/src/wireshark/epan/dissectors/packet-yhoo.c

Source
/* packet-yhoo.c
 * Routines for yahoo messenger packet dissection
 * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * Copied from packet-tftp.c
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

/*
 * What happened to Yahoo Messenger?
 * Original service discontinued: The original Yahoo Messenger service was shut down in phases.
 *  The legacy version was discontinued in 2016, and the new version was shut down entirely in July 2018.
 * Alternative introduced: Yahoo directed users to its group messaging app, Squirrel, as an alternative at the time of the shutdown.
 * Yahoo! Squirrel was a group messaging app launched in 2018, intended to replace Yahoo! Messenger.
 *  It was an invite-only application for iOS and Android that focused on private group chats,
 *  but it was discontinued in April 2019.
 */

#include "config.h"

#include <epan/packet.h>

void proto_register_yhoo(void);
void proto_reg_handoff_yhoo(void);

static int proto_yhoo;
static int hf_yhoo_version;
static int hf_yhoo_len;
static int hf_yhoo_service;
static int hf_yhoo_connection_id;
static int hf_yhoo_magic_id;
static int hf_yhoo_unknown1;
static int hf_yhoo_msgtype;
static int hf_yhoo_nick1;
static int hf_yhoo_nick2;
static int hf_yhoo_content;

static int ett_yhoo;

#define TCP_PORT_YHOO 5050

/* This is from yahoolib.h from gtkyahoo */

/* Service constants */
#define YAHOO_SERVICE_LOGON                   1
#define YAHOO_SERVICE_LOGOFF                  2
#define YAHOO_SERVICE_ISAWAY                  3
#define YAHOO_SERVICE_ISBACK                  4
#define YAHOO_SERVICE_IDLE                    5
#define YAHOO_SERVICE_MESSAGE                 6
#define YAHOO_SERVICE_IDACT                   7
#define YAHOO_SERVICE_IDDEACT                 8
#define YAHOO_SERVICE_MAILSTAT                9
#define YAHOO_SERVICE_USERSTAT               10
#define YAHOO_SERVICE_NEWMAIL                11
#define YAHOO_SERVICE_CHATINVITE             12
#define YAHOO_SERVICE_CALENDAR               13
#define YAHOO_SERVICE_NEWPERSONALMAIL        14
#define YAHOO_SERVICE_NEWCONTACT             15
#define YAHOO_SERVICE_ADDIDENT               16
#define YAHOO_SERVICE_ADDIGNORE              17
#define YAHOO_SERVICE_PING                   18
#define YAHOO_SERVICE_GROUPRENAME            19
#define YAHOO_SERVICE_SYSMESSAGE             20
#define YAHOO_SERVICE_PASSTHROUGH2           22
#define YAHOO_SERVICE_CONFINVITE             24
#define YAHOO_SERVICE_CONFLOGON              25
#define YAHOO_SERVICE_CONFDECLINE            26
#define YAHOO_SERVICE_CONFLOGOFF             27
#define YAHOO_SERVICE_CONFADDINVITE          28
#define YAHOO_SERVICE_CONFMSG                29
#define YAHOO_SERVICE_CHATLOGON              30
#define YAHOO_SERVICE_CHATLOGOFF             31
#define YAHOO_SERVICE_CHATMSG                32
#define YAHOO_SERVICE_FILETRANSFER           70
#define YAHOO_SERVICE_CHATADDINVITE         157
#define YAHOO_SERVICE_AVATAR                188
#define YAHOO_SERVICE_PICTURE_CHECKSUM      189
#define YAHOO_SERVICE_PICTURE               190
#define YAHOO_SERVICE_PICTURE_UPDATE        193
#define YAHOO_SERVICE_PICTURE_UPLOAD        194
#define YAHOO_SERVICE_YAHOO6_STATUS_UPDATE  198
#define YAHOO_SERVICE_AVATAR_UPDATE         199
#define YAHOO_SERVICE_AUDIBLE               208
#define YAHOO_SERVICE_WEBLOGIN              550
#define YAHOO_SERVICE_SMS_MSG               746


/* Message flags */
#define YAHOO_MSGTYPE_NONE  0
#define YAHOO_MSGTYPE_NORMAL  1
#define YAHOO_MSGTYPE_BOUNCE  2
#define YAHOO_MSGTYPE_STATUS  4
#define YAHOO_MSGTYPE_OFFLINE 1515563606  /* yuck! */

#define YAHOO_RAWPACKET_LEN 105

#if 0
struct yahoo_rawpacket
{
  char          version[8];       /* 7 chars and trailing null */
  unsigned char len[4];           /* length - little endian */
  unsigned char service[4];       /* service - little endian */
  unsigned char connection_id[4]; /* connection number - little endian */
  unsigned char magic_id[4];      /* magic number used for http session */
  unsigned char unknown1[4];
  unsigned char msgtype[4];
  char          nick1[36];
  char          nick2[36];
  char          content[1];       /* was zero, had problems with aix xlc */
};
#endif

static const value_string yhoo_service_vals[] = {
  {YAHOO_SERVICE_LOGON,                "Pager Logon"},
  {YAHOO_SERVICE_LOGOFF,               "Pager Logoff"},
  {YAHOO_SERVICE_ISAWAY,               "Is Away"},
  {YAHOO_SERVICE_ISBACK,               "Is Back"},
  {YAHOO_SERVICE_IDLE,                 "Idle"},
  {YAHOO_SERVICE_MESSAGE,              "Message"},
  {YAHOO_SERVICE_IDACT,                "Activate Identity"},
  {YAHOO_SERVICE_IDDEACT,              "Deactivate Identity"},
  {YAHOO_SERVICE_MAILSTAT,             "Mail Status"},
  {YAHOO_SERVICE_USERSTAT,             "User Status"},
  {YAHOO_SERVICE_NEWMAIL,              "New Mail"},
  {YAHOO_SERVICE_CHATINVITE,           "Chat Invitation"},
  {YAHOO_SERVICE_CALENDAR,             "Calendar Reminder"},
  {YAHOO_SERVICE_NEWPERSONALMAIL,      "New Personals Mail"},
  {YAHOO_SERVICE_NEWCONTACT,           "New Friend"},
  {YAHOO_SERVICE_GROUPRENAME,          "Group Renamed"},
  {YAHOO_SERVICE_ADDIDENT,             "Add Identity"},
  {YAHOO_SERVICE_ADDIGNORE,            "Add Ignore"},
  {YAHOO_SERVICE_PING,                 "Ping"},
  {YAHOO_SERVICE_SYSMESSAGE,           "System Message"},
  {YAHOO_SERVICE_CONFINVITE,           "Conference Invitation"},
  {YAHOO_SERVICE_CONFLOGON,            "Conference Logon"},
  {YAHOO_SERVICE_CONFDECLINE,          "Conference Decline"},
  {YAHOO_SERVICE_CONFLOGOFF,           "Conference Logoff"},
  {YAHOO_SERVICE_CONFMSG,              "Conference Message"},
  {YAHOO_SERVICE_CONFADDINVITE,        "Conference Additional Invitation"},
  {YAHOO_SERVICE_CHATLOGON,            "Chat Logon"},
  {YAHOO_SERVICE_CHATLOGOFF,           "Chat Logoff"},
  {YAHOO_SERVICE_CHATMSG,              "Chat Message"},
  {YAHOO_SERVICE_FILETRANSFER,         "File Transfer"},
  {YAHOO_SERVICE_PASSTHROUGH2,         "Passthrough 2"},
  {YAHOO_SERVICE_CHATADDINVITE,        "Chat add Invite"},
  {YAHOO_SERVICE_AVATAR,               "Avatar"},
  {YAHOO_SERVICE_PICTURE_CHECKSUM,     "Picture Checksum"},
  {YAHOO_SERVICE_PICTURE,              "Picture"},
  {YAHOO_SERVICE_PICTURE_UPDATE,       "Picture Update"},
  {YAHOO_SERVICE_PICTURE_UPLOAD,       "Picture Upload"},
  {YAHOO_SERVICE_YAHOO6_STATUS_UPDATE, "Status update"},
  {YAHOO_SERVICE_AUDIBLE,              "Audible"},
  {YAHOO_SERVICE_WEBLOGIN,             "Weblogin"},
  {YAHOO_SERVICE_SMS_MSG,              "SMS Message"},
  {0, NULL}
};

static const value_string yhoo_msgtype_vals[] = {
  {YAHOO_MSGTYPE_NONE,                 "None"},
  {YAHOO_MSGTYPE_NORMAL,               "Normal"},
  {YAHOO_MSGTYPE_BOUNCE,               "Bounce"},
  {YAHOO_MSGTYPE_STATUS,               "Status Update"},
  {YAHOO_MSGTYPE_OFFLINE,              "Request Offline"},
  {0, NULL}
};

static bool
dissect_yhoo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
  proto_tree      *yhoo_tree, *ti;
  int    offset = 0;

  if (pinfo->srcport != TCP_PORT_YHOO && pinfo->destport != TCP_PORT_YHOO) {
    /* Not the Yahoo port - not a Yahoo Messenger packet. */
    return false;
  }

  /* get at least a full packet structure */
  if ( tvb_captured_length(tvb) < YAHOO_RAWPACKET_LEN ) {
    /* Not enough data captured; maybe it is a Yahoo
       Messenger packet, but it contains too little data to
       tell. */
    return false;
  }

  if (tvb_memeql(tvb, offset, (const uint8_t*)"YPNS", 4) != 0 &&
      tvb_memeql(tvb, offset, (const uint8_t*)"YHOO", 4) != 0) {
    /* Not a Yahoo Messenger packet. */
    return false;
  }

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "YHOO");

  col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s",
           ( tvb_memeql(tvb, offset + 0, (const uint8_t*)"YPNS", 4) == 0 ) ? "Request" : "Response",
           val_to_str(pinfo->pool, tvb_get_letohl(tvb, offset + 12),
          yhoo_service_vals, "Unknown Service: %u"));

  if (tree) {
    ti = proto_tree_add_item(tree, proto_yhoo, tvb,
      offset, -1, ENC_NA);
    yhoo_tree = proto_item_add_subtree(ti, ett_yhoo);

    proto_tree_add_item(yhoo_tree, hf_yhoo_version, tvb,
      offset, 8, ENC_ASCII);
    offset += 8;

    proto_tree_add_item(yhoo_tree, hf_yhoo_len, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_service, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_connection_id, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_magic_id, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_unknown1, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_msgtype, tvb,
      offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(yhoo_tree, hf_yhoo_nick1, tvb,
      offset, 36, ENC_ASCII);
    offset += 36;

    proto_tree_add_item(yhoo_tree, hf_yhoo_nick2, tvb,
      offset, 36, ENC_ASCII);
    offset += 36;

    proto_tree_add_item(yhoo_tree, hf_yhoo_content, tvb, -1,
      offset, ENC_ASCII);
  }

  return true;
}

void
proto_register_yhoo(void)
{
  static hf_register_info hf[] = {
    { &hf_yhoo_service, {
        "Service Type", "yhoo.service", FT_UINT32, BASE_DEC,
        VALS(yhoo_service_vals), 0, NULL, HFILL }},
    { &hf_yhoo_msgtype, {
        "Message Type", "yhoo.msgtype", FT_UINT32, BASE_DEC,
        VALS(yhoo_msgtype_vals), 0, "Message Type Flags", HFILL }},
    { &hf_yhoo_connection_id, {
        "Connection ID", "yhoo.connection_id", FT_UINT32, BASE_HEX,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_magic_id, {
        "Magic ID", "yhoo.magic_id", FT_UINT32, BASE_HEX,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_unknown1, {
        "Unknown 1", "yhoo.unknown1", FT_UINT32, BASE_HEX,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_len, {
        "Packet Length", "yhoo.len", FT_UINT32, BASE_DEC,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_nick1, {
        "Real Nick (nick1)", "yhoo.nick1", FT_STRING, BASE_NONE,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_nick2, {
        "Active Nick (nick2)", "yhoo.nick2", FT_STRING, BASE_NONE,
        NULL, 0, NULL, HFILL }},
    { &hf_yhoo_content, {
        "Content", "yhoo.content", FT_STRING, BASE_NONE,
        NULL, 0, "Data portion of the packet", HFILL }},
    { &hf_yhoo_version, {
        "Version", "yhoo.version", FT_STRING, BASE_NONE,
        NULL, 0, "Packet version identifier", HFILL }},
  };
  static int *ett[] = {
    &ett_yhoo,
  };

  proto_yhoo = proto_register_protocol("Yahoo Messenger Protocol",
      "YHOO", "yhoo");

  proto_register_field_array(proto_yhoo, hf, array_length(hf));

  proto_register_subtree_array(ett, array_length(ett));

  proto_disable_by_default(proto_yhoo);
}

void
proto_reg_handoff_yhoo(void)
{
  /*
   * DO NOT register for port 5050, as that's used by the
   * old and new Yahoo messenger protocols.
   *
   * Just register as a heuristic TCP dissector, and reject stuff
   * not to or from that port.
   */
  heur_dissector_add("tcp", dissect_yhoo, "Yahoo Messenger over TCP", "yhoo_tcp", proto_yhoo, HEURISTIC_DISABLE);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 8
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */

Coverage Report

Created: 2025-12-27 06:52

Line	Count	Source
1		/* packet-yhoo.c
2		* Routines for yahoo messenger packet dissection
3		* Copyright 1999, Nathan Neulinger <nneul@umr.edu>
4		*
5		* Wireshark - Network traffic analyzer
6		* By Gerald Combs <gerald@wireshark.org>
7		* Copyright 1998 Gerald Combs
8		*
9		* Copied from packet-tftp.c
10		*
11		* SPDX-License-Identifier: GPL-2.0-or-later
12		*/
13
14		/*
15		* What happened to Yahoo Messenger?
16		* Original service discontinued: The original Yahoo Messenger service was shut down in phases.
17		* The legacy version was discontinued in 2016, and the new version was shut down entirely in July 2018.
18		* Alternative introduced: Yahoo directed users to its group messaging app, Squirrel, as an alternative at the time of the shutdown.
19		* Yahoo! Squirrel was a group messaging app launched in 2018, intended to replace Yahoo! Messenger.
20		* It was an invite-only application for iOS and Android that focused on private group chats,
21		* but it was discontinued in April 2019.
22		*/
23
24		#include "config.h"
25
26		#include <epan/packet.h>
27
28		void proto_register_yhoo(void);
29		void proto_reg_handoff_yhoo(void);
30
31		static int proto_yhoo;
32		static int hf_yhoo_version;
33		static int hf_yhoo_len;
34		static int hf_yhoo_service;
35		static int hf_yhoo_connection_id;
36		static int hf_yhoo_magic_id;
37		static int hf_yhoo_unknown1;
38		static int hf_yhoo_msgtype;
39		static int hf_yhoo_nick1;
40		static int hf_yhoo_nick2;
41		static int hf_yhoo_content;
42
43		static int ett_yhoo;
44
45	0	#define TCP_PORT_YHOO 5050
46
47		/* This is from yahoolib.h from gtkyahoo */
48
49		/* Service constants */
50		#define YAHOO_SERVICE_LOGON 1
51		#define YAHOO_SERVICE_LOGOFF 2
52		#define YAHOO_SERVICE_ISAWAY 3
53		#define YAHOO_SERVICE_ISBACK 4
54		#define YAHOO_SERVICE_IDLE 5
55		#define YAHOO_SERVICE_MESSAGE 6
56		#define YAHOO_SERVICE_IDACT 7
57		#define YAHOO_SERVICE_IDDEACT 8
58		#define YAHOO_SERVICE_MAILSTAT 9
59		#define YAHOO_SERVICE_USERSTAT 10
60		#define YAHOO_SERVICE_NEWMAIL 11
61		#define YAHOO_SERVICE_CHATINVITE 12
62		#define YAHOO_SERVICE_CALENDAR 13
63		#define YAHOO_SERVICE_NEWPERSONALMAIL 14
64		#define YAHOO_SERVICE_NEWCONTACT 15
65		#define YAHOO_SERVICE_ADDIDENT 16
66		#define YAHOO_SERVICE_ADDIGNORE 17
67		#define YAHOO_SERVICE_PING 18
68		#define YAHOO_SERVICE_GROUPRENAME 19
69		#define YAHOO_SERVICE_SYSMESSAGE 20
70		#define YAHOO_SERVICE_PASSTHROUGH2 22
71		#define YAHOO_SERVICE_CONFINVITE 24
72		#define YAHOO_SERVICE_CONFLOGON 25
73		#define YAHOO_SERVICE_CONFDECLINE 26
74		#define YAHOO_SERVICE_CONFLOGOFF 27
75		#define YAHOO_SERVICE_CONFADDINVITE 28
76		#define YAHOO_SERVICE_CONFMSG 29
77		#define YAHOO_SERVICE_CHATLOGON 30
78		#define YAHOO_SERVICE_CHATLOGOFF 31
79		#define YAHOO_SERVICE_CHATMSG 32
80		#define YAHOO_SERVICE_FILETRANSFER 70
81		#define YAHOO_SERVICE_CHATADDINVITE 157
82		#define YAHOO_SERVICE_AVATAR 188
83		#define YAHOO_SERVICE_PICTURE_CHECKSUM 189
84		#define YAHOO_SERVICE_PICTURE 190
85		#define YAHOO_SERVICE_PICTURE_UPDATE 193
86		#define YAHOO_SERVICE_PICTURE_UPLOAD 194
87		#define YAHOO_SERVICE_YAHOO6_STATUS_UPDATE 198
88		#define YAHOO_SERVICE_AVATAR_UPDATE 199
89		#define YAHOO_SERVICE_AUDIBLE 208
90		#define YAHOO_SERVICE_WEBLOGIN 550
91		#define YAHOO_SERVICE_SMS_MSG 746
92
93
94		/* Message flags */
95		#define YAHOO_MSGTYPE_NONE 0
96		#define YAHOO_MSGTYPE_NORMAL 1
97		#define YAHOO_MSGTYPE_BOUNCE 2
98		#define YAHOO_MSGTYPE_STATUS 4
99		#define YAHOO_MSGTYPE_OFFLINE 1515563606 /* yuck! */
100
101	0	#define YAHOO_RAWPACKET_LEN 105
102
103		#if 0
104		struct yahoo_rawpacket
105		{
106		char version[8]; /* 7 chars and trailing null */
107		unsigned char len[4]; /* length - little endian */
108		unsigned char service[4]; /* service - little endian */
109		unsigned char connection_id[4]; /* connection number - little endian */
110		unsigned char magic_id[4]; /* magic number used for http session */
111		unsigned char unknown1[4];
112		unsigned char msgtype[4];
113		char nick1[36];
114		char nick2[36];
115		char content[1]; /* was zero, had problems with aix xlc */
116		};
117		#endif
118
119		static const value_string yhoo_service_vals[] = {
120		{YAHOO_SERVICE_LOGON, "Pager Logon"},
121		{YAHOO_SERVICE_LOGOFF, "Pager Logoff"},
122		{YAHOO_SERVICE_ISAWAY, "Is Away"},
123		{YAHOO_SERVICE_ISBACK, "Is Back"},
124		{YAHOO_SERVICE_IDLE, "Idle"},
125		{YAHOO_SERVICE_MESSAGE, "Message"},
126		{YAHOO_SERVICE_IDACT, "Activate Identity"},
127		{YAHOO_SERVICE_IDDEACT, "Deactivate Identity"},
128		{YAHOO_SERVICE_MAILSTAT, "Mail Status"},
129		{YAHOO_SERVICE_USERSTAT, "User Status"},
130		{YAHOO_SERVICE_NEWMAIL, "New Mail"},
131		{YAHOO_SERVICE_CHATINVITE, "Chat Invitation"},
132		{YAHOO_SERVICE_CALENDAR, "Calendar Reminder"},
133		{YAHOO_SERVICE_NEWPERSONALMAIL, "New Personals Mail"},
134		{YAHOO_SERVICE_NEWCONTACT, "New Friend"},
135		{YAHOO_SERVICE_GROUPRENAME, "Group Renamed"},
136		{YAHOO_SERVICE_ADDIDENT, "Add Identity"},
137		{YAHOO_SERVICE_ADDIGNORE, "Add Ignore"},
138		{YAHOO_SERVICE_PING, "Ping"},
139		{YAHOO_SERVICE_SYSMESSAGE, "System Message"},
140		{YAHOO_SERVICE_CONFINVITE, "Conference Invitation"},
141		{YAHOO_SERVICE_CONFLOGON, "Conference Logon"},
142		{YAHOO_SERVICE_CONFDECLINE, "Conference Decline"},
143		{YAHOO_SERVICE_CONFLOGOFF, "Conference Logoff"},
144		{YAHOO_SERVICE_CONFMSG, "Conference Message"},
145		{YAHOO_SERVICE_CONFADDINVITE, "Conference Additional Invitation"},
146		{YAHOO_SERVICE_CHATLOGON, "Chat Logon"},
147		{YAHOO_SERVICE_CHATLOGOFF, "Chat Logoff"},
148		{YAHOO_SERVICE_CHATMSG, "Chat Message"},
149		{YAHOO_SERVICE_FILETRANSFER, "File Transfer"},
150		{YAHOO_SERVICE_PASSTHROUGH2, "Passthrough 2"},
151		{YAHOO_SERVICE_CHATADDINVITE, "Chat add Invite"},
152		{YAHOO_SERVICE_AVATAR, "Avatar"},
153		{YAHOO_SERVICE_PICTURE_CHECKSUM, "Picture Checksum"},
154		{YAHOO_SERVICE_PICTURE, "Picture"},
155		{YAHOO_SERVICE_PICTURE_UPDATE, "Picture Update"},
156		{YAHOO_SERVICE_PICTURE_UPLOAD, "Picture Upload"},
157		{YAHOO_SERVICE_YAHOO6_STATUS_UPDATE, "Status update"},
158		{YAHOO_SERVICE_AUDIBLE, "Audible"},
159		{YAHOO_SERVICE_WEBLOGIN, "Weblogin"},
160		{YAHOO_SERVICE_SMS_MSG, "SMS Message"},
161		{0, NULL}
162		};
163
164		static const value_string yhoo_msgtype_vals[] = {
165		{YAHOO_MSGTYPE_NONE, "None"},
166		{YAHOO_MSGTYPE_NORMAL, "Normal"},
167		{YAHOO_MSGTYPE_BOUNCE, "Bounce"},
168		{YAHOO_MSGTYPE_STATUS, "Status Update"},
169		{YAHOO_MSGTYPE_OFFLINE, "Request Offline"},
170		{0, NULL}
171		};
172
173		static bool
174		dissect_yhoo(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
175	0	{
176	0	proto_tree yhoo_tree, ti;
177	0	int offset = 0;
178
179	0	if (pinfo->srcport != TCP_PORT_YHOO && pinfo->destport != TCP_PORT_YHOO) {
180		/* Not the Yahoo port - not a Yahoo Messenger packet. */
181	0	return false;
182	0	}
183
184		/* get at least a full packet structure */
185	0	if ( tvb_captured_length(tvb) < YAHOO_RAWPACKET_LEN ) {
186		/* Not enough data captured; maybe it is a Yahoo
187		Messenger packet, but it contains too little data to
188		tell. */
189	0	return false;
190	0	}
191
192	0	if (tvb_memeql(tvb, offset, (const uint8_t*)"YPNS", 4) != 0 &&
193	0	tvb_memeql(tvb, offset, (const uint8_t*)"YHOO", 4) != 0) {
194		/* Not a Yahoo Messenger packet. */
195	0	return false;
196	0	}
197
198	0	col_set_str(pinfo->cinfo, COL_PROTOCOL, "YHOO");
199
200	0	col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s",
201	0	( tvb_memeql(tvb, offset + 0, (const uint8_t*)"YPNS", 4) == 0 ) ? "Request" : "Response",
202	0	val_to_str(pinfo->pool, tvb_get_letohl(tvb, offset + 12),
203	0	yhoo_service_vals, "Unknown Service: %u"));
204
205	0	if (tree) {
206	0	ti = proto_tree_add_item(tree, proto_yhoo, tvb,
207	0	offset, -1, ENC_NA);
208	0	yhoo_tree = proto_item_add_subtree(ti, ett_yhoo);
209
210	0	proto_tree_add_item(yhoo_tree, hf_yhoo_version, tvb,
211	0	offset, 8, ENC_ASCII);
212	0	offset += 8;
213
214	0	proto_tree_add_item(yhoo_tree, hf_yhoo_len, tvb,
215	0	offset, 4, ENC_LITTLE_ENDIAN);
216	0	offset += 4;
217
218	0	proto_tree_add_item(yhoo_tree, hf_yhoo_service, tvb,
219	0	offset, 4, ENC_LITTLE_ENDIAN);
220	0	offset += 4;
221
222	0	proto_tree_add_item(yhoo_tree, hf_yhoo_connection_id, tvb,
223	0	offset, 4, ENC_LITTLE_ENDIAN);
224	0	offset += 4;
225
226	0	proto_tree_add_item(yhoo_tree, hf_yhoo_magic_id, tvb,
227	0	offset, 4, ENC_LITTLE_ENDIAN);
228	0	offset += 4;
229
230	0	proto_tree_add_item(yhoo_tree, hf_yhoo_unknown1, tvb,
231	0	offset, 4, ENC_LITTLE_ENDIAN);
232	0	offset += 4;
233
234	0	proto_tree_add_item(yhoo_tree, hf_yhoo_msgtype, tvb,
235	0	offset, 4, ENC_LITTLE_ENDIAN);
236	0	offset += 4;
237
238	0	proto_tree_add_item(yhoo_tree, hf_yhoo_nick1, tvb,
239	0	offset, 36, ENC_ASCII);
240	0	offset += 36;
241
242	0	proto_tree_add_item(yhoo_tree, hf_yhoo_nick2, tvb,
243	0	offset, 36, ENC_ASCII);
244	0	offset += 36;
245
246	0	proto_tree_add_item(yhoo_tree, hf_yhoo_content, tvb, -1,
247	0	offset, ENC_ASCII);
248	0	}
249
250	0	return true;
251	0	}
252
253		void
254		proto_register_yhoo(void)
255	14	{
256	14	static hf_register_info hf[] = {
257	14	{ &hf_yhoo_service, {
258	14	"Service Type", "yhoo.service", FT_UINT32, BASE_DEC,
259	14	VALS(yhoo_service_vals), 0, NULL, HFILL }},
260	14	{ &hf_yhoo_msgtype, {
261	14	"Message Type", "yhoo.msgtype", FT_UINT32, BASE_DEC,
262	14	VALS(yhoo_msgtype_vals), 0, "Message Type Flags", HFILL }},
263	14	{ &hf_yhoo_connection_id, {
264	14	"Connection ID", "yhoo.connection_id", FT_UINT32, BASE_HEX,
265	14	NULL, 0, NULL, HFILL }},
266	14	{ &hf_yhoo_magic_id, {
267	14	"Magic ID", "yhoo.magic_id", FT_UINT32, BASE_HEX,
268	14	NULL, 0, NULL, HFILL }},
269	14	{ &hf_yhoo_unknown1, {
270	14	"Unknown 1", "yhoo.unknown1", FT_UINT32, BASE_HEX,
271	14	NULL, 0, NULL, HFILL }},
272	14	{ &hf_yhoo_len, {
273	14	"Packet Length", "yhoo.len", FT_UINT32, BASE_DEC,
274	14	NULL, 0, NULL, HFILL }},
275	14	{ &hf_yhoo_nick1, {
276	14	"Real Nick (nick1)", "yhoo.nick1", FT_STRING, BASE_NONE,
277	14	NULL, 0, NULL, HFILL }},
278	14	{ &hf_yhoo_nick2, {
279	14	"Active Nick (nick2)", "yhoo.nick2", FT_STRING, BASE_NONE,
280	14	NULL, 0, NULL, HFILL }},
281	14	{ &hf_yhoo_content, {
282	14	"Content", "yhoo.content", FT_STRING, BASE_NONE,
283	14	NULL, 0, "Data portion of the packet", HFILL }},
284	14	{ &hf_yhoo_version, {
285	14	"Version", "yhoo.version", FT_STRING, BASE_NONE,
286	14	NULL, 0, "Packet version identifier", HFILL }},
287	14	};
288	14	static int *ett[] = {
289	14	&ett_yhoo,
290	14	};
291
292	14	proto_yhoo = proto_register_protocol("Yahoo Messenger Protocol",
293	14	"YHOO", "yhoo");
294
295	14	proto_register_field_array(proto_yhoo, hf, array_length(hf));
296
297	14	proto_register_subtree_array(ett, array_length(ett));
298
299	14	proto_disable_by_default(proto_yhoo);
300	14	}
301
302		void
303		proto_reg_handoff_yhoo(void)
304	14	{
305		/*
306		* DO NOT register for port 5050, as that's used by the
307		* old and new Yahoo messenger protocols.
308		*
309		* Just register as a heuristic TCP dissector, and reject stuff
310		* not to or from that port.
311		*/
312	14	heur_dissector_add("tcp", dissect_yhoo, "Yahoo Messenger over TCP", "yhoo_tcp", proto_yhoo, HEURISTIC_DISABLE);
313	14	}
314
315		/*
316		* Editor modelines - https://www.wireshark.org/tools/modelines.html
317		*
318		* Local variables:
319		* c-basic-offset: 8
320		* tab-width: 8
321		* indent-tabs-mode: t
322		* End:
323		*
324		* vi: set shiftwidth=8 tabstop=8 noexpandtab:
325		* :indentSize=8:tabSize=8:noTabs=false:
326		*/