Coverage Report

Created: 2026-06-30 07:22

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/wireshark/epan/dissectors/packet-pgsql.c
Line
Count
Source
1
/* packet-pgsql.c
2
 * Routines for PostgreSQL v3 protocol dissection.
3
 * <http://www.postgresql.org/docs/current/static/protocol.html>
4
 * Copyright 2004 Abhijit Menon-Sen <ams@oryx.com>
5
 *
6
 * Wireshark - Network traffic analyzer
7
 * By Gerald Combs <gerald@wireshark.org>
8
 * Copyright 1998 Gerald Combs
9
 *
10
 * SPDX-License-Identifier: GPL-2.0-or-later
11
 */
12
13
#include "config.h"
14
15
#include <epan/packet.h>
16
#include <epan/proto_data.h>
17
18
#include "packet-gssapi.h"
19
#include "packet-tls-utils.h"
20
#include "packet-tcp.h"
21
22
void proto_register_pgsql(void);
23
void proto_reg_handoff_pgsql(void);
24
25
static dissector_handle_t pgsql_handle;
26
static dissector_handle_t pgsql_gssapi_handle;
27
static dissector_handle_t tls_handle;
28
static dissector_handle_t gssapi_handle;
29
static dissector_handle_t ntlmssp_handle;
30
31
static int proto_pgsql;
32
static int hf_frontend;
33
static int hf_type;
34
static int hf_copydata;
35
static int hf_copydata_type;
36
static int hf_xlogdata;
37
static int hf_logical_msg_type;
38
static int hf_custom_type_name;
39
static int hf_namespace;
40
static int hf_relation_name;
41
static int hf_relation_oid;
42
static int hf_xid_subtransaction;
43
static int hf_xid;
44
static int hf_length;
45
static int hf_version_major;
46
static int hf_version_minor;
47
static int hf_request_code;
48
static int hf_supported_minor_version;
49
static int hf_number_nonsupported_options;
50
static int hf_nonsupported_option;
51
static int hf_parameter_name;
52
static int hf_parameter_value;
53
static int hf_query;
54
static int hf_authtype;
55
static int hf_passwd;
56
static int hf_salt;
57
static int hf_gssapi_sspi_data;
58
static int hf_sasl_auth_mech;
59
static int hf_sasl_auth_data;
60
static int hf_sasl_auth_data_length;
61
static int hf_statement;
62
static int hf_portal;
63
static int hf_return;
64
static int hf_tag;
65
static int hf_status;
66
static int hf_error;
67
static int hf_pid;
68
static int hf_key;
69
static int hf_condition;
70
static int hf_text;
71
static int hf_tableoid;
72
static int hf_typeoid;
73
static int hf_oid;
74
static int hf_format;
75
static int hf_field_count;
76
static int hf_val_name;
77
static int hf_val_idx;
78
static int hf_val_length;
79
static int hf_val_data;
80
static int hf_val_text_data;
81
static int hf_val_mod;
82
static int hf_severity;
83
static int hf_code;
84
static int hf_message;
85
static int hf_detail;
86
static int hf_hint;
87
static int hf_position;
88
static int hf_internal_position;
89
static int hf_internal_query;
90
static int hf_where;
91
static int hf_schema_name;
92
static int hf_table_name;
93
static int hf_column_name;
94
static int hf_type_name;
95
static int hf_tuple_type;
96
static int hf_tuple_data_type;
97
static int hf_constraint_name;
98
static int hf_file;
99
static int hf_line;
100
static int hf_routine;
101
static int hf_ssl_response;
102
static int hf_gssenc_response;
103
static int hf_gssapi_encrypted_payload;
104
static int hf_logical_column_flags;
105
static int hf_logical_column_length;
106
static int hf_logical_column_name;
107
static int hf_logical_number_columns;
108
static int hf_logical_column_oid;
109
static int hf_logical_column_type_modifier;
110
static int hf_logical_commit_flags;
111
static int hf_logical_commit_ts;
112
static int hf_logical_lsn_abort;
113
static int hf_logical_lsn_commit;
114
static int hf_logical_lsn_final;
115
static int hf_logical_lsn_origin;
116
static int hf_logical_lsn_transaction;
117
static int hf_logical_message_content;
118
static int hf_logical_message_flags;
119
static int hf_logical_message_length;
120
static int hf_logical_message_lsn;
121
static int hf_logical_message_prefix;
122
static int hf_logical_origin_name;
123
static int hf_logical_prepare_commit_ts;
124
static int hf_logical_prepare_flags;
125
static int hf_logical_prepare_gid;
126
static int hf_logical_prepare_lsn_end;
127
static int hf_logical_prepare_lsn_rollback;
128
static int hf_logical_prepare_lsn;
129
static int hf_logical_prepare_rollback_ts;
130
static int hf_logical_prepare_ts;
131
static int hf_logical_relation_number;
132
static int hf_logical_replica_identity;
133
static int hf_logical_stream_abort_ts;
134
static int hf_logical_stream_first_segment;
135
static int hf_logical_stream_flags;
136
static int hf_logical_truncate_flags;
137
static int hf_standby_catalog_xmin_epoch;
138
static int hf_standby_catalog_xmin;
139
static int hf_standby_clock_ts;
140
static int hf_standby_immediate_ack;
141
static int hf_standby_last_wal_applied;
142
static int hf_standby_last_wal_flushed;
143
static int hf_standby_last_wal_written;
144
static int hf_standby_xmin_epoch;
145
static int hf_standby_xmin;
146
static int hf_xlog_wal_end;
147
static int hf_xlog_wal_start;
148
149
static int ett_pgsql;
150
static int ett_values;
151
152
14
#define PGSQL_PORT 5432
153
static bool pgsql_desegment = true;
154
static bool first_message = true;
155
156
typedef enum {
157
  /* Reserve 0 (== GPOINTER_TO_UINT(NULL)) for no PGSQL detected */
158
  PGSQL_AUTH_STATE_NONE = 1,           /* No authentication seen or used */
159
  PGSQL_AUTH_SASL_REQUESTED,           /* Server sends SASL auth request with supported SASL mechanisms*/
160
  PGSQL_AUTH_SASL_CONTINUE,            /* Server and/or client send further SASL challenge-response messages */
161
  PGSQL_AUTH_GSSAPI_SSPI_DATA,         /* GSSAPI/SSPI in use */
162
  PGSQL_AUTH_SSL_REQUESTED,            /* Client sends SSL encryption request */
163
  PGSQL_AUTH_GSSENC_REQUESTED,         /* Client sends GSSAPI encryption request */
164
} pgsql_auth_state_t;
165
166
typedef struct pgsql_conn_data {
167
    wmem_tree_t *state_tree;   /* Tree of encryption and auth state changes */
168
    uint32_t     server_port;
169
    bool         streamed_txn;
170
} pgsql_conn_data_t;
171
172
struct pgsql_per_packet_data_t {
173
    bool         streamed_txn;
174
};
175
176
static const value_string fe_messages[] = {
177
    { 'p', "Authentication message" },
178
    { 'Q', "Simple query" },
179
    { 'P', "Parse" },
180
    { 'B', "Bind" },
181
    { 'E', "Execute" },
182
    { 'D', "Describe" },
183
    { 'C', "Close" },
184
    { 'H', "Flush" },
185
    { 'S', "Sync" },
186
    { 'F', "Function call" },
187
    { 'd', "Copy data" },
188
    { 'c', "Copy completion" },
189
    { 'f', "Copy failure" },
190
    { 'X', "Termination" },
191
    { 0, NULL }
192
};
193
194
static const value_string be_messages[] = {
195
    { 'R', "Authentication request" },
196
    { 'K', "Backend key data" },
197
    { 'S', "Parameter status" },
198
    { '1', "Parse completion" },
199
    { '2', "Bind completion" },
200
    { '3', "Close completion" },
201
    { 'C', "Command completion" },
202
    { 't', "Parameter description" },
203
    { 'T', "Row description" },
204
    { 'D', "Data row" },
205
    { 'I', "Empty query" },
206
    { 'n', "No data" },
207
    { 'E', "Error" },
208
    { 'N', "Notice" },
209
    { 's', "Portal suspended" },
210
    { 'Z', "Ready for query" },
211
    { 'A', "Notification" },
212
    { 'V', "Function call response" },
213
    { 'G', "CopyIn response" },
214
    { 'H', "CopyOut response" },
215
    { 'W', "CopyBoth response" },
216
    { 'd', "Copy data" },
217
    { 'c', "Copy completion" },
218
    { 'v', "Negotiate protocol version" },
219
    { 0, NULL }
220
};
221
222
static const value_string tuple_types[] = {
223
    { 'n', "NULL" },
224
    { 'u', "Unchanged TOASTed" },
225
    { 't', "Text" },
226
    { 'b', "Binary" },
227
    { 0, NULL }
228
};
229
230
static const value_string tuple_data_types[] = {
231
    { 'K', "Key" },
232
    { 'O', "Old tuple" },
233
    { 'N', "New tuple" },
234
    { 0, NULL }
235
};
236
237
static const value_string logical_message_types[] = {
238
    { 'B', "Begin" },
239
    { 'b', "Begin Prepare" },
240
    { 'C', "Commit" },
241
    { 'K', "Commit Prepared" },
242
    { 'D', "Delete" },
243
    { 'I', "Insert" },
244
    { 'M', "Message" },
245
    { 'P', "Prepare" },
246
    { 'r', "Rollback Prepared" },
247
    { 'R', "Relation" },
248
    { 'T', "Truncate" },
249
    { 'U', "Update" },
250
    { 'O', "Origin" },
251
    { 'Y', "Type" },
252
    { 'S', "Stream Start" },
253
    { 'E', "Stream Stop" },
254
    { 'c', "Stream Commit" },
255
    { 'A', "Stream Abort" },
256
    { 'p', "Stream Prepare" },
257
    { 0, NULL }
258
};
259
260
#define PGSQL_AUTH_TYPE_SUCCESS 0
261
#define PGSQL_AUTH_TYPE_KERBEROS4 1
262
#define PGSQL_AUTH_TYPE_KERBEROS5 2
263
#define PGSQL_AUTH_TYPE_PLAINTEXT 3
264
0
#define PGSQL_AUTH_TYPE_CRYPT 4
265
0
#define PGSQL_AUTH_TYPE_MD5 5
266
#define PGSQL_AUTH_TYPE_SCM 6
267
0
#define PGSQL_AUTH_TYPE_GSSAPI 7
268
0
#define PGSQL_AUTH_TYPE_GSSAPI_SSPI_CONTINUE 8
269
0
#define PGSQL_AUTH_TYPE_SSPI 9
270
0
#define PGSQL_AUTH_TYPE_SASL 10
271
0
#define PGSQL_AUTH_TYPE_SASL_CONTINUE 11
272
0
#define PGSQL_AUTH_TYPE_SASL_COMPLETE 12
273
274
static const value_string auth_types[] = {
275
    { PGSQL_AUTH_TYPE_SUCCESS              , "Success" },
276
    { PGSQL_AUTH_TYPE_KERBEROS4            , "Kerberos V4" },
277
    { PGSQL_AUTH_TYPE_KERBEROS5            , "Kerberos V5" },
278
    { PGSQL_AUTH_TYPE_PLAINTEXT            , "Plaintext password" },
279
    { PGSQL_AUTH_TYPE_CRYPT                , "crypt()ed password" },
280
    { PGSQL_AUTH_TYPE_MD5                  , "MD5 password" },
281
    { PGSQL_AUTH_TYPE_SCM                  , "SCM credentials" },
282
    { PGSQL_AUTH_TYPE_GSSAPI               , "GSSAPI" },
283
    { PGSQL_AUTH_TYPE_GSSAPI_SSPI_CONTINUE , "GSSAPI/SSPI continue" },
284
    { PGSQL_AUTH_TYPE_SSPI                 , "SSPI" },
285
    { PGSQL_AUTH_TYPE_SASL                 , "SASL" },
286
    { PGSQL_AUTH_TYPE_SASL_CONTINUE        , "SASL continue" },
287
    { PGSQL_AUTH_TYPE_SASL_COMPLETE        , "SASL complete" },
288
    { 0, NULL }
289
};
290
291
static const value_string status_vals[] = {
292
    { 'I', "Idle" },
293
    { 'T', "In a transaction" },
294
    { 'E', "In a failed transaction" },
295
    { 0, NULL }
296
};
297
298
static const value_string format_vals[] = {
299
    { 0, "Text" },
300
    { 1, "Binary" },
301
    { 0, NULL }
302
};
303
304
0
#define PGSQL_CANCELREQUEST 80877102
305
0
#define PGSQL_SSLREQUEST    80877103
306
0
#define PGSQL_GSSENCREQUEST 80877104
307
/* Version 3.0 is used between PG7.4 and PG17.
308
 * Version 3.2 is used by PG18.
309
 * We set our maximum to 3.9999, which is used as protocol "grease" by PG19
310
 * beta.
311
 */
312
8
#define PGSQL_VERSION_MIN   0x30000
313
2
#define PGSQL_VERSION_MAX   0x3270f
314
315
static const value_string request_code_vals[] = {
316
    { PGSQL_CANCELREQUEST, "CancelRequest" },
317
    { PGSQL_SSLREQUEST,    "SSLRequest" },
318
    { PGSQL_GSSENCREQUEST, "GSSENCRequest" },
319
    { 0, NULL }
320
};
321
322
static const value_string ssl_response_vals[] = {
323
    { 'N', "Unwilling to perform SSL" },
324
    { 'S', "Willing to perform SSL" },
325
    { 0, NULL }
326
};
327
328
static const value_string gssenc_response_vals[] = {
329
    { 'G', "Willing to perform GSSAPI encryption" },
330
    { 'N', "Unwilling to perform GSSAPI encryption" },
331
    { 0, NULL }
332
};
333
334
static void
335
dissect_pg_epoch(tvbuff_t *tvb, int n, proto_tree *tree, int hfindex)
336
0
{
337
0
    uint64_t system_clock = tvb_get_uint64(tvb, n, ENC_BIG_ENDIAN);
338
    /* PostgreSQL epoch starts at 2000-01-01, which translates to a timestamp of 946681200 */
339
0
    nstime_t system_time = NSTIME_INIT_SECS_USECS(system_clock / 1000000 + 946681200, system_clock % 1000000);
340
0
    proto_tree_add_time(tree, hfindex, tvb, n, 8, &system_time);
341
0
}
342
343
static int
344
get_tuple_data_length(tvbuff_t *tvb, int start)
345
0
{
346
0
    int number_columns;
347
0
    int n = start;
348
0
    number_columns = tvb_get_uint16(tvb, n, ENC_BIG_ENDIAN);
349
0
    n += 2;
350
0
    for (int i = 0; i < number_columns; i++) {
351
0
        unsigned char tuple_type;
352
0
        tuple_type = tvb_get_uint8(tvb, n);
353
0
        n += 1;
354
355
0
        if (tuple_type == 't' || tuple_type == 'b') {
356
0
            int column_length;
357
0
            column_length = tvb_get_ntohl(tvb, n);
358
0
            n += 4 + column_length;
359
0
       }
360
0
    }
361
0
    return n - start;
362
0
}
363
364
static int
365
dissect_tuple_data(tvbuff_t *tvb, int n, proto_tree *tree)
366
0
{
367
0
    uint32_t number_columns;
368
369
0
    proto_tree_add_item_ret_uint(tree, hf_logical_number_columns, tvb, n, 2, ENC_BIG_ENDIAN, &number_columns);
370
0
    n += 2;
371
372
0
    for (unsigned i = 0; i < number_columns; i++) {
373
0
        unsigned char tuple_type;
374
0
        int shrub_start = 0;
375
0
        const char *typestr;
376
0
        proto_tree *shrub;
377
378
        /* tuple_type is included in the column's shrub, save the start position */
379
0
        shrub_start = n;
380
381
0
        tuple_type = tvb_get_uint8(tvb, n);
382
0
        typestr = val_to_str_const(tuple_type, tuple_types, "Unknown");
383
0
        n += 1;
384
385
0
        if (tuple_type == 't' || tuple_type == 'b') {
386
0
            int column_length;
387
388
0
            column_length = tvb_get_ntohl(tvb, n);
389
            /* Shrub's size includes tuple_type (1 byte) + column_length (4 bytes) of column length */
390
0
            shrub = proto_tree_add_subtree_format(tree, tvb, shrub_start, 5 + column_length, ett_values, NULL, "Column %u", i);
391
            /* Now that the shrub is created, add the typestr. n was already incremented */
392
0
            proto_tree_add_string(shrub, hf_tuple_type, tvb, shrub_start, 1, typestr);
393
394
0
            proto_tree_add_item_ret_int(shrub, hf_logical_column_length, tvb, n, 4, ENC_BIG_ENDIAN, &column_length);
395
0
            n += 4;
396
397
0
            if (tuple_type == 't') {
398
0
                proto_tree_add_item(shrub, hf_val_text_data, tvb, n, column_length, ENC_ASCII);
399
0
            } else {
400
0
                proto_tree_add_item(shrub, hf_val_data, tvb, n, column_length, ENC_NA);
401
0
            }
402
0
            n += column_length;
403
0
       } else {
404
0
            shrub = proto_tree_add_subtree_format(tree, tvb, shrub_start, 1, ett_values, NULL, "Column %d", i);
405
0
            proto_tree_add_string(shrub, hf_tuple_type, tvb, shrub_start, 1, typestr);
406
0
        }
407
0
    }
408
0
    return n;
409
0
}
410
411
static int
412
dissect_new_tuple_data(tvbuff_t *tvb, int n, proto_tree *tree)
413
0
{
414
0
    proto_tree *shrub;
415
0
    const char * tupledatastr;
416
0
    unsigned char type;
417
0
    int length, start_shrub = n;
418
419
0
    type = tvb_get_uint8(tvb, n);
420
0
    tupledatastr = val_to_str_const(type, tuple_data_types, "Unknown");
421
0
    n += 1;
422
423
0
    length = get_tuple_data_length(tvb, n);
424
0
    shrub = proto_tree_add_subtree_format(tree, tvb, start_shrub, length + 1, ett_values, NULL, "%s", tupledatastr);
425
0
    proto_tree_add_string(shrub, hf_tuple_data_type, tvb, start_shrub, 1, tupledatastr);
426
427
0
    n = dissect_tuple_data(tvb, n, shrub);
428
0
    return n;
429
0
}
430
431
static int
432
dissect_old_tuple_data(tvbuff_t *tvb, int n, proto_tree *tree)
433
0
{
434
0
    proto_tree *shrub;
435
0
    const char *tupledatastr;
436
0
    int length, start_shrub = n;
437
0
    unsigned char type;
438
439
0
    type = tvb_get_uint8(tvb, n);
440
0
    if (type != 'K' && type != 'O') {
441
        /* No optional old tuple detected */
442
0
        return n;
443
0
    }
444
445
0
    n += 1;
446
0
    tupledatastr = val_to_str_const(type, tuple_data_types, "Unknown");
447
448
    /* Get the size of the tuple data so we can build our shrub */
449
0
    length = get_tuple_data_length(tvb, n);
450
0
    shrub = proto_tree_add_subtree_format(tree, tvb, start_shrub, length - (start_shrub - 1), ett_values, NULL, "%s", tupledatastr);
451
0
    proto_tree_add_string(shrub, hf_tuple_data_type, tvb, start_shrub, 1, tupledatastr);
452
453
    /* Now we can dissect tuple data for real */
454
0
    return dissect_tuple_data(tvb, n, shrub);
455
0
}
456
457
static bool is_streamed_txn(packet_info *pinfo, pgsql_conn_data_t *conv_data)
458
0
{
459
0
    struct pgsql_per_packet_data_t *pgsql_ppd;
460
0
    pgsql_ppd = (struct pgsql_per_packet_data_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_pgsql, pinfo->curr_layer_num);
461
0
    if (!pgsql_ppd) {
462
        /* First time, allocate the per packet and copy the current
463
         * streamed_txn from the conversation
464
         */
465
0
        pgsql_ppd = wmem_new0(wmem_file_scope(), struct pgsql_per_packet_data_t);
466
0
        p_add_proto_data(wmem_file_scope(), pinfo, proto_pgsql, pinfo->curr_layer_num, pgsql_ppd);
467
0
        pgsql_ppd->streamed_txn = conv_data->streamed_txn;
468
0
    }
469
0
    return pgsql_ppd->streamed_txn;
470
0
}
471
472
static void set_streamed_txn(packet_info *pinfo, pgsql_conn_data_t *conv_data, bool streamed_txn)
473
0
{
474
0
    struct pgsql_per_packet_data_t *pgsql_ppd;
475
    /* Set both the conversation's and the ppd stream_txn state.
476
     * Conversation is used to set the stream_txn's value when ppd is
477
     * created.
478
     */
479
0
    conv_data->streamed_txn = streamed_txn;
480
0
    pgsql_ppd = (struct pgsql_per_packet_data_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_pgsql, pinfo->curr_layer_num);
481
0
    if (!pgsql_ppd) {
482
0
        pgsql_ppd = wmem_new0(wmem_file_scope(), struct pgsql_per_packet_data_t);
483
0
        p_add_proto_data(wmem_file_scope(), pinfo, proto_pgsql, pinfo->curr_layer_num, pgsql_ppd);
484
0
    }
485
0
    pgsql_ppd->streamed_txn = streamed_txn;
486
0
}
487
488
static void dissect_pgsql_logical_be_msg(int32_t length, tvbuff_t *tvb, int n, proto_tree *tree, packet_info *pinfo,
489
                                         pgsql_conn_data_t *conv_data)
490
0
{
491
0
    proto_tree *shrub;
492
0
    proto_item *ti;
493
0
    int siz, content_length, leftover;
494
0
    uint32_t i;
495
496
0
    unsigned char message_type = tvb_get_uint8(tvb, n);
497
0
    const char *logical_message_name = try_val_to_str(message_type, logical_message_types);
498
0
    if (logical_message_name == NULL)
499
0
    {
500
        /* Doesn't look like a logical replication message. It's probably WAL
501
         * data stream from physical replication.
502
         */
503
0
        proto_tree_add_item(tree, hf_xlogdata, tvb, n, length - (n - 1), ENC_NA);
504
0
        return;
505
0
    }
506
507
0
    proto_tree_add_string(tree, hf_logical_msg_type, tvb, n, 1, logical_message_name);
508
0
    n += 1;
509
510
    /* Payload's length doesn't include the type */
511
0
    shrub = proto_tree_add_subtree_format(tree, tvb, n, length - (n - 1), ett_values, NULL, "%s", logical_message_name);
512
513
0
    switch (message_type) {
514
    /* Begin */
515
0
    case 'B':
516
0
        proto_tree_add_item(shrub, hf_logical_lsn_final, tvb, n, 8, ENC_BIG_ENDIAN);
517
0
        n += 8;
518
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_commit_ts);
519
0
        n += 8;
520
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
521
0
        break;
522
523
    /* Message */
524
0
    case 'M':
525
0
        if (is_streamed_txn(pinfo, conv_data)) {
526
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
527
0
            n += 4;
528
0
        }
529
0
        proto_tree_add_item(shrub, hf_logical_message_flags, tvb, n, 1, ENC_BIG_ENDIAN);
530
0
        n += 1;
531
0
        proto_tree_add_item(shrub, hf_logical_message_lsn, tvb, n, 8, ENC_BIG_ENDIAN);
532
0
        n += 8;
533
0
        siz = tvb_strsize(tvb, n);
534
0
        proto_tree_add_item(shrub, hf_logical_message_prefix, tvb, n, siz, ENC_ASCII);
535
0
        n += siz;
536
0
        content_length = tvb_strsize(tvb, n);
537
0
        proto_tree_add_item_ret_int(shrub, hf_logical_message_length, tvb, n, 4, ENC_BIG_ENDIAN, &content_length);
538
0
        n += 4;
539
0
        proto_tree_add_item(shrub, hf_logical_message_content, tvb, n, content_length, ENC_ASCII);
540
0
        break;
541
542
    /* Commit */
543
0
    case 'C':
544
0
        proto_tree_add_item(shrub, hf_logical_commit_flags, tvb, n, 1, ENC_BIG_ENDIAN);
545
0
        n += 1;
546
0
        proto_tree_add_item(shrub, hf_logical_lsn_commit, tvb, n, 8, ENC_BIG_ENDIAN);
547
0
        n += 8;
548
0
        proto_tree_add_item(shrub, hf_logical_lsn_transaction, tvb, n, 8, ENC_BIG_ENDIAN);
549
0
        n += 8;
550
0
        dissect_pg_epoch(tvb, n, shrub, hf_standby_clock_ts);
551
0
        break;
552
553
    /* Origin */
554
0
    case 'O':
555
0
        proto_tree_add_item(shrub, hf_logical_lsn_origin, tvb, n, 8, ENC_BIG_ENDIAN);
556
0
        n += 8;
557
0
        siz = tvb_strsize(tvb, n);
558
0
        proto_tree_add_item(shrub, hf_logical_origin_name, tvb, n, siz, ENC_ASCII);
559
0
        break;
560
561
    /* Relation */
562
0
    case 'R':
563
0
        if (is_streamed_txn(pinfo, conv_data)) {
564
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
565
0
            n += 4;
566
0
        }
567
0
        proto_tree_add_item(shrub, hf_relation_oid, tvb, n, 4, ENC_BIG_ENDIAN);
568
0
        n += 4;
569
0
        proto_tree_add_item_ret_length(shrub, hf_namespace, tvb, n, -1, ENC_ASCII, &siz);
570
0
        n += siz;
571
0
        proto_tree_add_item_ret_length(shrub, hf_relation_name, tvb, n, -1, ENC_ASCII, &siz);
572
0
        n += siz;
573
0
        proto_tree_add_item(shrub, hf_logical_replica_identity, tvb, n, 1, ENC_BIG_ENDIAN);
574
0
        n += 1;
575
0
        i = tvb_get_ntohs(tvb, n);
576
0
        shrub = proto_tree_add_subtree_format(shrub, tvb, n, 2, ett_values, NULL, "Columns: %u", i);
577
0
        n += 2;
578
0
        while (i-- > 0) {
579
0
            proto_tree *twig;
580
0
            siz = tvb_strsize(tvb, n+1);
581
0
            ti = proto_tree_add_item(shrub, hf_val_name, tvb, n+1, siz, ENC_ASCII);
582
0
            twig = proto_item_add_subtree(ti, ett_values);
583
0
            proto_tree_add_item(twig, hf_logical_column_flags, tvb, n, 1, ENC_BIG_ENDIAN);
584
0
            n +=1;
585
0
            proto_tree_add_item(twig, hf_logical_column_name, tvb, n, siz, ENC_ASCII);
586
0
            n += siz;
587
0
            proto_tree_add_item(twig, hf_logical_column_oid, tvb, n, 4, ENC_BIG_ENDIAN);
588
0
            n += 4;
589
0
            proto_tree_add_item(twig, hf_logical_column_type_modifier, tvb, n, 4, ENC_BIG_ENDIAN);
590
0
            n += 4;
591
0
        }
592
0
        break;
593
594
    /* Type */
595
0
    case 'Y':
596
0
        if (is_streamed_txn(pinfo, conv_data)) {
597
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
598
0
            n += 4;
599
0
        }
600
0
        proto_tree_add_item(shrub, hf_typeoid, tvb, n, 4, ENC_BIG_ENDIAN);
601
0
        n += 4;
602
0
        proto_tree_add_item_ret_length(shrub, hf_namespace, tvb, n, -1, ENC_ASCII, &siz);
603
0
        n += siz;
604
0
        proto_tree_add_item(shrub, hf_custom_type_name, tvb, n, -1, ENC_ASCII);
605
0
        break;
606
607
    /* Insert */
608
0
    case 'I':
609
0
        if (is_streamed_txn(pinfo, conv_data)) {
610
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
611
0
            n += 4;
612
0
        }
613
0
        proto_tree_add_item(shrub, hf_relation_oid, tvb, n, 4, ENC_BIG_ENDIAN);
614
0
        n += 4;
615
0
        dissect_new_tuple_data(tvb, n, shrub);
616
0
        break;
617
618
    /* Update */
619
0
    case 'U':
620
0
        if (is_streamed_txn(pinfo, conv_data)) {
621
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
622
0
            n += 4;
623
0
        }
624
0
        proto_tree_add_item_ret_uint(shrub, hf_logical_column_oid, tvb, n, 4, ENC_BIG_ENDIAN, &i);
625
0
        n += 4;
626
0
        n = dissect_old_tuple_data(tvb, n, shrub);
627
0
        dissect_new_tuple_data(tvb, n, shrub);
628
0
        break;
629
630
    /* Delete */
631
0
    case 'D':
632
0
        if (is_streamed_txn(pinfo, conv_data)) {
633
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
634
0
            n += 4;
635
0
        }
636
0
        proto_tree_add_item_ret_uint(shrub, hf_logical_column_oid, tvb, n, 4, ENC_BIG_ENDIAN, &i);
637
0
        n += 4;
638
0
        dissect_old_tuple_data(tvb, n, shrub);
639
0
        break;
640
641
    /* Truncate */
642
0
    case 'T':
643
0
        if (is_streamed_txn(pinfo, conv_data)) {
644
0
            proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
645
0
            n += 4;
646
0
        }
647
0
        proto_tree_add_item_ret_uint(shrub, hf_logical_relation_number, tvb, n, 4, ENC_BIG_ENDIAN, &i);
648
0
        n += 4;
649
0
        proto_tree_add_item(shrub, hf_logical_truncate_flags, tvb, n, 1, ENC_BIG_ENDIAN);
650
0
        n += 1;
651
0
        shrub = proto_tree_add_subtree_format(shrub, tvb, n, length - n, ett_values, NULL, "Relation Oids: %d", i);
652
0
        while (i-- > 0) {
653
0
            proto_tree_add_item(shrub, hf_relation_oid, tvb, n, 4, ENC_BIG_ENDIAN);
654
0
            n += 4;
655
0
        }
656
0
        break;
657
658
    /* Stream Start */
659
0
    case 'S':
660
0
        set_streamed_txn(pinfo, conv_data, true);
661
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
662
0
        n += 4;
663
0
        proto_tree_add_item(shrub, hf_logical_stream_first_segment, tvb, n, 1, ENC_BIG_ENDIAN);
664
0
        break;
665
666
    /* Stream Stop */
667
0
    case 'E':
668
0
        set_streamed_txn(pinfo, conv_data, false);
669
0
        break;
670
671
    /* Stream Commit */
672
0
    case 'c':
673
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
674
0
        n += 4;
675
0
        proto_tree_add_item(shrub, hf_logical_stream_flags, tvb, n, 1, ENC_BIG_ENDIAN);
676
0
        n += 1;
677
0
        proto_tree_add_item(shrub, hf_logical_lsn_commit, tvb, n, 8, ENC_BIG_ENDIAN);
678
0
        n += 8;
679
0
        proto_tree_add_item(shrub, hf_logical_lsn_transaction, tvb, n, 8, ENC_BIG_ENDIAN);
680
0
        n += 8;
681
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_commit_ts);
682
0
        break;
683
684
    /* Stream Abort */
685
0
    case 'A':
686
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
687
0
        n += 4;
688
0
        proto_tree_add_item(shrub, hf_xid_subtransaction, tvb, n, 4, ENC_BIG_ENDIAN);
689
0
        n += 4;
690
0
        leftover = length - (n - 1);
691
        /* PostgreSQL's doc is currently a bit confusing here as the abort LSN
692
         * and abort ts are marked as "available since protocol version 4".
693
         * However, it will only be sent if streaming=parallel which is only
694
         * supported with protocol version 4.
695
         * So in any case, since this is the last message, we can assume that if
696
         * we have enough data, they are the abort lsn and ts.
697
         */
698
0
        if (leftover == 16) {
699
0
            proto_tree_add_item(shrub, hf_logical_lsn_abort, tvb, n, 8, ENC_BIG_ENDIAN);
700
0
            n += 8;
701
0
            dissect_pg_epoch(tvb, n, shrub, hf_logical_stream_abort_ts);
702
0
        }
703
0
        break;
704
705
    /* Begin Prepare*/
706
0
    case 'b':
707
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn, tvb, n, 8, ENC_BIG_ENDIAN);
708
0
        n += 8;
709
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_end, tvb, n, 8, ENC_BIG_ENDIAN);
710
0
        n += 8;
711
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_ts);
712
0
        n += 8;
713
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
714
0
        n += 4;
715
0
        siz = tvb_strsize(tvb, n);
716
0
        proto_tree_add_item(shrub, hf_logical_prepare_gid, tvb, n, siz, ENC_ASCII);
717
0
        break;
718
719
    /* Prepare*/
720
0
    case 'P':
721
0
        proto_tree_add_item(shrub, hf_logical_prepare_flags, tvb, n, 1, ENC_BIG_ENDIAN);
722
0
        n += 1;
723
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn, tvb, n, 8, ENC_BIG_ENDIAN);
724
0
        n += 8;
725
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_end, tvb, n, 8, ENC_BIG_ENDIAN);
726
0
        n += 8;
727
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_ts);
728
0
        n += 8;
729
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
730
0
        n += 4;
731
0
        siz = tvb_strsize(tvb, n);
732
0
        proto_tree_add_item(shrub, hf_logical_prepare_gid, tvb, n, siz, ENC_ASCII);
733
0
        break;
734
735
    /* Commit Prepared */
736
0
    case 'K':
737
0
        proto_tree_add_item(shrub, hf_logical_prepare_flags, tvb, n, 1, ENC_BIG_ENDIAN);
738
0
        n += 1;
739
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn, tvb, n, 8, ENC_BIG_ENDIAN);
740
0
        n += 8;
741
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_end, tvb, n, 8, ENC_BIG_ENDIAN);
742
0
        n += 8;
743
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_commit_ts);
744
0
        n += 8;
745
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
746
0
        n += 4;
747
0
        siz = tvb_strsize(tvb, n);
748
0
        proto_tree_add_item(shrub, hf_logical_prepare_gid, tvb, n, siz, ENC_ASCII);
749
0
        break;
750
751
    /* Rollback Prepared */
752
0
    case 'r':
753
0
        proto_tree_add_item(shrub, hf_logical_prepare_flags, tvb, n, 1, ENC_BIG_ENDIAN);
754
0
        n += 1;
755
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_end, tvb, n, 8, ENC_BIG_ENDIAN);
756
0
        n += 8;
757
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_rollback, tvb, n, 8, ENC_BIG_ENDIAN);
758
0
        n += 8;
759
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_ts);
760
0
        n += 8;
761
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_rollback_ts);
762
0
        n += 8;
763
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
764
0
        n += 4;
765
0
        siz = tvb_strsize(tvb, n);
766
0
        proto_tree_add_item(shrub, hf_logical_prepare_gid, tvb, n, siz, ENC_ASCII);
767
0
        break;
768
769
    /* Stream Prepare */
770
0
    case 'p':
771
0
        proto_tree_add_item(shrub, hf_logical_stream_flags, tvb, n, 1, ENC_BIG_ENDIAN);
772
0
        n +=1;
773
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn, tvb, n, 8, ENC_BIG_ENDIAN);
774
0
        n += 8;
775
0
        proto_tree_add_item(shrub, hf_logical_prepare_lsn_end, tvb, n, 8, ENC_BIG_ENDIAN);
776
0
        n += 8;
777
0
        dissect_pg_epoch(tvb, n, shrub, hf_logical_prepare_ts);
778
0
        n += 8;
779
0
        proto_tree_add_item(shrub, hf_xid, tvb, n, 4, ENC_BIG_ENDIAN);
780
0
        n += 4;
781
0
        siz = tvb_strsize(tvb, n);
782
0
        proto_tree_add_item(shrub, hf_logical_prepare_gid, tvb, n, siz, ENC_ASCII);
783
0
        break;
784
0
    default:
785
0
        return;
786
0
    }
787
0
    col_append_fstr(pinfo->cinfo, COL_INFO, "/%c", message_type);
788
0
}
789
790
static void dissect_pgsql_copy_data_be_msg(int32_t length, tvbuff_t *tvb,
791
                                           int n, proto_tree *tree, packet_info *pinfo,
792
                                           pgsql_conn_data_t *conv_data)
793
0
{
794
0
    proto_tree *shrub;
795
0
    unsigned char type = tvb_get_uint8(tvb, n);
796
0
    switch (type) {
797
    /* XLogData */
798
0
    case 'w':
799
0
        col_append_fstr(pinfo->cinfo, COL_INFO, "/%c", type);
800
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, length - (n - 1), ett_values, NULL, "XLogData");
801
0
        proto_tree_add_string(shrub, hf_copydata_type, tvb, n, 1, "XLogData");
802
0
        n += 1;
803
0
        proto_tree_add_item(shrub, hf_xlog_wal_start, tvb, n, 8, ENC_BIG_ENDIAN);
804
0
        n += 8;
805
0
        proto_tree_add_item(shrub, hf_xlog_wal_end, tvb, n, 8, ENC_BIG_ENDIAN);
806
0
        n += 8;
807
0
        dissect_pg_epoch(tvb, n, shrub, hf_standby_clock_ts);
808
0
        n += 8;
809
0
        dissect_pgsql_logical_be_msg(length, tvb, n, shrub, pinfo, conv_data);
810
0
        break;
811
812
    /* Primary keep alive */
813
0
    case 'k':
814
0
        col_append_fstr(pinfo->cinfo, COL_INFO, "/%c", type);
815
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, length - (n - 1), ett_values, NULL, "Primary keepalive");
816
0
        proto_tree_add_string(shrub, hf_copydata_type, tvb, n, 1, "Primary Keepalive Message");
817
0
        n += 1;
818
0
        proto_tree_add_item(shrub, hf_xlog_wal_end, tvb, n, 8, ENC_BIG_ENDIAN);
819
0
        n += 8;
820
0
        dissect_pg_epoch(tvb, n, shrub, hf_standby_clock_ts);
821
0
        n += 8;
822
0
        proto_tree_add_item(shrub, hf_standby_immediate_ack, tvb, n, 1, ENC_NULL);
823
0
        break;
824
825
0
    default:
826
0
        proto_tree_add_item(tree, hf_copydata, tvb, n, length-n+1, ENC_NA);
827
0
        return;
828
0
    }
829
0
}
830
831
static void dissect_pgsql_copy_data_fe_msg(tvbuff_t *tvb, int n, proto_tree *tree, int32_t length, packet_info *pinfo)
832
0
{
833
0
    proto_tree *shrub;
834
0
    unsigned char type = tvb_get_uint8(tvb, n);
835
0
    switch (type) {
836
    /* Standby status update */
837
0
    case 'r':
838
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, length - (n - 1), ett_values, NULL, "Standby status update");
839
0
        proto_tree_add_string(shrub, hf_copydata_type, tvb, n, 1, "Standby status update");
840
0
        n += 1;
841
0
        proto_tree_add_item(shrub, hf_standby_last_wal_written, tvb, n, 8, ENC_BIG_ENDIAN);
842
0
        n += 8;
843
0
        proto_tree_add_item(shrub, hf_standby_last_wal_flushed, tvb, n, 8, ENC_BIG_ENDIAN);
844
0
        n += 8;
845
0
        proto_tree_add_item(shrub, hf_standby_last_wal_applied, tvb, n, 8, ENC_BIG_ENDIAN);
846
0
        n += 8;
847
0
        dissect_pg_epoch(tvb, n, shrub, hf_standby_clock_ts);
848
0
        n += 8;
849
0
        proto_tree_add_item(shrub, hf_standby_immediate_ack, tvb, n, 1, ENC_NULL);
850
0
        break;
851
852
    /* Hot standby feedback */
853
0
    case 'h':
854
0
        proto_tree_add_string(tree, hf_copydata_type, tvb, n, 1, "Hot standby feedback");
855
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, length - (n - 1), ett_values, NULL, "Hot standby feedback");
856
0
        n += 1;
857
0
        dissect_pg_epoch(tvb, n, shrub, hf_standby_clock_ts);
858
0
        n += 8;
859
0
        proto_tree_add_item(shrub, hf_standby_xmin, tvb, n, 4, ENC_BIG_ENDIAN);
860
0
        n += 4;
861
0
        proto_tree_add_item(shrub, hf_standby_xmin_epoch, tvb, n, 4, ENC_BIG_ENDIAN);
862
0
        n += 4;
863
0
        proto_tree_add_item(shrub, hf_standby_catalog_xmin, tvb, n, 4, ENC_BIG_ENDIAN);
864
0
        n += 4;
865
0
        proto_tree_add_item(shrub, hf_standby_catalog_xmin_epoch, tvb, n, 4, ENC_BIG_ENDIAN);
866
0
        break;
867
868
0
    default:
869
0
        proto_tree_add_item(tree, hf_copydata, tvb, n, length-n+1, ENC_NA);
870
0
        return;
871
0
    }
872
0
    col_append_fstr(pinfo->cinfo, COL_INFO, "/%c", type);
873
0
}
874
875
static void dissect_pgsql_fe_msg(unsigned char type, unsigned length, tvbuff_t *tvb,
876
                                 int n, proto_tree *tree, packet_info *pinfo,
877
                                 pgsql_conn_data_t *conv_data)
878
9
{
879
9
    unsigned char c;
880
9
    int i, siz;
881
9
    proto_tree *shrub;
882
9
    int32_t data_length;
883
9
    pgsql_auth_state_t   state;
884
9
    tvbuff_t *next_tvb;
885
9
    dissector_handle_t payload_handle;
886
887
9
    switch (type) {
888
    /* Password, SASL or GSSAPI Response, depending on context */
889
0
    case 'p':
890
0
        state = GPOINTER_TO_UINT(wmem_tree_lookup32_le(conv_data->state_tree, pinfo->num));
891
0
        switch(state) {
892
893
0
            case PGSQL_AUTH_SASL_REQUESTED:
894
                /* SASLInitResponse */
895
0
                siz = tvb_strsize(tvb, n);
896
0
                proto_tree_add_item(tree, hf_sasl_auth_mech, tvb, n, siz, ENC_ASCII);
897
0
                n += siz;
898
0
                proto_tree_add_item_ret_int(tree, hf_sasl_auth_data_length, tvb, n, 4, ENC_BIG_ENDIAN, &data_length);
899
0
                n += 4;
900
0
                if (data_length) {
901
0
                    proto_tree_add_item(tree, hf_sasl_auth_data, tvb, n, data_length, ENC_NA);
902
0
                }
903
0
                break;
904
905
0
            case PGSQL_AUTH_SASL_CONTINUE:
906
0
                proto_tree_add_item(tree, hf_sasl_auth_data, tvb, n, length-4, ENC_NA);
907
0
                break;
908
909
0
            case PGSQL_AUTH_GSSAPI_SSPI_DATA:
910
0
                next_tvb = tvb_new_subset_length(tvb, n, length - 4);
911
                /* https://www.postgresql.org/docs/current/sspi-auth.html
912
                 * "PostgreSQL will use SSPI in negotiate mode, which will use
913
                 * Kerberos when possible and automatically fall back to NTLM
914
                 * in other cases... When using Kerberos authentication, SSPI
915
                 * works the same way GSSAPI does."
916
                 * Assume this means the Kerberos mode for SSPI works like
917
                 * GSSAPI, and not, say, SPNEGO the way TDS does. (Need
918
                 * a sample.)
919
                 */
920
0
                if (tvb_strneql(next_tvb, 0, "NTLMSSP", 7) == 0) {
921
0
                    payload_handle = ntlmssp_handle;
922
0
                } else {
923
0
                    payload_handle = gssapi_handle;
924
0
                }
925
0
                n = call_dissector_only(payload_handle, next_tvb, pinfo, tree, NULL);
926
0
                if ((length = tvb_reported_length_remaining(next_tvb, n))) {
927
0
                    proto_tree_add_item(tree, hf_gssapi_sspi_data, next_tvb, n, length, ENC_NA);
928
0
                }
929
0
                break;
930
931
0
            default:
932
0
                siz = tvb_strsize(tvb, n);
933
0
                proto_tree_add_item(tree, hf_passwd, tvb, n, siz, ENC_ASCII);
934
0
                break;
935
0
        }
936
0
        break;
937
938
    /* Simple query */
939
0
    case 'Q':
940
0
        siz = tvb_strsize(tvb, n);
941
0
        proto_tree_add_item(tree, hf_query, tvb, n, siz, ENC_ASCII);
942
0
        break;
943
944
    /* Parse */
945
0
    case 'P':
946
0
        siz = tvb_strsize(tvb, n);
947
0
        proto_tree_add_item(tree, hf_statement, tvb, n, siz, ENC_ASCII);
948
0
        n += siz;
949
950
0
        siz = tvb_strsize(tvb, n);
951
0
        proto_tree_add_item(tree, hf_query, tvb, n, siz, ENC_ASCII);
952
0
        n += siz;
953
954
0
        i = tvb_get_ntohs(tvb, n);
955
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameters: %d", i);
956
0
        n += 2;
957
0
        while (i-- > 0) {
958
0
            proto_tree_add_item(shrub, hf_typeoid, tvb, n, 4, ENC_BIG_ENDIAN);
959
0
            n += 4;
960
0
        }
961
0
        break;
962
963
    /* Bind */
964
3
    case 'B':
965
3
        siz = tvb_strsize(tvb, n);
966
3
        proto_tree_add_item(tree, hf_portal, tvb, n, siz, ENC_ASCII);
967
3
        n += siz;
968
969
3
        siz = tvb_strsize(tvb, n);
970
3
        proto_tree_add_item(tree, hf_statement, tvb, n, siz, ENC_ASCII);
971
3
        n += siz;
972
973
3
        i = tvb_get_ntohs(tvb, n);
974
3
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameter formats: %d", i);
975
3
        n += 2;
976
25
        while (i-- > 0) {
977
22
            proto_tree_add_item(shrub, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
978
22
            n += 2;
979
22
        }
980
981
3
        i = tvb_get_ntohs(tvb, n);
982
3
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameter values: %d", i);
983
3
        n += 2;
984
7
        while (i-- > 0) {
985
4
            siz = tvb_get_ntohl(tvb, n);
986
4
            proto_tree_add_int(shrub, hf_val_length, tvb, n, 4, siz);
987
4
            n += 4;
988
4
            if (siz > 0) {
989
1
                proto_tree_add_item(shrub, hf_val_data, tvb, n, siz, ENC_NA);
990
1
                n += siz;
991
1
            }
992
4
        }
993
994
3
        i = tvb_get_ntohs(tvb, n);
995
3
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Result formats: %d", i);
996
3
        n += 2;
997
4
        while (i-- > 0) {
998
1
            proto_tree_add_item(shrub, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
999
1
            n += 2;
1000
1
        }
1001
3
        break;
1002
1003
    /* Execute */
1004
0
    case 'E':
1005
0
        siz = tvb_strsize(tvb, n);
1006
0
        proto_tree_add_item(tree, hf_portal, tvb, n, siz, ENC_ASCII);
1007
0
        n += siz;
1008
1009
0
        i = tvb_get_ntohl(tvb, n);
1010
0
        if (i == 0)
1011
0
            proto_tree_add_uint_format_value(tree, hf_return, tvb, n, 4, i, "all rows");
1012
0
        else
1013
0
            proto_tree_add_uint_format_value(tree, hf_return, tvb, n, 4, i, "%d rows", i);
1014
0
        break;
1015
1016
    /* Describe, Close */
1017
0
    case 'D':
1018
0
    case 'C':
1019
0
        c = tvb_get_uint8(tvb, n);
1020
0
        if (c == 'P')
1021
0
            i = hf_portal;
1022
0
        else
1023
0
            i = hf_statement;
1024
1025
0
        n += 1;
1026
0
        proto_tree_add_item(tree, i, tvb, n, -1, ENC_ASCII);
1027
0
        break;
1028
1029
    /* Messages without a type identifier */
1030
2
    case '\0':
1031
2
        i = tvb_get_ntohl(tvb, n);
1032
2
        n += 4;
1033
2
        length -= n;
1034
2
        switch (i) {
1035
0
        case PGSQL_SSLREQUEST:
1036
0
            proto_tree_add_item(tree, hf_request_code, tvb, n-4, 4, ENC_BIG_ENDIAN);
1037
            /* Next reply will be a single byte. */
1038
0
            wmem_tree_insert32(conv_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_SSL_REQUESTED));
1039
0
            break;
1040
1041
0
        case PGSQL_GSSENCREQUEST:
1042
0
            proto_tree_add_item(tree, hf_request_code, tvb, n-4, 4, ENC_BIG_ENDIAN);
1043
            /* Next reply will be a single byte. */
1044
0
            wmem_tree_insert32(conv_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_GSSENC_REQUESTED));
1045
0
            break;
1046
1047
0
        case PGSQL_CANCELREQUEST:
1048
0
            proto_tree_add_item(tree, hf_request_code, tvb, n-4, 4, ENC_BIG_ENDIAN);
1049
0
            proto_tree_add_item(tree, hf_pid, tvb, n,   4, ENC_BIG_ENDIAN);
1050
0
            proto_tree_add_item(tree, hf_key, tvb, n+4, 4, ENC_BIG_ENDIAN);
1051
0
            break;
1052
1053
2
        default:
1054
            /* Startup message contains the major+minor version in the first 4
1055
             * bytes.
1056
             * Between PG7.4 and PG17, the protocol version used was 3.0. In
1057
             * PG18, this version was bumped to 3.2.
1058
             * To handle future protocol version bumps, we check if the version
1059
             * is between PGSQL_VERSION_MIN and PGSQL_VERSION_MAX. We use
1060
             * 3.9999 as PGSQL_VERSION_MAX since it is used as protocol "grease"
1061
             * during PG19 beta.
1062
             */
1063
2
            if (i < PGSQL_VERSION_MIN || i > PGSQL_VERSION_MAX)
1064
2
                break;
1065
0
            proto_tree_add_item(tree, hf_version_major, tvb, n-4, 2, ENC_BIG_ENDIAN);
1066
0
            proto_tree_add_item(tree, hf_version_minor, tvb, n-2, 2, ENC_BIG_ENDIAN);
1067
0
            while ((signed)length > 0) {
1068
0
                siz = tvb_strsize(tvb, n);
1069
0
                length -= siz;
1070
0
                if ((signed)length <= 0) {
1071
0
                    break;
1072
0
                }
1073
0
                proto_tree_add_item(tree, hf_parameter_name,  tvb, n,       siz, ENC_ASCII);
1074
0
                i = tvb_strsize(tvb, n+siz);
1075
0
                proto_tree_add_item(tree, hf_parameter_value, tvb, n + siz, i,   ENC_ASCII);
1076
0
                length -= i;
1077
1078
0
                n += siz+i;
1079
0
                if (length == 1 && tvb_get_uint8(tvb, n) == 0)
1080
0
                    break;
1081
0
            }
1082
0
            break;
1083
2
        }
1084
2
        break;
1085
1086
    /* Copy data */
1087
2
    case 'd':
1088
0
        dissect_pgsql_copy_data_fe_msg(tvb, n, tree, length, pinfo);
1089
0
        break;
1090
1091
    /* Copy failure */
1092
0
    case 'f':
1093
0
        siz = tvb_strsize(tvb, n);
1094
0
        proto_tree_add_item(tree, hf_error, tvb, n, siz, ENC_ASCII);
1095
0
        break;
1096
1097
    /* Function call */
1098
2
    case 'F':
1099
2
        proto_tree_add_item(tree, hf_oid, tvb, n, 4, ENC_BIG_ENDIAN);
1100
2
        n += 4;
1101
1102
2
        i = tvb_get_ntohs(tvb, n);
1103
2
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameter formats: %d", i);
1104
2
        n += 2;
1105
411
        while (i-- > 0) {
1106
409
            proto_tree_add_item(shrub, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
1107
409
            n += 2;
1108
409
        }
1109
1110
2
        i = tvb_get_ntohs(tvb, n);
1111
2
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameter values: %d", i);
1112
2
        n += 2;
1113
2
        while (i-- > 0) {
1114
0
            siz = tvb_get_ntohl(tvb, n);
1115
0
            proto_tree_add_item(shrub, hf_val_length, tvb, n, 4, ENC_BIG_ENDIAN);
1116
0
            n += 4;
1117
0
            if (siz > 0) {
1118
0
                proto_tree_add_item(shrub, hf_val_data, tvb, n, siz, ENC_NA);
1119
0
                n += siz;
1120
0
            }
1121
0
        }
1122
1123
2
        proto_tree_add_item(tree, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
1124
2
        break;
1125
9
    }
1126
9
}
1127
1128
static void dissect_pgsql_be_msg(unsigned char type, unsigned length, tvbuff_t *tvb,
1129
                                 int n, proto_tree *tree, packet_info *pinfo,
1130
                                 pgsql_conn_data_t *conv_data)
1131
4
{
1132
4
    unsigned char c;
1133
4
    int i, siz;
1134
4
    int32_t num_nonsupported_options;
1135
4
    proto_item *ti;
1136
4
    proto_tree *shrub;
1137
4
    uint32_t auth_type;
1138
1139
4
    switch (type) {
1140
    /* Authentication request */
1141
0
    case 'R':
1142
0
        proto_tree_add_item_ret_uint(tree, hf_authtype, tvb, n, 4, ENC_BIG_ENDIAN, &auth_type);
1143
0
        switch (auth_type) {
1144
0
        case PGSQL_AUTH_TYPE_CRYPT:
1145
0
        case PGSQL_AUTH_TYPE_MD5:
1146
0
            n += 4;
1147
0
            siz = (auth_type == PGSQL_AUTH_TYPE_CRYPT ? 2 : 4);
1148
0
            proto_tree_add_item(tree, hf_salt, tvb, n, siz, ENC_NA);
1149
0
            break;
1150
0
        case PGSQL_AUTH_TYPE_GSSAPI_SSPI_CONTINUE:
1151
0
            proto_tree_add_item(tree, hf_gssapi_sspi_data, tvb, n, length-8, ENC_NA);
1152
            /* FALLTHROUGH */
1153
0
        case PGSQL_AUTH_TYPE_GSSAPI:
1154
0
        case PGSQL_AUTH_TYPE_SSPI:
1155
0
            wmem_tree_insert32(conv_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_GSSAPI_SSPI_DATA));
1156
0
            break;
1157
0
        case PGSQL_AUTH_TYPE_SASL:
1158
0
            wmem_tree_insert32(conv_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_SASL_REQUESTED));
1159
0
            n += 4;
1160
0
            while ((unsigned)n < length) {
1161
0
                siz = tvb_strsize(tvb, n);
1162
0
                proto_tree_add_item(tree, hf_sasl_auth_mech, tvb, n, siz, ENC_ASCII);
1163
0
                n += siz;
1164
0
            }
1165
0
            break;
1166
0
        case PGSQL_AUTH_TYPE_SASL_CONTINUE:
1167
0
        case PGSQL_AUTH_TYPE_SASL_COMPLETE:
1168
0
            wmem_tree_insert32(conv_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_SASL_CONTINUE));
1169
0
            n += 4;
1170
0
            if ((unsigned)n < length) {
1171
0
                proto_tree_add_item(tree, hf_sasl_auth_data, tvb, n, length-8, ENC_NA);
1172
0
            }
1173
0
            break;
1174
0
        }
1175
0
        break;
1176
1177
    /* Key data */
1178
0
    case 'K':
1179
0
        proto_tree_add_item(tree, hf_pid, tvb, n,   4, ENC_BIG_ENDIAN);
1180
0
        proto_tree_add_item(tree, hf_key, tvb, n+4, 4, ENC_BIG_ENDIAN);
1181
0
        break;
1182
1183
    /* Parameter status */
1184
0
    case 'S':
1185
0
        proto_tree_add_item_ret_length(tree, hf_parameter_name, tvb, n, -1, ENC_ASCII, &siz);
1186
0
        n += siz;
1187
0
        proto_tree_add_item(tree, hf_parameter_value, tvb, n, -1, ENC_ASCII);
1188
0
        break;
1189
1190
    /* Parameter description */
1191
0
    case 't':
1192
0
        i = tvb_get_ntohs(tvb, n);
1193
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Parameters: %d", i);
1194
0
        n += 2;
1195
0
        while (i-- > 0) {
1196
0
            proto_tree_add_item(shrub, hf_typeoid, tvb, n, 4, ENC_BIG_ENDIAN);
1197
0
            n += 4;
1198
0
        }
1199
0
        break;
1200
1201
    /* Row description */
1202
2
    case 'T':
1203
2
        i = tvb_get_ntohs(tvb, n);
1204
2
        ti = proto_tree_add_item(tree, hf_field_count, tvb, n, 2, ENC_BIG_ENDIAN);
1205
2
        shrub = proto_item_add_subtree(ti, ett_values);
1206
2
        n += 2;
1207
20
        while (i-- > 0) {
1208
18
            proto_tree *twig;
1209
18
            siz = tvb_strsize(tvb, n);
1210
18
            ti = proto_tree_add_item(shrub, hf_val_name, tvb, n, siz, ENC_ASCII);
1211
18
            twig = proto_item_add_subtree(ti, ett_values);
1212
18
            n += siz;
1213
18
            proto_tree_add_item(twig, hf_tableoid, tvb, n, 4, ENC_BIG_ENDIAN);
1214
18
            n += 4;
1215
18
            proto_tree_add_item(twig, hf_val_idx, tvb, n, 2, ENC_BIG_ENDIAN);
1216
18
            n += 2;
1217
18
            proto_tree_add_item(twig, hf_typeoid, tvb, n, 4, ENC_BIG_ENDIAN);
1218
18
            n += 4;
1219
18
            proto_tree_add_item(twig, hf_val_length, tvb, n, 2, ENC_BIG_ENDIAN);
1220
18
            n += 2;
1221
18
            proto_tree_add_item(twig, hf_val_mod, tvb, n, 4, ENC_BIG_ENDIAN);
1222
18
            n += 4;
1223
18
            proto_tree_add_item(twig, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
1224
18
            n += 2;
1225
18
        }
1226
2
        break;
1227
1228
    /* Data row */
1229
1
    case 'D':
1230
1
        i = tvb_get_ntohs(tvb, n);
1231
1
        ti = proto_tree_add_item(tree, hf_field_count, tvb, n, 2, ENC_BIG_ENDIAN);
1232
1
        shrub = proto_item_add_subtree(ti, ett_values);
1233
1
        n += 2;
1234
37
        while (i-- > 0) {
1235
36
            siz = tvb_get_ntohl(tvb, n);
1236
36
            proto_tree_add_int(shrub, hf_val_length, tvb, n, 4, siz);
1237
36
            n += 4;
1238
36
            if (siz > 0) {
1239
2
                proto_tree_add_item(shrub, hf_val_data, tvb, n, siz, ENC_NA);
1240
2
                n += siz;
1241
2
            }
1242
36
        }
1243
1
        break;
1244
1245
    /* Command completion */
1246
0
    case 'C':
1247
0
        siz = tvb_strsize(tvb, n);
1248
0
        proto_tree_add_item(tree, hf_tag, tvb, n, siz, ENC_ASCII);
1249
0
        break;
1250
1251
    /* Ready */
1252
0
    case 'Z':
1253
0
        proto_tree_add_item(tree, hf_status, tvb, n, 1, ENC_BIG_ENDIAN);
1254
0
        break;
1255
1256
    /* Error, Notice */
1257
0
    case 'E':
1258
0
    case 'N':
1259
0
        length -= 4;
1260
0
        while ((signed)length > 0) {
1261
0
            c = tvb_get_uint8(tvb, n);
1262
0
            if (c == '\0')
1263
0
                break;
1264
0
            --length;
1265
0
            i = hf_text;
1266
0
            switch (c) {
1267
0
            case 'S': i = hf_severity;          break;
1268
0
            case 'C': i = hf_code;              break;
1269
0
            case 'M': i = hf_message;           break;
1270
0
            case 'D': i = hf_detail;            break;
1271
0
            case 'H': i = hf_hint;              break;
1272
0
            case 'P': i = hf_position;          break;
1273
0
            case 'p': i = hf_internal_position; break;
1274
0
            case 'q': i = hf_internal_query;    break;
1275
0
            case 'W': i = hf_where;             break;
1276
0
            case 's': i = hf_schema_name;       break;
1277
0
            case 't': i = hf_table_name;        break;
1278
0
            case 'c': i = hf_column_name;       break;
1279
0
            case 'd': i = hf_type_name;         break;
1280
0
            case 'n': i = hf_constraint_name;   break;
1281
0
            case 'F': i = hf_file;              break;
1282
0
            case 'L': i = hf_line;              break;
1283
0
            case 'R': i = hf_routine;           break;
1284
0
            }
1285
0
            proto_tree_add_item_ret_length(tree, i, tvb, n, -1, ENC_ASCII, &siz);
1286
0
            length -= siz+1;
1287
0
            n += siz+1;
1288
0
        }
1289
0
        break;
1290
1291
    /* NOTICE response */
1292
0
    case 'A':
1293
0
        proto_tree_add_item(tree, hf_pid, tvb, n, 4, ENC_BIG_ENDIAN);
1294
0
        n += 4;
1295
0
        siz = tvb_strsize(tvb, n);
1296
0
        proto_tree_add_item(tree, hf_condition, tvb, n, siz, ENC_ASCII);
1297
0
        n += siz;
1298
0
        siz = tvb_strsize(tvb, n);
1299
0
        if (siz > 1)
1300
0
            proto_tree_add_item(tree, hf_text, tvb, n, siz, ENC_ASCII);
1301
0
        break;
1302
1303
    /* Copy in/out/both */
1304
0
    case 'G':
1305
0
    case 'H':
1306
0
    case 'W':
1307
0
        proto_tree_add_item(tree, hf_format, tvb, n, 1, ENC_BIG_ENDIAN);
1308
0
        n += 1;
1309
0
        i = tvb_get_ntohs(tvb, n);
1310
0
        shrub = proto_tree_add_subtree_format(tree, tvb, n, 2, ett_values, NULL, "Columns: %d", i);
1311
0
        n += 2;
1312
0
        while (i-- > 2) {
1313
0
            proto_tree_add_item(shrub, hf_format, tvb, n, 2, ENC_BIG_ENDIAN);
1314
0
            n += 2;
1315
0
        }
1316
0
        break;
1317
1318
    /* Copy data */
1319
0
    case 'd':
1320
0
        dissect_pgsql_copy_data_be_msg(length, tvb, n, tree, pinfo, conv_data);
1321
0
        break;
1322
1323
    /* Function call response */
1324
0
    case 'V':
1325
0
        siz = tvb_get_ntohl(tvb, n);
1326
0
        proto_tree_add_int(tree, hf_val_length, tvb, n, 4, siz);
1327
0
        if (siz > 0)
1328
0
            proto_tree_add_item(tree, hf_val_data, tvb, n+4, siz, ENC_NA);
1329
0
        break;
1330
1331
    /* Negotiate Protocol Version */
1332
0
    case 'v':
1333
0
        proto_tree_add_item(tree, hf_supported_minor_version, tvb, n, 4, ENC_BIG_ENDIAN);
1334
0
        n += 4;
1335
0
        proto_tree_add_item_ret_int(tree, hf_number_nonsupported_options, tvb, n, 4, ENC_BIG_ENDIAN, &num_nonsupported_options);
1336
0
        n += 4;
1337
0
        while (num_nonsupported_options > 0) {
1338
0
            siz = tvb_strsize(tvb, n);
1339
0
            proto_tree_add_item(tree, hf_nonsupported_option, tvb, n, siz, ENC_ASCII);
1340
0
            n += siz;
1341
0
            num_nonsupported_options--;
1342
0
        }
1343
0
        break;
1344
4
    }
1345
4
}
1346
1347
/* This function is called by tcp_dissect_pdus() to find the size of the
1348
   message starting at tvb[offset]. */
1349
static unsigned
1350
pgsql_length(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
1351
13
{
1352
13
    int n = 0;
1353
13
    unsigned char type;
1354
13
    unsigned length;
1355
1356
    /* The length is either the four bytes after the type, or, if the
1357
       type is 0, the first four bytes. */
1358
13
    type = tvb_get_uint8(tvb, offset);
1359
13
    if (type != '\0')
1360
11
        n = 1;
1361
13
    length = tvb_get_ntohl(tvb, offset+n);
1362
13
    return length+n;
1363
13
}
1364
1365
/* This function is called by tcp_dissect_pdus() to find the size of the
1366
   wrapped GSS-API message starting at tvb[offset] whe. */
1367
static unsigned
1368
pgsql_gssapi_length(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
1369
0
{
1370
    /* The length of the GSS-API message is the first four bytes, and does
1371
     * not include the 4 byte length (the gss_wrap). */
1372
0
    return tvb_get_ntohl(tvb, offset) + 4;
1373
0
}
1374
1375
1376
/* This function is responsible for dissecting a single message. */
1377
1378
static int
1379
dissect_pgsql_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1380
13
{
1381
13
    proto_item *ti, *hidden_item;
1382
13
    proto_tree *ptree;
1383
13
    conversation_t      *conversation;
1384
13
    pgsql_conn_data_t   *conn_data;
1385
13
    pgsql_auth_state_t   state;
1386
1387
13
    int n;
1388
13
    unsigned char type;
1389
13
    const char *typestr;
1390
13
    unsigned length;
1391
13
    bool fe;
1392
1393
13
    conversation = find_or_create_conversation(pinfo);
1394
13
    conn_data = (pgsql_conn_data_t *)conversation_get_proto_data(conversation, proto_pgsql);
1395
13
    if (!conn_data) {
1396
9
        conn_data = wmem_new(wmem_file_scope(), pgsql_conn_data_t);
1397
9
        conn_data->state_tree = wmem_tree_new(wmem_file_scope());
1398
9
        conn_data->server_port = pinfo->match_uint;
1399
9
        conn_data->streamed_txn = false;
1400
9
        wmem_tree_insert32(conn_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_STATE_NONE));
1401
9
        conversation_add_proto_data(conversation, proto_pgsql, conn_data);
1402
9
    }
1403
1404
13
    fe = (conn_data->server_port == pinfo->destport);
1405
1406
13
    n = 0;
1407
13
    type = tvb_get_uint8(tvb, 0);
1408
13
    if (type != '\0')
1409
11
        n += 1;
1410
13
    length = tvb_get_ntohl(tvb, n);
1411
1412
    /* This is like specifying VALS(messages) for hf_type, which we can't do
1413
       directly because of messages without type bytes, and because the type
1414
       interpretation depends on fe. */
1415
13
    if (fe) {
1416
        /* There are a few frontend messages that have no leading type byte.
1417
           We identify them by the fact that the first byte of their length
1418
           must be zero, and that the next four bytes are a unique tag. */
1419
9
        if (type == '\0') {
1420
2
            unsigned tag = tvb_get_ntohl(tvb, 4);
1421
1422
2
            if (length == 16 && tag == PGSQL_CANCELREQUEST)
1423
0
                typestr = "Cancel request";
1424
2
            else if (length == 8 && tag == PGSQL_SSLREQUEST)
1425
0
                typestr = "SSL request";
1426
2
            else if (length == 8 && tag == PGSQL_GSSENCREQUEST)
1427
0
                typestr = "GSS encrypt request";
1428
2
            else if (tag >= PGSQL_VERSION_MIN && tag <= PGSQL_VERSION_MAX)
1429
0
                typestr = "Startup message";
1430
2
            else
1431
2
                typestr = "Unknown";
1432
7
        } else if (type == 'p') {
1433
0
            state = GPOINTER_TO_UINT(wmem_tree_lookup32_le(conn_data->state_tree, pinfo->num));
1434
0
            switch (state) {
1435
0
                case PGSQL_AUTH_SASL_REQUESTED:
1436
0
                    typestr = "SASLInitialResponse message";
1437
0
                    break;
1438
0
                case PGSQL_AUTH_SASL_CONTINUE:
1439
0
                    typestr = "SASLResponse message";
1440
0
                    break;
1441
0
                case PGSQL_AUTH_GSSAPI_SSPI_DATA:
1442
0
                    typestr = "GSSResponse message";
1443
0
                    break;
1444
0
                default:
1445
0
                    typestr = "Password message";
1446
0
                    break;
1447
0
            }
1448
0
        } else
1449
7
            typestr = val_to_str_const(type, fe_messages, "Unknown");
1450
9
    }
1451
4
    else {
1452
4
        typestr = val_to_str_const(type, be_messages, "Unknown");
1453
4
    }
1454
1455
    /* This is a terrible hack. It makes the "Info" column reflect
1456
        the contents of every message in a TCP packet. Could it be
1457
        done any better? */
1458
13
    col_append_fstr(pinfo->cinfo, COL_INFO, "%s%c",
1459
13
                    ( first_message ? "" : "/" ), g_ascii_isprint(type) ? type : '?');
1460
13
    first_message = false;
1461
1462
13
    {
1463
13
        ti = proto_tree_add_item(tree, proto_pgsql, tvb, 0, -1, ENC_NA);
1464
13
        ptree = proto_item_add_subtree(ti, ett_pgsql);
1465
1466
13
        n = 1;
1467
13
        if (type == '\0')
1468
2
            n = 0;
1469
13
        proto_tree_add_string(ptree, hf_type, tvb, 0, n, typestr);
1470
13
        proto_tree_add_item(ptree, hf_length, tvb, n, 4, ENC_BIG_ENDIAN);
1471
13
        hidden_item = proto_tree_add_boolean(ptree, hf_frontend, tvb, 0, 0, fe);
1472
13
        proto_item_set_hidden(hidden_item);
1473
13
        n += 4;
1474
1475
13
        if (fe)
1476
9
            dissect_pgsql_fe_msg(type, length, tvb, n, ptree, pinfo, conn_data);
1477
4
        else
1478
4
            dissect_pgsql_be_msg(type, length, tvb, n, ptree, pinfo, conn_data);
1479
13
    }
1480
1481
13
    return tvb_captured_length(tvb);
1482
13
}
1483
1484
static int
1485
dissect_pgsql_gssapi_wrap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1486
0
{
1487
0
    proto_item *ti;
1488
0
    proto_tree *ptree;
1489
1490
0
    conversation_t      *conversation;
1491
0
    pgsql_conn_data_t   *conn_data;
1492
1493
0
    conversation = find_or_create_conversation(pinfo);
1494
0
    conn_data = (pgsql_conn_data_t *)conversation_get_proto_data(conversation, proto_pgsql);
1495
1496
0
    if (!conn_data) {
1497
        /* This shouldn't happen. */
1498
0
        conn_data = wmem_new0(wmem_file_scope(), pgsql_conn_data_t);
1499
0
        conn_data->state_tree = wmem_tree_new(wmem_file_scope());
1500
0
        conn_data->server_port = pinfo->match_uint;
1501
0
        wmem_tree_insert32(conn_data->state_tree, pinfo->num, GUINT_TO_POINTER(PGSQL_AUTH_GSSAPI_SSPI_DATA));
1502
0
        conversation_add_proto_data(conversation, proto_pgsql, conn_data);
1503
0
    }
1504
1505
0
    bool fe = (pinfo->destport == conn_data->server_port);
1506
1507
0
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "PGSQL");
1508
0
    col_set_str(pinfo->cinfo, COL_INFO,
1509
0
                    fe ? ">" : "<");
1510
1511
0
    ti = proto_tree_add_item(tree, proto_pgsql, tvb, 0, -1, ENC_NA);
1512
0
    ptree = proto_item_add_subtree(ti, ett_pgsql);
1513
1514
0
    proto_tree_add_string(ptree, hf_type, tvb, 0, 0, "GSS-API encrypted message");
1515
0
    proto_tree_add_item(ptree, hf_length, tvb, 0, 4, ENC_BIG_ENDIAN);
1516
1517
0
    gssapi_encrypt_info_t encrypt;
1518
0
    memset(&encrypt, 0, sizeof(encrypt));
1519
0
    encrypt.decrypt_gssapi_tvb = DECRYPT_GSSAPI_NORMAL;
1520
1521
0
    int ver_len;
1522
0
    tvbuff_t *gssapi_tvb = tvb_new_subset_remaining(tvb, 4);
1523
1524
0
    ver_len = call_dissector_with_data(gssapi_handle, gssapi_tvb, pinfo, ptree, &encrypt);
1525
0
    if (ver_len == 0) {
1526
        /* GSS-API couldn't do anything with it. */
1527
0
        return tvb_captured_length(tvb);
1528
0
    }
1529
0
    if (encrypt.gssapi_data_encrypted) {
1530
0
        if (encrypt.gssapi_decrypted_tvb) {
1531
0
            tvbuff_t *decr_tvb = encrypt.gssapi_decrypted_tvb;
1532
0
            add_new_data_source(pinfo, encrypt.gssapi_decrypted_tvb, "Decrypted GSS-API");
1533
0
            dissect_pgsql_msg(decr_tvb, pinfo, ptree, data);
1534
0
        } else {
1535
            /* Encrypted but couldn't be decrypted. */
1536
0
            proto_tree_add_item(ptree, hf_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
1537
0
        }
1538
0
    } else {
1539
        /* No encrypted (sealed) payload. If any bytes are left, that is
1540
         * signed-only payload. */
1541
0
        tvbuff_t *plain_tvb;
1542
0
        if (encrypt.gssapi_decrypted_tvb) {
1543
0
            plain_tvb = encrypt.gssapi_decrypted_tvb;
1544
0
        } else {
1545
0
            plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
1546
0
        }
1547
0
        if (tvb_reported_length(plain_tvb)) {
1548
0
            dissect_pgsql_msg(plain_tvb, pinfo, ptree, data);
1549
0
        }
1550
0
    }
1551
0
    return tvb_captured_length(tvb);
1552
0
}
1553
1554
static int
1555
dissect_pgsql_gssapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1556
0
{
1557
0
    tcp_dissect_pdus(tvb, pinfo, tree, pgsql_desegment, 4,
1558
0
                     pgsql_gssapi_length, dissect_pgsql_gssapi_wrap, data);
1559
0
    return tvb_captured_length(tvb);
1560
0
}
1561
1562
/* This function is called once per TCP packet. It sets COL_PROTOCOL and
1563
 * identifies FE/BE messages by adding a ">" or "<" to COL_INFO. Then it
1564
 * arranges for each message to be dissected individually. */
1565
1566
static int
1567
dissect_pgsql(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
1568
18
{
1569
18
    proto_item          *ti;
1570
18
    proto_tree          *ptree;
1571
18
    conversation_t      *conversation;
1572
18
    pgsql_conn_data_t   *conn_data;
1573
18
    pgsql_auth_state_t   state;
1574
1575
18
    first_message = true;
1576
1577
18
    conversation = find_or_create_conversation(pinfo);
1578
18
    conn_data = (pgsql_conn_data_t *)conversation_get_proto_data(conversation, proto_pgsql);
1579
1580
18
    bool fe = (pinfo->match_uint == pinfo->destport);
1581
1582
18
    if (fe && tvb_get_uint8(tvb, 0) == 0x16 &&
1583
0
        (!conn_data || wmem_tree_lookup32_le(conn_data->state_tree, pinfo->num) == NULL))
1584
0
    {
1585
        /* This is the first message in the conversation, and it looks
1586
         * like a TLS handshake. Assume the client is performing
1587
         * "direct SSL" negotiation.
1588
         */
1589
0
        tls_set_appdata_dissector(tls_handle, pinfo, pgsql_handle);
1590
0
    }
1591
1592
18
    if (!tvb_ascii_isprint(tvb, 0, 1) && tvb_get_uint8(tvb, 0) != '\0') {
1593
        /* Doesn't look like the start of a PostgreSQL packet. Have we
1594
         * seen Postgres yet?
1595
         */
1596
7
        if (!conn_data || wmem_tree_lookup32_le(conn_data->state_tree, pinfo->num) == NULL) {
1597
            /* No. Reject. This might be PostgreSQL over TLS and we missed
1598
             * the start of the transaction. The TLS dissector should get
1599
             * a chance.
1600
             */
1601
7
            return 0;
1602
7
        }
1603
        /* Was there segmentation, and we lost a packet or were out of
1604
         * order without out of order processing, or we couldn't do
1605
         * desegmentation of a segment because of a bad checksum?
1606
         * XXX: Should we call this Continuation Data if this happens,
1607
         * so we don't send it to tcp_dissect_pdus()?
1608
         */
1609
7
    }
1610
1611
11
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "PGSQL");
1612
11
    col_set_str(pinfo->cinfo, COL_INFO,
1613
11
                    fe ? ">" : "<");
1614
1615
11
    if (conn_data && !fe) {
1616
0
        state = GPOINTER_TO_UINT(wmem_tree_lookup32_le(conn_data->state_tree, pinfo->num));
1617
0
        if (state == PGSQL_AUTH_SSL_REQUESTED) {
1618
            /* Response to SSLRequest. */
1619
0
            wmem_tree_insert32(conn_data->state_tree, pinfo->num + 1, GUINT_TO_POINTER(PGSQL_AUTH_STATE_NONE));
1620
0
            ti = proto_tree_add_item(tree, proto_pgsql, tvb, 0, -1, ENC_NA);
1621
0
            ptree = proto_item_add_subtree(ti, ett_pgsql);
1622
0
            proto_tree_add_string(ptree, hf_type, tvb, 0, 0, "SSL response");
1623
0
            proto_tree_add_item(ptree, hf_ssl_response, tvb, 0, 1, ENC_ASCII);
1624
0
            switch (tvb_get_uint8(tvb, 0)) {
1625
0
            case 'S':   /* Willing to perform SSL */
1626
                /* Next packet will start using SSL. */
1627
0
                ssl_starttls_ack(tls_handle, pinfo, pgsql_handle);
1628
0
                break;
1629
0
            case 'E':   /* ErrorResponse when server does not support SSL. */
1630
                /* Process normally. */
1631
0
                tcp_dissect_pdus(tvb, pinfo, tree, pgsql_desegment, 5,
1632
0
                                 pgsql_length, dissect_pgsql_msg, data);
1633
0
                break;
1634
0
            case 'N':   /* Unwilling to perform SSL */
1635
0
            default:    /* Unexpected response. */
1636
                /* TODO: maybe add expert info here? */
1637
0
                break;
1638
0
            }
1639
            /* XXX: If it's anything other than 'E', a length of more
1640
             * than one character is unexpected and should possibly have
1641
             * an expert info (possible MitM:
1642
             * https://www.postgresql.org/support/security/CVE-2021-23222/ )
1643
             */
1644
0
            return tvb_captured_length(tvb);
1645
0
        } else if (state == PGSQL_AUTH_GSSENC_REQUESTED) {
1646
            /* Response to GSSENCRequest. */
1647
0
            wmem_tree_insert32(conn_data->state_tree, pinfo->num + 1, GUINT_TO_POINTER(PGSQL_AUTH_STATE_NONE));
1648
0
            ti = proto_tree_add_item(tree, proto_pgsql, tvb, 0, -1, ENC_NA);
1649
0
            ptree = proto_item_add_subtree(ti, ett_pgsql);
1650
0
            proto_tree_add_string(ptree, hf_type, tvb, 0, 0, "GSS encrypt response");
1651
0
            proto_tree_add_item(ptree, hf_gssenc_response, tvb, 0, 1, ENC_ASCII);
1652
0
            switch (tvb_get_uint8(tvb, 0)) {
1653
0
            case 'E':   /* ErrorResponse; server does not support GSSAPI. */
1654
                /* Process normally. */
1655
0
                tcp_dissect_pdus(tvb, pinfo, tree, pgsql_desegment, 5,
1656
0
                                 pgsql_length, dissect_pgsql_msg, data);
1657
0
                break;
1658
0
            case 'G':   /* Willing to perform GSSAPI Enc */
1659
0
                wmem_tree_insert32(conn_data->state_tree, pinfo->num + 1, GUINT_TO_POINTER(PGSQL_AUTH_GSSAPI_SSPI_DATA));
1660
0
                conversation_set_dissector_from_frame_number(conversation, pinfo->num + 1, pgsql_gssapi_handle);
1661
0
                break;
1662
0
            case 'N':   /* Unwilling to perform GSSAPI Enc */
1663
0
            default:    /* Unexpected response. */
1664
                /* TODO: maybe add expert info here? */
1665
0
                break;
1666
0
            }
1667
0
            return tvb_captured_length(tvb);
1668
0
        }
1669
0
    }
1670
1671
11
    tcp_dissect_pdus(tvb, pinfo, tree, pgsql_desegment, 5,
1672
11
                     pgsql_length, dissect_pgsql_msg, data);
1673
11
    return tvb_captured_length(tvb);
1674
11
}
1675
1676
void
1677
proto_register_pgsql(void)
1678
14
{
1679
14
    static hf_register_info hf[] = {
1680
14
        { &hf_frontend,
1681
14
          { "Frontend", "pgsql.frontend", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1682
14
            "True for messages from the frontend, false otherwise.",
1683
14
            HFILL }
1684
14
        },
1685
14
        { &hf_type,
1686
14
          { "Type", "pgsql.type", FT_STRING, BASE_NONE, NULL, 0,
1687
14
            "A one-byte message type identifier.", HFILL }
1688
14
        },
1689
14
        { &hf_length,
1690
14
          { "Length", "pgsql.length", FT_UINT32, BASE_DEC, NULL, 0,
1691
14
            "The length of the message (not including the type).",
1692
14
            HFILL }
1693
14
        },
1694
14
        { &hf_version_major,
1695
14
          { "Protocol major version", "pgsql.version_major", FT_UINT16, BASE_DEC, NULL, 0,
1696
14
            NULL, HFILL }
1697
14
        },
1698
14
        { &hf_version_minor,
1699
14
          { "Protocol minor version", "pgsql.version_minor", FT_UINT16, BASE_DEC, NULL, 0,
1700
14
            NULL, HFILL }
1701
14
        },
1702
14
        { &hf_request_code,
1703
14
          { "Request code", "pgsql.request_code", FT_UINT32, BASE_DEC,
1704
14
            VALS(request_code_vals), 0, NULL, HFILL }
1705
14
        },
1706
14
        { &hf_supported_minor_version,
1707
14
          { "Supported minor version", "pgsql.version_supported_minor", FT_UINT32, BASE_DEC, NULL, 0,
1708
14
            "Newest minor protocol version supported by the server for the major protocol version requested by the client.", HFILL }
1709
14
        },
1710
14
        { &hf_number_nonsupported_options,
1711
14
          { "Number nonsupported options", "pgsql.number_nonsupported_options", FT_INT32, BASE_DEC, NULL, 0,
1712
14
            NULL, HFILL }
1713
14
        },
1714
14
        { &hf_nonsupported_option,
1715
14
          { "Nonsupported option", "pgsql.nonsupported_option", FT_STRINGZ, BASE_NONE, NULL, 0,
1716
14
            NULL, HFILL }
1717
14
        },
1718
14
        { &hf_parameter_name,
1719
14
          { "Parameter name", "pgsql.parameter_name", FT_STRINGZ,
1720
14
            BASE_NONE, NULL, 0, "The name of a database parameter.",
1721
14
            HFILL }
1722
14
        },
1723
14
        { &hf_parameter_value,
1724
14
          { "Parameter value", "pgsql.parameter_value", FT_STRINGZ,
1725
14
            BASE_NONE, NULL, 0, "The value of a database parameter.",
1726
14
            HFILL }
1727
14
        },
1728
14
        { &hf_query,
1729
14
          { "Query", "pgsql.query", FT_STRINGZ, BASE_NONE, NULL, 0,
1730
14
            "A query string.", HFILL }
1731
14
        },
1732
14
        { &hf_passwd,
1733
14
          { "Password", "pgsql.password", FT_STRINGZ, BASE_NONE, NULL, 0,
1734
14
            "A password.", HFILL }
1735
14
        },
1736
14
        { &hf_authtype,
1737
14
          { "Authentication type", "pgsql.authtype", FT_UINT32, BASE_DEC,
1738
14
            VALS(auth_types), 0,
1739
14
            "The type of authentication requested by the backend.", HFILL }
1740
14
        },
1741
14
        { &hf_salt,
1742
14
          { "Salt value", "pgsql.salt", FT_BYTES, BASE_NONE, NULL, 0,
1743
14
            "The salt to use while encrypting a password.", HFILL }
1744
14
        },
1745
14
        { &hf_gssapi_sspi_data,
1746
14
          { "GSSAPI or SSPI authentication data", "pgsql.auth.gssapi_sspi.data", FT_BYTES, BASE_NONE, NULL, 0,
1747
14
            NULL, HFILL }
1748
14
        },
1749
14
        { &hf_sasl_auth_mech,
1750
14
          { "SASL authentication mechanism", "pgsql.auth.sasl.mech", FT_STRINGZ, BASE_NONE, NULL, 0,
1751
14
            NULL, HFILL }
1752
14
        },
1753
14
        { &hf_sasl_auth_data_length,
1754
14
          { "SASL authentication data length", "pgsql.auth.sasl.data.length", FT_INT32, BASE_DEC, NULL, 0,
1755
14
            NULL, HFILL }
1756
14
        },
1757
14
        { &hf_sasl_auth_data,
1758
14
          { "SASL authentication data", "pgsql.auth.sasl.data", FT_BYTES, BASE_NONE, NULL, 0,
1759
14
            NULL, HFILL }
1760
14
        },
1761
14
        { &hf_statement,
1762
14
          { "Statement", "pgsql.statement", FT_STRINGZ, BASE_NONE, NULL, 0,
1763
14
            "The name of a prepared statement.", HFILL }
1764
14
        },
1765
14
        { &hf_portal,
1766
14
          { "Portal", "pgsql.portal", FT_STRINGZ, BASE_NONE, NULL, 0,
1767
14
            "The name of a portal.", HFILL }
1768
14
        },
1769
14
        { &hf_return,
1770
14
          { "Returns", "pgsql.returns", FT_UINT32, BASE_DEC,
1771
14
            NULL, 0,
1772
14
            NULL, HFILL }
1773
14
        },
1774
14
        { &hf_tag,
1775
14
          { "Tag", "pgsql.tag", FT_STRINGZ, BASE_NONE, NULL, 0,
1776
14
            "A completion tag.", HFILL }
1777
14
        },
1778
14
        { &hf_status,
1779
14
          { "Status", "pgsql.status", FT_UINT8, BASE_DEC, VALS(status_vals),
1780
14
            0, "The transaction status of the backend.", HFILL }
1781
14
        },
1782
14
        { &hf_copydata,
1783
14
          { "Copy data", "pgsql.copydata", FT_BYTES, BASE_NONE, NULL, 0,
1784
14
            "Data sent following a Copy-in or Copy-out response.", HFILL }
1785
14
        },
1786
14
        { &hf_copydata_type,
1787
14
          { "Copy data type", "pgsql.copydata_type", FT_STRING, BASE_NONE, NULL, 0,
1788
14
            "A one-byte message type identifier for Copy data.", HFILL }
1789
14
        },
1790
14
        { &hf_xlogdata,
1791
14
          { "XLog data", "pgsql.xlogdata", FT_BYTES, BASE_NONE, NULL, 0,
1792
14
            "XLog data.", HFILL }
1793
14
        },
1794
14
        { &hf_error,
1795
14
          { "Error", "pgsql.error", FT_STRINGZ, BASE_NONE, NULL, 0,
1796
14
            "An error message.", HFILL }
1797
14
        },
1798
14
        { &hf_pid,
1799
14
          { "PID", "pgsql.pid", FT_UINT32, BASE_DEC, NULL, 0,
1800
14
            "The process ID of a backend.", HFILL }
1801
14
        },
1802
14
        { &hf_key,
1803
14
          { "Key", "pgsql.key", FT_UINT32, BASE_DEC, NULL, 0,
1804
14
            "The secret key used by a particular backend.", HFILL }
1805
14
        },
1806
14
        { &hf_condition,
1807
14
          { "Condition", "pgsql.condition", FT_STRINGZ, BASE_NONE, NULL, 0,
1808
14
            "The name of a NOTIFY condition.", HFILL }
1809
14
        },
1810
14
        { &hf_text,
1811
14
          { "Text", "pgsql.text", FT_STRINGZ, BASE_NONE, NULL, 0,
1812
14
            "Text from the backend.", HFILL }
1813
14
        },
1814
14
        { &hf_tableoid,
1815
14
          { "Table OID", "pgsql.oid.table", FT_UINT32, BASE_DEC, NULL, 0,
1816
14
            "The object identifier of a table.", HFILL }
1817
14
        },
1818
14
        { &hf_typeoid,
1819
14
          { "Type OID", "pgsql.oid.type", FT_UINT32, BASE_DEC, NULL, 0,
1820
14
            "The object identifier of a type.", HFILL }
1821
14
        },
1822
14
        { &hf_oid,
1823
14
          { "OID", "pgsql.oid", FT_UINT32, BASE_DEC, NULL, 0,
1824
14
            "An object identifier.", HFILL }
1825
14
        },
1826
14
        { &hf_format,
1827
14
          { "Format", "pgsql.format", FT_UINT16, BASE_DEC, VALS(format_vals),
1828
14
            0, "A format specifier.", HFILL }
1829
14
        },
1830
14
        { &hf_field_count,
1831
14
          { "Field count", "pgsql.field.count", FT_UINT16, BASE_DEC, NULL, 0,
1832
14
            "The number of fields within a row.", HFILL }
1833
14
        },
1834
14
        { &hf_val_name,
1835
14
          { "Column name", "pgsql.col.name", FT_STRINGZ, BASE_NONE, NULL, 0,
1836
14
            "The name of a column.", HFILL }
1837
14
        },
1838
14
        { &hf_val_idx,
1839
14
          { "Column index", "pgsql.col.index", FT_UINT32, BASE_DEC, NULL, 0,
1840
14
            "The position of a column within a row.", HFILL }
1841
14
        },
1842
14
        { &hf_val_length,
1843
14
          { "Column length", "pgsql.val.length", FT_INT32, BASE_DEC, NULL, 0,
1844
14
            "The length of a parameter value, in bytes. -1 means NULL.",
1845
14
            HFILL }
1846
14
        },
1847
14
        { &hf_val_data,
1848
14
          { "Data", "pgsql.val.data", FT_BYTES, BASE_NONE, NULL, 0,
1849
14
            "Parameter data.", HFILL }
1850
14
        },
1851
14
        { &hf_val_text_data,
1852
14
          { "Text data", "pgsql.val.text_data", FT_STRING, BASE_NONE, NULL, 0,
1853
14
            "Text data.", HFILL }
1854
14
        },
1855
14
        { &hf_val_mod,
1856
14
          { "Type modifier", "pgsql.col.typemod", FT_INT32, BASE_DEC, NULL, 0,
1857
14
            "The type modifier for a column.", HFILL }
1858
14
        },
1859
14
        { &hf_severity,
1860
14
          { "Severity", "pgsql.severity", FT_STRINGZ, BASE_NONE, NULL, 0,
1861
14
            "Message severity.", HFILL }
1862
14
        },
1863
14
        { &hf_code,
1864
14
          { "Code", "pgsql.code", FT_STRINGZ, BASE_NONE, NULL, 0,
1865
14
            "SQLState code.", HFILL }
1866
14
        },
1867
14
        { &hf_message,
1868
14
          { "Message", "pgsql.message", FT_STRINGZ, BASE_NONE, NULL, 0,
1869
14
            "Error message.", HFILL }
1870
14
        },
1871
14
        { &hf_detail,
1872
14
          { "Detail", "pgsql.detail", FT_STRINGZ, BASE_NONE, NULL, 0,
1873
14
            "Detailed error message.", HFILL }
1874
14
        },
1875
14
        { &hf_hint,
1876
14
          { "Hint", "pgsql.hint", FT_STRINGZ, BASE_NONE, NULL, 0,
1877
14
            "A suggestion to resolve an error.", HFILL }
1878
14
        },
1879
14
        { &hf_position,
1880
14
          { "Position", "pgsql.position", FT_STRINGZ, BASE_NONE, NULL, 0,
1881
14
            "The index of the error within the query string.", HFILL }
1882
14
        },
1883
14
        { &hf_internal_position,
1884
14
          { "Position (Internal)", "pgsql.internal_position", FT_STRINGZ, BASE_NONE, NULL, 0,
1885
14
            "The index of the error within the internally-generated query string.", HFILL }
1886
14
        },
1887
14
        { &hf_internal_query,
1888
14
          { "Query (Internal)", "pgsql.internal_query", FT_STRINGZ, BASE_NONE, NULL, 0,
1889
14
            "The internally-generated query string", HFILL }
1890
14
        },
1891
14
        { &hf_where,
1892
14
          { "Context", "pgsql.where", FT_STRINGZ, BASE_NONE, NULL, 0,
1893
14
            "The context in which an error occurred.", HFILL }
1894
14
        },
1895
14
        { &hf_schema_name,
1896
14
          { "Schema", "pgsql.schema_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1897
14
            "The schema with which an error is associated.", HFILL }
1898
14
        },
1899
14
        { &hf_table_name,
1900
14
          { "Table", "pgsql.table_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1901
14
            "The table with which an error is associated.", HFILL }
1902
14
        },
1903
14
        { &hf_column_name,
1904
14
          { "Column", "pgsql.column_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1905
14
            "The column with which an error is associated.", HFILL }
1906
14
        },
1907
14
        { &hf_type_name,
1908
14
          { "Type", "pgsql.type_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1909
14
            "The date type with which an error is associated.", HFILL }
1910
14
        },
1911
14
        { &hf_constraint_name,
1912
14
          { "Constraint", "pgsql.constraint_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1913
14
            "The constraint with which an error is associated.", HFILL }
1914
14
        },
1915
14
        { &hf_file,
1916
14
          { "File", "pgsql.file", FT_STRINGZ, BASE_NONE, NULL, 0,
1917
14
            "The source-code file where an error was reported.", HFILL }
1918
14
        },
1919
14
        { &hf_line,
1920
14
          { "Line", "pgsql.line", FT_STRINGZ, BASE_NONE, NULL, 0,
1921
14
            "The line number on which an error was reported.", HFILL }
1922
14
        },
1923
14
        { &hf_routine,
1924
14
          { "Routine", "pgsql.routine", FT_STRINGZ, BASE_NONE, NULL, 0,
1925
14
            "The routine that reported an error.", HFILL }
1926
14
        },
1927
14
        { &hf_ssl_response,
1928
14
          { "SSL Response", "pgsql.ssl_response", FT_CHAR, BASE_HEX,
1929
14
            VALS(ssl_response_vals), 0, NULL, HFILL }
1930
14
        },
1931
14
        { &hf_gssenc_response,
1932
14
          { "GSSAPI Encrypt Response", "pgsql.gssenc_response", FT_CHAR,
1933
14
            BASE_HEX, VALS(gssenc_response_vals), 0, NULL, HFILL }
1934
14
        },
1935
14
        { &hf_gssapi_encrypted_payload,
1936
14
          { "GSS-API encrypted payload", "pgsql.gssapi.encrypted_payload", FT_BYTES, BASE_NONE, NULL, 0,
1937
14
            NULL, HFILL }
1938
14
        },
1939
14
        { &hf_standby_clock_ts,
1940
14
          { "Server time", "pgsql.xlog_ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
1941
14
            "The server's system clock at the time of transmission.", HFILL }
1942
14
        },
1943
14
        { &hf_xid,
1944
14
          { "Transaction id", "pgsql.xid", FT_UINT32, BASE_DEC, NULL, 0,
1945
14
            "Xid of the transaction.", HFILL }
1946
14
        },
1947
14
        { &hf_xid_subtransaction,
1948
14
          { "Subtransaction id", "pgsql.xid_subtransaction", FT_UINT32, BASE_DEC, NULL, 0,
1949
14
            "Xid of the subtransaction.", HFILL }
1950
14
        },
1951
14
        { &hf_custom_type_name,
1952
14
          { "Type name", "pgsql.custom_type_name", FT_STRINGZ, BASE_NONE, NULL, 0,
1953
14
            "Name of the data type.", HFILL }
1954
14
        },
1955
14
        { &hf_namespace,
1956
14
          { "Namespace", "pgsql.namespace", FT_STRINGZ, BASE_NONE, NULL, 0,
1957
14
            "Namespace (empty string for pg_catalog).", HFILL }
1958
14
        },
1959
14
        { &hf_relation_name,
1960
14
          { "Relation name", "pgsql.relation", FT_STRINGZ, BASE_NONE, NULL, 0,
1961
14
            "Relation name.", HFILL }
1962
14
        },
1963
14
        { &hf_tuple_type,
1964
14
          { "Tuple type", "pgsql.tuple_type", FT_STRING, BASE_NONE, NULL, 0,
1965
14
            "Tuple type.", HFILL }
1966
14
        },
1967
14
        { &hf_tuple_data_type,
1968
14
          { "Tuple data type", "pgsql.tuple_data_type", FT_STRING, BASE_NONE, NULL, 0,
1969
14
            "Tuple data type.", HFILL }
1970
14
        },
1971
14
        { &hf_xlog_wal_start,
1972
14
          { "WAL start", "pgsql.xlog_wal_start", FT_UINT64, BASE_HEX, NULL, 0,
1973
14
            "The starting point of the WAL data in this message.", HFILL }
1974
14
        },
1975
14
        { &hf_xlog_wal_end,
1976
14
          { "WAL end", "pgsql.xlog_wal_end", FT_UINT64, BASE_HEX, NULL, 0,
1977
14
            "The current end of WAL on the server.", HFILL }
1978
14
        },
1979
14
        { &hf_standby_last_wal_written,
1980
14
          { "Last WAL written", "pgsql.standby.last_wal_written", FT_UINT64, BASE_HEX, NULL, 0,
1981
14
            "The location of the last WAL byte + 1 received and written to disk in the standby.", HFILL }
1982
14
        },
1983
14
        { &hf_standby_last_wal_flushed,
1984
14
          { "Last WAL flushed", "pgsql.standby.last_wal_flushed", FT_UINT64, BASE_HEX, NULL, 0,
1985
14
            "The location of the last WAL byte + 1 flushed to disk in the standby.", HFILL }
1986
14
        },
1987
14
        { &hf_standby_last_wal_applied,
1988
14
          { "Last WAL applied", "pgsql.standby.last_wal_applied", FT_UINT64, BASE_HEX, NULL, 0,
1989
14
            "The location of the last WAL byte + 1 applied in the standby.", HFILL }
1990
14
        },
1991
14
        { &hf_standby_immediate_ack,
1992
14
          { "Immediate ack", "pgsql.standby.immediate_ack", FT_BOOLEAN, BASE_NONE, NULL, 0,
1993
14
            "If true, except a reply as soon as possible. 0 otherwise.", HFILL }
1994
14
        },
1995
14
        { &hf_standby_xmin,
1996
14
          { "xmin", "pgsql.standby.xmin", FT_UINT32, BASE_DEC, NULL, 0,
1997
14
            "The standby's current global xmin, excluding the catalog_xmin from any replication slots. If both this value and the following catalog_xmin are 0, this is treated as a notification that hot standby feedback will no longer be sent on this connection. Later non-zero messages may reinitiate the feedback mechanism.", HFILL }
1998
14
        },
1999
14
        { &hf_standby_xmin_epoch,
2000
14
          { "xmin epoch", "pgsql.standby.xmin_epoch", FT_UINT32, BASE_DEC, NULL, 0,
2001
14
            "The epoch of the global xmin xid on the standby.", HFILL }
2002
14
        },
2003
14
        { &hf_standby_catalog_xmin,
2004
14
          { "catalog xmin", "pgsql.standby.catalog_xmin", FT_UINT32, BASE_DEC, NULL, 0,
2005
14
            "The lowest catalog_xmin of any replication slots on the standby. Set to 0 if no catalog_xmin exists on the standby or if hot standby feedback is being disabled.", HFILL }
2006
14
        },
2007
14
        { &hf_standby_catalog_xmin_epoch,
2008
14
          { "catalog xmin epoch", "pgsql.standby.catalog_xmin_epoch", FT_UINT32, BASE_DEC, NULL, 0,
2009
14
            "The epoch of the catalog_xmin xid on the standby.", HFILL }
2010
14
        },
2011
14
        { &hf_logical_msg_type,
2012
14
          { "Logical message type", "pgsql.logical.msg_type", FT_STRING, BASE_NONE, NULL, 0,
2013
14
            "A one-byte message type identifier for logical message.", HFILL }
2014
14
        },
2015
14
        { &hf_logical_replica_identity,
2016
14
          { "Replica identity", "pgsql.logical.replica_identity", FT_UINT8, BASE_DEC, NULL, 0,
2017
14
            "Replica identity setting for the relation (same as relreplident in pg_class).", HFILL }
2018
14
        },
2019
14
        { &hf_logical_number_columns,
2020
14
          { "Number columns", "pgsql.logical.number_columns", FT_UINT16, BASE_DEC, NULL, 0,
2021
14
            "Number of columns.", HFILL }
2022
14
        },
2023
14
        { &hf_logical_column_length,
2024
14
          { "Length column", "pgsql.logical.column_length", FT_INT32, BASE_DEC, NULL, 0,
2025
14
            "Length of the column value.", HFILL }
2026
14
        },
2027
14
        { &hf_logical_column_flags,
2028
14
          { "Column flags", "pgsql.logical.column_flags", FT_UINT8, BASE_DEC, NULL, 0,
2029
14
            "Flags for the column. Currently can be either 0 for no flags or 1 which marks the column as part of the key.", HFILL }
2030
14
        },
2031
14
        { &hf_logical_column_name,
2032
14
          { "Column name", "pgsql.logical.column_name", FT_STRING, BASE_NONE, NULL, 0,
2033
14
            "Name of the column.", HFILL }
2034
14
        },
2035
14
        { &hf_logical_column_oid,
2036
14
          { "Column OID", "pgsql.logical.column_oid", FT_UINT32, BASE_DEC, NULL, 0,
2037
14
            "OID of the column's data type.", HFILL }
2038
14
        },
2039
14
        { &hf_logical_column_type_modifier,
2040
14
          { "Type modifier", "pgsql.logical.type_modifier", FT_INT32, BASE_DEC, NULL, 0,
2041
14
            "Type modifier of the column (atttypmod).", HFILL }
2042
14
        },
2043
14
        { &hf_relation_oid,
2044
14
          { "Relation OID", "pgsql.relation_oid", FT_UINT32, BASE_DEC, NULL, 0,
2045
14
            "OID of the relation.", HFILL }
2046
14
        },
2047
14
        { &hf_logical_lsn_final,
2048
14
          { "LSN transaction", "pgsql.logical.lsn", FT_UINT64, BASE_HEX, NULL, 0,
2049
14
            "The final LSN of the transaction.", HFILL }
2050
14
        },
2051
14
        { &hf_logical_prepare_flags,
2052
14
          { "Prepare flags", "pgsql.logical.prepare.flags", FT_UINT8, BASE_DEC, NULL, 0,
2053
14
            "Prepare Flags. Currently unused.", HFILL }
2054
14
        },
2055
14
        { &hf_logical_prepare_gid,
2056
14
          { "Prepare GID", "pgsql.logical.prepare.gid", FT_STRING, BASE_NONE, NULL, 0,
2057
14
            "The user defined GID of the prepared transaction.", HFILL }
2058
14
        },
2059
14
        { &hf_logical_prepare_lsn,
2060
14
          { "LSN prepare", "pgsql.logical.prepare.lsn", FT_UINT64, BASE_HEX, NULL, 0,
2061
14
            "The LSN of the prepare.", HFILL }
2062
14
        },
2063
14
        { &hf_logical_prepare_lsn_end,
2064
14
          { "LSN prepare end", "pgsql.logical.prepare.lsn_end", FT_UINT64, BASE_HEX, NULL, 0,
2065
14
            "The end LSN of the prepared transaction.", HFILL }
2066
14
        },
2067
14
        { &hf_logical_prepare_lsn_rollback,
2068
14
          { "LSN rollback prepare end", "pgsql.logical.prepare.rollback_lsn_end", FT_UINT64, BASE_HEX, NULL, 0,
2069
14
            "The end LSN of the rollback of the prepared transaction.", HFILL }
2070
14
        },
2071
14
        { &hf_logical_commit_ts,
2072
14
          { "Commit timestamp", "pgsql.logical.commit_ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
2073
14
            "Commit timestamp of the transaction.", HFILL }
2074
14
        },
2075
14
        { &hf_logical_prepare_ts,
2076
14
          { "Prepare timestamp", "pgsql.logical.prepare.ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
2077
14
            "Prepare timestamp of the transaction.", HFILL }
2078
14
        },
2079
14
        { &hf_logical_prepare_commit_ts,
2080
14
          { "Commit timestamp", "pgsql.logical.prepare.commit_ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
2081
14
            "Commit timestamp of the transaction.", HFILL }
2082
14
        },
2083
14
        { &hf_logical_prepare_rollback_ts,
2084
14
          { "Rollback timestamp", "pgsql.logical.prepare.rollback_ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
2085
14
            "Rollback timestamp of the transaction.", HFILL }
2086
14
        },
2087
14
        { &hf_logical_relation_number,
2088
14
          { "Number relations", "pgsql.logical.relation_number", FT_UINT32, BASE_DEC, NULL, 0,
2089
14
            "Number of relations.", HFILL }
2090
14
        },
2091
14
        { &hf_logical_truncate_flags,
2092
14
          { "Truncate flags", "pgsql.logical.truncate_flags", FT_INT8, BASE_DEC, NULL, 0,
2093
14
            "Truncate Flags. 1 for CASCADE, 2 for RESTART IDENTITY.", HFILL }
2094
14
        },
2095
14
        { &hf_logical_commit_flags,
2096
14
          { "Commit flags", "pgsql.logical.commit_flags", FT_INT8, BASE_DEC, NULL, 0,
2097
14
            "Commit Flags. Currently unused.", HFILL }
2098
14
        },
2099
14
        { &hf_logical_lsn_commit,
2100
14
          { "Commit LSN", "pgsql.logical.lsn_commit", FT_UINT64, BASE_HEX, NULL, 0,
2101
14
            "The LSN of the commit.", HFILL }
2102
14
        },
2103
14
        { &hf_logical_lsn_transaction,
2104
14
          { "Transaction LSN", "pgsql.logical.lsn_transaction", FT_UINT64, BASE_HEX, NULL, 0,
2105
14
            "The end LSN of the transaction.", HFILL }
2106
14
        },
2107
14
        { &hf_logical_lsn_origin,
2108
14
          { "Origin LSN", "pgsql.logical.lsn_origin", FT_UINT64, BASE_HEX, NULL, 0,
2109
14
            "The LSN of the commit on the origin server.", HFILL }
2110
14
        },
2111
14
        { &hf_logical_lsn_abort,
2112
14
          { "Abort LSN", "pgsql.logical.lsn_abort", FT_UINT64, BASE_HEX, NULL, 0,
2113
14
            "The LSN of the abort.", HFILL }
2114
14
        },
2115
14
        { &hf_logical_message_flags,
2116
14
          { "Message flags", "pgsql.logical.message.flags", FT_UINT8, BASE_DEC, NULL, 0,
2117
14
            "Message Flags. Either 0 for no flags or 1 if the logical decoding message is transactional.", HFILL }
2118
14
        },
2119
14
        { &hf_logical_message_lsn,
2120
14
          { "LSN message", "pgsql.logical.message.lsn", FT_UINT64, BASE_HEX, NULL, 0,
2121
14
            "The LSN of the logical decoding message.", HFILL }
2122
14
        },
2123
14
        { &hf_logical_message_prefix,
2124
14
          { "Message prefix", "pgsql.logical.message.prefix", FT_STRING, BASE_NONE, NULL, 0,
2125
14
            "The prefix of the logical decoding message.", HFILL }
2126
14
        },
2127
14
        { &hf_logical_message_content,
2128
14
          { "Message content", "pgsql.logical.message.content", FT_STRING, BASE_NONE, NULL, 0,
2129
14
            "The content of the logical decoding message.", HFILL }
2130
14
        },
2131
14
        { &hf_logical_message_length,
2132
14
          { "Message length", "pgsql.logical.message.length", FT_INT32, BASE_DEC, NULL, 0,
2133
14
            NULL, HFILL }
2134
14
        },
2135
14
        { &hf_logical_stream_first_segment,
2136
14
          { "First segment", "pgsql.logical.stream.first_segment", FT_INT8, BASE_DEC, NULL, 0,
2137
14
            "First segment.", HFILL }
2138
14
        },
2139
14
        { &hf_logical_stream_flags,
2140
14
          { "Stream flags", "pgsql.logical.stream.flags", FT_INT8, BASE_DEC, NULL, 0,
2141
14
            "Stream flags. Currently Unused.", HFILL }
2142
14
        },
2143
14
        { &hf_logical_stream_abort_ts,
2144
14
          { "Abort timestamp", "pgsql.logical.stream.abort_ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
2145
14
            "Abort timestamp of the transaction.", HFILL }
2146
14
        },
2147
14
        { &hf_logical_origin_name,
2148
14
          { "Origin name", "pgsql.logical.origin_name", FT_STRING, BASE_NONE, NULL, 0,
2149
14
            "Name of the origin.", HFILL }
2150
14
        },
2151
14
    };
2152
2153
14
    static int *ett[] = {
2154
14
        &ett_pgsql,
2155
14
        &ett_values
2156
14
    };
2157
2158
14
    proto_pgsql = proto_register_protocol("PostgreSQL", "PGSQL", "pgsql");
2159
14
    pgsql_handle = register_dissector("pgsql", dissect_pgsql, proto_pgsql);
2160
14
    proto_register_field_array(proto_pgsql, hf, array_length(hf));
2161
14
    proto_register_subtree_array(ett, array_length(ett));
2162
2163
    /* Unfortunately there's no way to set up a GSS-API conversation
2164
     * instructing the GSS-API dissector to use our wrap handle; that
2165
     * only works for protocols that have an OID and that begin the
2166
     * GSS-API conversation by sending that OID.
2167
     */
2168
14
    pgsql_gssapi_handle = register_dissector("pgsql.gssapi", dissect_pgsql_gssapi, proto_pgsql);
2169
14
}
2170
2171
void
2172
proto_reg_handoff_pgsql(void)
2173
14
{
2174
14
    dissector_add_uint_with_preference("tcp.port", PGSQL_PORT, pgsql_handle);
2175
2176
14
    tls_handle = find_dissector_add_dependency("tls", proto_pgsql);
2177
14
    gssapi_handle = find_dissector_add_dependency("gssapi", proto_pgsql);
2178
14
    ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_pgsql);
2179
14
}
2180
2181
/*
2182
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
2183
 *
2184
 * Local variables:
2185
 * c-basic-offset: 4
2186
 * tab-width: 8
2187
 * indent-tabs-mode: nil
2188
 * End:
2189
 *
2190
 * vi: set shiftwidth=4 tabstop=8 expandtab:
2191
 * :indentSize=4:tabSize=8:noTabs=true:
2192
 */