0 | col_clear(pinfo->cinfo, COL_INFO); |
3047 | |
|
3048 | 0 | tcp_dissect_pdus(tvb, pinfo, tree, edonkey_desegment, |
3049 | 0 | EDONKEY_TCP_HEADER_LENGTH, get_edonkey_tcp_pdu_len, |
3050 | 0 | dissect_edonkey_tcp_pdu, data); |
3051 | 0 | return tvb_reported_length(tvb); |
3052 | 7 | } |
3053 | | |
3054 | | static int dissect_edonkey_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) |
3055 | 194 | { |
3056 | 194 | proto_item *ti; |
3057 | 194 | proto_tree *edonkey_tree = NULL, *edonkey_msg_tree = NULL; |
3058 | 194 | int offset = 0; |
3059 | 194 | uint8_t protocol, msg_type; |
3060 | 194 | const char *protocol_name, *message_name; |
3061 | | |
3062 | | /* An eDonkey UDP packet is at least 2 bytes long */ |
3063 | 194 | if (!tvb_bytes_exist(tvb, 0, EDONKEY_UDP_HEADER_LENGTH)) |
3064 | 0 | return 0; |
3065 | | |
3066 | 194 | protocol = tvb_get_uint8(tvb, offset); |
3067 | 194 | if (try_val_to_str(protocol, edonkey_protocols) == NULL) |
3068 | 5 | return 0; /* Not a known protocol */ |
3069 | | |
3070 | 189 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "eDonkey"); |
3071 | | |
3072 | 189 | if (tree) { |
3073 | 189 | ti = proto_tree_add_item(tree, proto_edonkey, tvb, 0, -1, ENC_NA); |
3074 | 189 | edonkey_tree = proto_item_add_subtree(ti, ett_edonkey); |
3075 | 189 | } |
3076 | | |
3077 | 189 | offset = 0; |
3078 | | /* eDonkey UDP message - Assume that there is one message per packet */ |
3079 | 189 | msg_type = tvb_get_uint8(tvb, offset+1); |
3080 | 189 | protocol_name = val_to_str_const(protocol, edonkey_protocols, "Unknown"); |
3081 | | |
3082 | 189 | if (protocol == EDONKEY_PROTO_KADEMLIA || protocol == EDONKEY_PROTO_KADEMLIA_COMP |
3083 | 189 | || protocol == EDONKEY_PROTO_ADU_KADEMLIA || protocol == EDONKEY_PROTO_ADU_KADEMLIA_COMP) |
3084 | 108 | message_name = val_to_str_const( msg_type, kademlia_msgs, "Unknown"); |
3085 | 81 | else |
3086 | 81 | message_name = val_to_str_const(msg_type, edonkey_udp_msgs, "Unknown"); |
3087 | | |
3088 | 189 | col_add_fstr(pinfo->cinfo, COL_INFO, "%s UDP: %s", protocol_name, message_name); |
3089 | | |
3090 | 189 | if (edonkey_tree) { |
3091 | 189 | int remainingLength, extraBytes; |
3092 | | |
3093 | 189 | ti = proto_tree_add_item(edonkey_tree, hf_edonkey_message, tvb, offset, -1, ENC_NA); |
3094 | 189 | edonkey_msg_tree = proto_item_add_subtree(ti, ett_edonkey_message); |
3095 | | |
3096 | 189 | proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_protocol, tvb, offset, 1, protocol); |
3097 | 189 | proto_tree_add_uint_format_value(edonkey_msg_tree, hf_edonkey_message_type, tvb, offset+1, 1, msg_type, |
3098 | 189 | "%s (0x%02x)", message_name, msg_type); |
3099 | | |
3100 | 189 | offset += EDONKEY_UDP_HEADER_LENGTH; |
3101 | 189 | remainingLength = tvb_captured_length_remaining( tvb, offset ); |
3102 | | |
3103 | 189 | if (remainingLength > 0) { |
3104 | 189 | switch (protocol) { |
3105 | 79 | case EDONKEY_PROTO_EDONKEY: |
3106 | 79 | offset = dissect_edonkey_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree); |
3107 | 79 | break; |
3108 | | |
3109 | 1 | case EDONKEY_PROTO_EMULE_EXT: |
3110 | 1 | offset = dissect_emule_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree); |
3111 | 1 | break; |
3112 | | |
3113 | 48 | case EDONKEY_PROTO_ADU_KADEMLIA: |
3114 | 106 | case EDONKEY_PROTO_KADEMLIA: |
3115 | 106 | offset = dissect_kademlia_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree); |
3116 | 106 | break; |
3117 | | |
3118 | 1 | case EDONKEY_PROTO_ADU_KADEMLIA_COMP: |
3119 | 2 | case EDONKEY_PROTO_KADEMLIA_COMP: |
3120 | 2 | offset = dissect_kademlia_udp_compressed_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree); |
3121 | 2 | break; |
3122 | | |
3123 | 1 | default: |
3124 | 1 | break; |
3125 | 189 | } |
3126 | 189 | } |
3127 | | |
3128 | 47 | extraBytes = tvb_reported_length_remaining( tvb, offset ); |
3129 | | |
3130 | 47 | if ( extraBytes > 0 ) { |
3131 | | /* trailing garbage or broken packet */ |
3132 | 45 | proto_tree_add_uint_format(tree, hf_edonkey_unparsed_data_length, tvb, offset, extraBytes, extraBytes, |
3133 | 45 | "Trailing/Undecoded data: %d bytes", extraBytes ); |
3134 | 45 | } |
3135 | 47 | } |
3136 | | |
3137 | 47 | return tvb_reported_length(tvb); |
3138 | 189 | } |
3139 | | |
3140 | | static void |
3141 | | edonkey_fmt_revision(char *result, uint32_t revision ) |
3142 | 0 | { |
3143 | 0 | snprintf( result, ITEM_LABEL_LENGTH, "%u.%u", (uint16_t)(revision & 0xFFFF), (uint16_t)(( revision & 0xFFFF0000 ) >> 16) ); |
3144 | 0 | } |
3145 | | |
3146 | 14 | void proto_register_edonkey(void) { |
3147 | | |
3148 | 14 | static hf_register_info hf[] = { |
3149 | 14 | { &hf_edonkey_message, |
3150 | 14 | { "eDonkey Message", "edonkey.message", |
3151 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3152 | 14 | { &hf_edonkey_protocol, |
3153 | 14 | { "Protocol", "edonkey.protocol", |
3154 | 14 | FT_UINT8, BASE_HEX, VALS(edonkey_protocols), 0, "eDonkey Protocol", HFILL } }, |
3155 | 14 | { &hf_edonkey_message_length, |
3156 | 14 | { "Message Length", "edonkey.message.length", |
3157 | 14 | FT_UINT32, BASE_DEC, NULL, 0, "eDonkey Message Length", HFILL } }, |
3158 | 14 | { &hf_edonkey_message_type, |
3159 | 14 | { "Message Type", "edonkey.message.type", |
3160 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Message Type", HFILL } }, |
3161 | 14 | { &hf_edonkey_client_hash, |
3162 | 14 | { "Client Hash", "edonkey.client_hash", |
3163 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Client Hash", HFILL } }, |
3164 | 14 | { &hf_edonkey_server_hash, |
3165 | 14 | { "Server Hash", "edonkey.server_hash", |
3166 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Server Hash", HFILL } }, |
3167 | 14 | { &hf_edonkey_file_hash, |
3168 | 14 | { "File Hash", "edonkey.file_hash", |
3169 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eDonkey File Hash", HFILL } }, |
3170 | 14 | { &hf_edonkey_client_id, |
3171 | 14 | { "Client ID", "edonkey.clientid", |
3172 | 14 | FT_IPv4, BASE_NONE, NULL, 0, "eDonkey Client ID", HFILL } }, |
3173 | 14 | { &hf_edonkey_ip, |
3174 | 14 | { "IP", "edonkey.ip", |
3175 | 14 | FT_IPv4, BASE_NONE, NULL, 0, "eDonkey IP", HFILL } }, |
3176 | 14 | { &hf_edonkey_port, |
3177 | 14 | { "Port", "edonkey.port", |
3178 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Port", HFILL } }, |
3179 | 14 | { &hf_edonkey_metatag, |
3180 | 14 | { "eDonkey Meta Tag", "edonkey.metatag", |
3181 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3182 | 14 | { &hf_edonkey_metatag_type, |
3183 | 14 | { "Meta Tag Type", "edonkey.metatag.type", |
3184 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Meta Tag Type", HFILL } }, |
3185 | 14 | { &hf_edonkey_metatag_id, |
3186 | 14 | { "Meta Tag ID", "edonkey.metatag.id", |
3187 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Meta Tag ID", HFILL } }, |
3188 | 14 | { &hf_edonkey_metatag_name, |
3189 | 14 | { "Meta Tag Name", "edonkey.metatag.name", |
3190 | 14 | FT_STRING, BASE_NONE, NULL, 0, "eDonkey Meta Tag Name", HFILL } }, |
3191 | 14 | { &hf_edonkey_metatag_namesize, |
3192 | 14 | { "Meta Tag Name Size", "edonkey.metatag.namesize", |
3193 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Meta Tag Name Size", HFILL } }, |
3194 | 14 | { &hf_edonkey_hash, |
3195 | 14 | { "Hash", "edonkey.hash", |
3196 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Hash", HFILL } }, |
3197 | 14 | { &hf_edonkey_string, |
3198 | 14 | { "String", "edonkey.string", |
3199 | 14 | FT_STRING, BASE_NONE, NULL, 0, "eDonkey String", HFILL } }, |
3200 | 14 | { &hf_edonkey_string_length, |
3201 | 14 | { "String Length", "edonkey.string_length", |
3202 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eDonkey String Length", HFILL } }, |
3203 | 14 | { &hf_edonkey_part_count, |
3204 | 14 | { "Part Count", "edonkey.part_count", |
3205 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Part Count", HFILL } }, |
3206 | 14 | { &hf_edonkey_file_status, |
3207 | 14 | { "File Status", "edonkey.file_status", |
3208 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eDonkey File Status", HFILL } }, |
3209 | 14 | { &hf_edonkey_directory, |
3210 | 14 | { "Directory", "edonkey.directory", |
3211 | 14 | FT_STRING, BASE_NONE, NULL, 0, "eDonkey Directory", HFILL } }, |
3212 | 14 | { &hf_edonkey_fileinfo, |
3213 | 14 | { "eDonkey File Info", "edonkey.fileinfo", |
3214 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3215 | 14 | { &hf_edonkey_serverinfo, |
3216 | 14 | { "eDonkey Server Info", "edonkey.serverinfo", |
3217 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3218 | 14 | { &hf_edonkey_clientinfo, |
3219 | 14 | { "eDonkey Client Info", "edonkey.clientinfo", |
3220 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3221 | 14 | { &hf_emule_public_key, |
3222 | 14 | { "Public Key", "edonkey.emule.public_key", |
3223 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eMule Public Key", HFILL } }, |
3224 | 14 | { &hf_emule_signature, |
3225 | 14 | { "Signature", "edonkey.emule.signature", |
3226 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eMule Signature", HFILL } }, |
3227 | 14 | { &hf_emule_aich_partnum, |
3228 | 14 | { "Part Number", "edonkey.emule.aich_partnum", |
3229 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eMule AICH Part Number", HFILL } }, |
3230 | 14 | { &hf_emule_aich_root_hash, |
3231 | 14 | { "AICH Root Hash", "edonkey.emule.aich_root_hash", |
3232 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eMule AICH Root Hash", HFILL } }, |
3233 | 14 | { &hf_emule_aich_hash_entry, |
3234 | 14 | { "AICH Hash Entry", "edonkey.emule.aich_hash_entry", |
3235 | 14 | FT_NONE, BASE_NONE, NULL, 0, "eMule AICH Hash Entry", HFILL } }, |
3236 | 14 | { &hf_emule_aich_hash_id, |
3237 | 14 | { "AICH Hash ID", "edonkey.emule.aich_hash_id", |
3238 | 14 | FT_UINT16, BASE_HEX, NULL, 0, "eMule AICH Hash ID", HFILL } }, |
3239 | 14 | { &hf_emule_aich_hash, |
3240 | 14 | { "AICH Hash", "edonkey.emule.aich_hash", |
3241 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "eMule AICH Hash", HFILL } }, |
3242 | 14 | { &hf_emule_multipacket_entry, |
3243 | 14 | { "eMule MultiPacket Entry", "edonkey.emule.multipacket_entry", |
3244 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3245 | 14 | { &hf_emule_multipacket_opcode, |
3246 | 14 | { "MultiPacket Opcode", "edonkey.emule.multipacket_opcode", |
3247 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "eMule MultiPacket Opcode", HFILL } }, |
3248 | 14 | { &hf_emule_sourceOBFU, |
3249 | 14 | {"Source", "edonkey.source", |
3250 | 14 | FT_NONE, BASE_NONE, NULL, 0, "eDonkey File Source", HFILL } }, |
3251 | 14 | { &hf_emule_source_count, |
3252 | 14 | { "Completed Sources Count", "edonkey.emule.source_count", |
3253 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "eMule Completed Sources Count", HFILL } }, |
3254 | 14 | { &hf_emule_zlib, |
3255 | 14 | { "Compressed Data", "edonkey.emule.zlib", |
3256 | 14 | FT_NONE, BASE_NONE, NULL, 0, "eMule Compressed Data", HFILL } }, |
3257 | 14 | { &hf_overnet_peer, |
3258 | 14 | { "Overnet Peer", "edonkey.overnet.peer", |
3259 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3260 | 14 | { &hf_kademlia, |
3261 | 14 | { "Kademlia Packet", "edonkey.kademlia", |
3262 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Packet Type", HFILL } }, |
3263 | 14 | { &hf_kademlia_peertype, |
3264 | 14 | { "Peer Type", "edonkey.kademlia.peer.type", |
3265 | 14 | FT_UINT8, BASE_DEC_HEX, NULL, 0, "Kademlia Peer Type", HFILL } }, |
3266 | 14 | { &hf_kademlia_peer, |
3267 | 14 | { "Kademlia Peer", "edonkey.kademlia.peer", |
3268 | 14 | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3269 | 14 | { &hf_kademlia_peer_id, |
3270 | 14 | { "Peer ID", "edonkey.kademlia.peer.id", |
3271 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia Peer ID", HFILL } }, |
3272 | 14 | { &hf_kademlia_hash, |
3273 | 14 | { "Kademlia Hash", "edonkey.kademlia.hash", |
3274 | 14 | FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3275 | 14 | { &hf_kademlia_file_id, |
3276 | 14 | { "File ID", "edonkey.kademlia.file.id", |
3277 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia File ID", HFILL } }, |
3278 | 14 | { &hf_kademlia_keyword_hash, |
3279 | 14 | { "Keyword Hash", "edonkey.kademlia.keyword.hash", |
3280 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia Keyword Hash", HFILL } }, |
3281 | 14 | { &hf_kademlia_recipients_id, |
3282 | 14 | { "Recipient's ID", "edonkey.kademlia.recipients.id", |
3283 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia Recipient's ID", HFILL } }, |
3284 | 14 | { &hf_kademlia_sender_id, |
3285 | 14 | { "Sender ID", "edonkey.kademlia.sender.id", |
3286 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia Sender ID", HFILL } }, |
3287 | 14 | { &hf_kademlia_target_id, |
3288 | 14 | { "Target ID", "edonkey.kademlia.target.id", |
3289 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia Target ID", HFILL } }, |
3290 | 14 | { &hf_kademlia_distance, |
3291 | 14 | { "XOR Distance", "edonkey.kademlia.distance", |
3292 | 14 | FT_STRING, BASE_NONE, NULL, 0, "Kademlia XOR Distance", HFILL } }, |
3293 | 14 | { &hf_kademlia_version, |
3294 | 14 | { "Kad Version", "edonkey.kademlia.version", |
3295 | 14 | FT_UINT8, BASE_DEC_HEX, VALS(kademlia_versions), 0, NULL, HFILL } }, |
3296 | 14 | { &hf_kademlia_tag_float, |
3297 | 14 | { "Tag Value (Float)", "edonkey.kademlia.tag.value.float", |
3298 | 14 | FT_FLOAT, BASE_NONE, NULL, 0, "Float Tag Value", HFILL } }, |
3299 | 14 | { &hf_kademlia_tag_uint64, |
3300 | 14 | { "Tag Value (UINT64)", "edonkey.kademlia.tag.value.uint64", |
3301 | 14 | FT_UINT64, BASE_DEC_HEX, NULL, 0, "UINT64 Tag Value", HFILL } }, |
3302 | 14 | { &hf_kademlia_tag_uint32, |
3303 | 14 | { "Tag Value (UINT32)", "edonkey.kademlia.tag.value.uint32", |
3304 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0, "UINT32 Tag Value", HFILL } }, |
3305 | 14 | { &hf_kademlia_tag_ipv4, |
3306 | 14 | { "Tag Value (IPv4)", "edonkey.kademlia.tag.value.ipv4", |
3307 | 14 | FT_IPv4, BASE_NONE, NULL, 0, "UINT32 Tag Value (IPv4)", HFILL } }, |
3308 | 14 | { &hf_kademlia_tag_uint16, |
3309 | 14 | { "Tag Value (UINT16)", "edonkey.kademlia.tag.value.uint16", |
3310 | 14 | FT_UINT16, BASE_DEC_HEX, NULL, 0, "UINT16 Tag Value", HFILL } }, |
3311 | 14 | { &hf_kademlia_tag_uint8, |
3312 | 14 | { "Tag Value (UINT8)", "edonkey.kademlia.tag.value.uint8", |
3313 | 14 | FT_UINT8, BASE_DEC_HEX, NULL, 0, "UINT8 Tag Value", HFILL } }, |
3314 | 14 | { &hf_kademlia_tag_hash, |
3315 | 14 | { "Tag Value (HASH)", "edonkey.kademlia.tag.value.hash", |
3316 | 14 | FT_STRING, BASE_NONE, NULL, 0, "HASH Tag Value", HFILL } }, |
3317 | 14 | { &hf_kademlia_tag_string, |
3318 | 14 | { "Tag Value (String)", "edonkey.kademlia.tag.value.string", |
3319 | 14 | FT_STRING, BASE_NONE, NULL, 0, "String Tag Value", HFILL } }, |
3320 | 14 | { &hf_kademlia_tag_bsob, |
3321 | 14 | { "Tag Value (BSOB)", "edonkey.kademlia.tag.value.bsob", |
3322 | 14 | FT_BYTES, BASE_NONE, NULL, 0, "BSOB Tag Value", HFILL } }, |
3323 | 14 | { &hf_kademlia_udp_port, |
3324 | 14 | { "UDP Port", "edonkey.kademlia.udp_port", |
3325 | 14 | FT_UINT16, BASE_PT_UDP, NULL, 0, "Kademlia UDP Port", HFILL } }, |
3326 | 14 | { &hf_kademlia_ip, |
3327 | 14 | { "IP", "edonkey.kademlia.ip", |
3328 | 14 | FT_IPv4, BASE_NONE, NULL, 0, "eDonkey IP", HFILL } }, |
3329 | 14 | { &hf_kademlia_tcp_port, |
3330 | 14 | { "TCP Port", "edonkey.kademlia.tcp_port", |
3331 | 14 | FT_UINT16, BASE_PT_TCP, NULL, 0, "Kademlia TCP Port", HFILL } }, |
3332 | 14 | { &hf_edonkey_tcp_flags, |
3333 | 14 | { "TCP Flags", "edonkey.tcp_flags", |
3334 | 14 | FT_UINT32, BASE_HEX, NULL, 0, "eDonkey TCP Flags (ID Change)", HFILL } }, |
3335 | 14 | { &hf_edonkey_aux_port, |
3336 | 14 | { "Auxiliary Port", "edonkey.aux_port", |
3337 | 14 | FT_UINT32, BASE_DEC, NULL, 0, "eDonkey Auxiliary Port (Value) (ID Change)", HFILL } }, |
3338 | 14 | { &hf_edonkey_server_reported_ip, |
3339 | 14 | { "Server Reported IP", "edonkey.server_reported_ip", |
3340 | 14 | FT_IPv4, BASE_NONE, NULL, 0, "eDonkey Server Reported IP (ID Change)", HFILL } }, |
3341 | | #if 0 |
3342 | | { &hf_kademlia_unparsed_data_length, |
3343 | | { "Kademlia unparsed data length", "edonkey.kademlia.unparsed", |
3344 | | FT_UINT16, BASE_DEC, NULL, 0, "Kademlia trailing data length", HFILL } }, |
3345 | | #endif |
3346 | 14 | { &hf_kademlia_tag_name, |
3347 | 14 | { "Tag Name", "edonkey.kademlia.tag.name", |
3348 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Tag Name String", HFILL } }, |
3349 | 14 | { &hf_kademlia_tag_name_length, |
3350 | 14 | { "Tag Name Length", "edonkey.kademlia.tag.name.length", |
3351 | 14 | FT_UINT16, BASE_DEC, NULL, 0, "Kademlia Tag Name String Length", HFILL } }, |
3352 | 14 | { &hf_kademlia_tag_type, |
3353 | 14 | { "Tag Type", "edonkey.kademlia.tag.type", |
3354 | 14 | FT_UINT8, BASE_HEX, VALS(kademlia_tag_types), 0, "Kademlia Tag Type", HFILL } }, |
3355 | 14 | { &hf_kademlia_request_type, |
3356 | 14 | { "Request Type", "edonkey.kademlia.request.type", |
3357 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Request Type", HFILL } }, |
3358 | 14 | { &hf_kademlia_search_expression_type, |
3359 | 14 | { "SearchExp Type", "edonkey.kademlia.search_expression.type", |
3360 | 14 | FT_UINT8, BASE_HEX, VALS(edonkey_search_ext_type_vals), 0, NULL, HFILL } }, |
3361 | 14 | { &hf_kademlia_search_bool_op, |
3362 | 14 | { "Bool op", "edonkey.kademlia.search.bool_op", |
3363 | 14 | FT_UINT8, BASE_HEX, VALS(edonkey_search_ops), 0, NULL, HFILL } }, |
3364 | 14 | { &hf_kademlia_search_condition, |
3365 | 14 | { "Search Condition", "edonkey.kademlia.search.condition", |
3366 | 14 | FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Search Condition", HFILL } }, |
3367 | 14 | { &hf_kademlia_search_condition_argument_uint32, |
3368 | 14 | { "32bit Argument", "edonkey.kademlia.search.condition.argument.uint32", |
3369 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0, "Kademlia Search Condition Argument 32bit Value", HFILL } }, |
3370 | 14 | { &hf_kademlia_search_condition_argument_uint64, |
3371 | 14 | { "64bit Argument", "edonkey.kademlia.search.condition.argument.uint64", |
3372 | 14 | FT_UINT64, BASE_DEC_HEX, NULL, 0, "Kademlia Search Condition Argument 64bit Value", HFILL } }, |
3373 | 14 | { &hf_edonkey_unparsed_data_length, |
3374 | 14 | { "eDonkey unparsed data length", "edonkey.unparsed", |
3375 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0, "eDonkey trailing or unparsed data length", HFILL } }, |
3376 | 14 | { &hf_edonkey_hard_limit_files, |
3377 | 14 | { "Hard limit on number of files", "edonkey.hard_limit_files", |
3378 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3379 | 14 | { &hf_edonkey_soft_limit_files, |
3380 | 14 | { "Soft limit on number of files", "edonkey.soft_limit_files", |
3381 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3382 | 14 | { &hf_edonkey_number_of_lowid_users, |
3383 | 14 | { "Number of LowID Users", "edonkey.number_of_lowid_users", |
3384 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3385 | 14 | { &hf_edonkey_udp_flags, |
3386 | 14 | { "Server UDP Support Flags", "edonkey.udp_flags", |
3387 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }}, |
3388 | 14 | { &hf_edonkey_tcp_obfuscation_port, |
3389 | 14 | { "TCP Obfuscation Port", "edonkey.tcp_obfuscation_port", |
3390 | 14 | FT_UINT16, BASE_PT_TCP, NULL, 0x0, NULL, HFILL }}, |
3391 | 14 | { &hf_edonkey_udp_obfuscation_port, |
3392 | 14 | { "UDP Obfuscation Port", "edonkey.udp_obfuscation_port", |
3393 | 14 | FT_UINT16, BASE_PT_UDP, NULL, 0x0, NULL, HFILL }}, |
3394 | 14 | { &hf_edonkey_server_udp_key, |
3395 | 14 | { "Server UDP Key", "edonkey.server_udp_key", |
3396 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }}, |
3397 | | |
3398 | | /* Generated from convert_proto_tree_add_text.pl */ |
3399 | 14 | { &hf_edonkey_list_size, { "List Size", "edonkey.list_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3400 | 14 | { &hf_edonkey_meta_tag_value_revision, { "Meta Tag Value", "edonkey.meta_tag_value.revision", FT_UINT32, BASE_CUSTOM, CF_FUNC(edonkey_fmt_revision), 0x0, NULL, HFILL }}, |
3401 | 14 | { &hf_edonkey_meta_tag_value_uint, { "Meta Tag Value", "edonkey.meta_tag_value.uint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3402 | 14 | { &hf_edonkey_boolean_array_length, { "Boolean Array Length", "edonkey.boolean_array_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3403 | 14 | { &hf_edonkey_blob_length, { "BLOB Length", "edonkey.blob_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3404 | 14 | { &hf_edonkey_kademlia_string, { "String", "edonkey.kademlia_string", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
3405 | 14 | { &hf_emule_public_key_length, { "Public key length", "edonkey.emule.public_key_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3406 | 14 | { &hf_emule_signature_length, { "Signature length", "edonkey.emule.signature_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3407 | 14 | { &hf_edonkey_obfuscation_settings, { "Obfuscation Settings", "edonkey.obfuscation_settings", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3408 | 14 | { &hf_edonkey_start_offset, { "Start Offset", "edonkey.start_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3409 | 14 | { &hf_edonkey_start_offset_64, { "Start Offset", "edonkey.start_offset64", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3410 | 14 | { &hf_edonkey_end_offset, { "End Offset", "edonkey.end_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3411 | 14 | { &hf_edonkey_end_offset_64, { "End Offset", "edonkey.end_offset64", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3412 | 14 | { &hf_edonkey_emule_file_length, { "File Length", "edonkey.emule.file_length", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3413 | 14 | { &hf_edonkey_overnet_peer_type, { "Peer Type", "edonkey.overnet_peer_type", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3414 | 14 | { &hf_edonkey_more_search_file_results, { "More", "edonkey.more_search_file_results", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
3415 | 14 | { &hf_edonkey_file_size, { "File size", "edonkey.file_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3416 | 14 | { &hf_edonkey_large_file_size, { "Large file size", "edonkey.large_file_size", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3417 | 14 | { &hf_edonkey_number_of_users, { "Number of Users", "edonkey.number_of_users", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3418 | 14 | { &hf_edonkey_number_of_files, { "Number of Files", "edonkey.number_of_files", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3419 | 14 | { &hf_edonkey_message_data, { "Message Data", "edonkey.message_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
3420 | 14 | { &hf_edonkey_emule_version, { "Version", "edonkey.emule.version", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3421 | 14 | { &hf_edonkey_emule_queue_ranking, { "Queue Ranking", "edonkey.emule.queue_ranking", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3422 | 14 | { &hf_edonkey_emule_ident_state, { "State", "edonkey.emule.state", FT_UINT8, BASE_DEC|BASE_RANGE_STRING, RVALS(emule_ident_state_rvals), 0x0, NULL, HFILL }}, |
3423 | 14 | { &hf_edonkey_emule_rndchallenge, { "Rndchallenge", "edonkey.emule.rndchallenge", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3424 | 14 | { &hf_edonkey_emule_sig_ip_used, { "Sig IP Used", "edonkey.emule.sig_ip_used", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3425 | 14 | { &hf_edonkey_packed_length, { "Packed Length", "edonkey.emule.packed_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3426 | 14 | { &hf_edonkey_compressed_message_data, { "Compressed Message Data", "edonkey.emule.compressed_message_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
3427 | 14 | { &hf_edonkey_challenge, { "Challenge", "edonkey.challenge", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }}, |
3428 | 14 | { &hf_edonkey_max_number_of_users, { "Max number of Users", "edonkey.max_number_of_users", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3429 | 14 | { &hf_edonkey_search_type, { "Search Type", "edonkey.search_type", FT_UINT8, BASE_DEC, VALS(edonkey_search_type_vals), 0x0, NULL, HFILL }}, |
3430 | 14 | { &hf_edonkey_search_range_min, { "Search Range Min", "edonkey.search_range.min", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3431 | 14 | { &hf_edonkey_search_range_max, { "Search Range Max", "edonkey.search_range.max", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3432 | 14 | { &hf_edonkey_kademlia_uload, { "uLoad", "edonkey.kademlia_uload", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3433 | 14 | { &hf_edonkey_kademlia_start_position, { "Start position", "edonkey.kademlia_start_position", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3434 | 14 | { &hf_edonkey_kademlia_filesize, { "Filesize", "edonkey.kademlia_filesize", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3435 | 14 | { &hf_edonkey_kademlia_restrictive, { "Restrictive", "edonkey.kademlia_restrictive", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, |
3436 | 14 | { &hf_edonkey_broken_compressed_data, { "Broken Compressed data", "edonkey.broken_compressed_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
3437 | 14 | { &hf_edonkey_search_limit, { "Search Limit", "edonkey.search_limit", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3438 | 14 | { &hf_edonkey_search_limit_type, { "Limit Type", "edonkey.search_limit_type", FT_UINT8, BASE_DEC, VALS(edonkey_search_conds), 0x0, NULL, HFILL }}, |
3439 | 14 | { &hf_edonkey_search_ops, { "Search Operator", "edonkey.search_ops", FT_UINT8, BASE_HEX, VALS(edonkey_search_ops), 0x0, NULL, HFILL }}, |
3440 | 14 | { &hf_edonkey_user_hash_length, { "User hash length", "edonkey.user_hash_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
3441 | 14 | }; |
3442 | | |
3443 | 14 | static int *ett[] = { |
3444 | 14 | &ett_edonkey, |
3445 | 14 | &ett_edonkey_message, |
3446 | 14 | &ett_edonkey_metatag, |
3447 | 14 | &ett_edonkey_search, |
3448 | 14 | &ett_edonkey_fileinfo, |
3449 | 14 | &ett_edonkey_serverinfo, |
3450 | 14 | &ett_edonkey_clientinfo, |
3451 | 14 | &ett_emule_aichhash, |
3452 | 14 | &ett_emule_multipacket, |
3453 | 14 | &ett_emule_zlib, |
3454 | 14 | &ett_overnet_peer, |
3455 | 14 | &ett_emule_sourceOBFU, |
3456 | 14 | &ett_edonkey_listitem, |
3457 | 14 | &ett_kademlia_search_expression, |
3458 | 14 | &ett_kademlia_tag |
3459 | 14 | }; |
3460 | | |
3461 | 14 | static ei_register_info ei[] = { |
3462 | 14 | { &ei_kademlia_tag_type, { "edonkey.kademlia.tag.type.undecoded", PI_PROTOCOL, PI_WARN, "Tag value not decoded", EXPFILL }}, |
3463 | 14 | { &ei_kademlia_search_expression_type, { "edonkey.kademlia.search_expression.type.undecoded", PI_UNDECODED, PI_WARN, "NOT DECODED op", EXPFILL }}, |
3464 | 14 | }; |
3465 | | |
3466 | 14 | module_t *edonkey_module; |
3467 | 14 | expert_module_t* expert_edonkey; |
3468 | | |
3469 | 14 | proto_edonkey = proto_register_protocol("eDonkey Protocol", "EDONKEY", "edonkey"); |
3470 | | |
3471 | 14 | proto_register_field_array(proto_edonkey, hf, array_length(hf)); |
3472 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
3473 | 14 | expert_edonkey = expert_register_protocol(proto_edonkey); |
3474 | 14 | expert_register_field_array(expert_edonkey, ei, array_length(ei)); |
3475 | | |
3476 | 14 | edonkey_tcp_handle = register_dissector("edonkey.tcp", dissect_edonkey_tcp, proto_edonkey); |
3477 | 14 | edonkey_udp_handle = register_dissector("edonkey.udp", dissect_edonkey_udp, proto_edonkey); |
3478 | | |
3479 | 14 | edonkey_module = prefs_register_protocol(proto_edonkey, NULL); |
3480 | 14 | prefs_register_bool_preference(edonkey_module, "desegment", |
3481 | 14 | "Reassemble eDonkey messages spanning multiple TCP segments", |
3482 | 14 | "Whether the eDonkey dissector should reassemble messages spanning multiple TCP segments." |
3483 | 14 | " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", |
3484 | 14 | &edonkey_desegment); |
3485 | 14 | } |
3486 | | |
3487 | 14 | void proto_reg_handoff_edonkey(void) { |
3488 | | |
3489 | 14 | dissector_add_uint_range_with_preference("tcp.port", EDONKEY_TCP_PORT_RANGE, edonkey_tcp_handle); |
3490 | 14 | dissector_add_uint_range_with_preference("udp.port", EDONKEY_UDP_PORT_RANGE, edonkey_udp_handle); |
3491 | 14 | } |
3492 | | |
3493 | | /* |
3494 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
3495 | | * |
3496 | | * Local variables: |
3497 | | * c-basic-offset: 4 |
3498 | | * tab-width: 8 |
3499 | | * indent-tabs-mode: nil |
3500 | | * End: |
3501 | | * |
3502 | | * vi: set shiftwidth=4 tabstop=8 expandtab: |
3503 | | * :indentSize=4:tabSize=8:noTabs=true: |
3504 | | */ |