1 /* decode_as.c
2 * Routines for dissector Decode As handlers
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include "config.h"
12
13 #include <glib.h>
14
15 #include "decode_as.h"
16 #include "packet.h"
17 #include "prefs.h"
18 #include "prefs-int.h"
19 #include "wsutil/file_util.h"
20 #include "wsutil/filesystem.h"
21 #include "epan/dissectors/packet-dcerpc.h"
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <errno.h>
25 #include <wsutil/ws_assert.h>
26
27 GList *decode_as_list = NULL;
28
register_decode_as(decode_as_t * reg)29 void register_decode_as(decode_as_t* reg)
30 {
31 dissector_table_t decode_table;
32
33 /* Ensure valid functions */
34 ws_assert(reg->populate_list);
35 ws_assert(reg->reset_value);
36 ws_assert(reg->change_value);
37
38 decode_table = find_dissector_table(reg->table_name);
39 if (decode_table != NULL)
40 {
41 dissector_table_allow_decode_as(decode_table);
42 }
43
44 decode_as_list = g_list_prepend(decode_as_list, reg);
45 }
46
next_proto_prompt(packet_info * pinfo _U_,gchar * result)47 static void next_proto_prompt(packet_info *pinfo _U_, gchar *result)
48 {
49 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "Next level protocol as");
50 }
51
next_proto_value(packet_info * pinfo _U_)52 static gpointer next_proto_value(packet_info *pinfo _U_)
53 {
54 return 0;
55 }
56
57 static build_valid_func next_proto_values[] = { next_proto_value };
58 static decode_as_value_t next_proto_da_values =
59 { next_proto_prompt, 1, next_proto_values };
60
register_decode_as_next_proto(int proto,const gchar * table_name,const gchar * ui_name,build_label_func label_func)61 dissector_table_t register_decode_as_next_proto(int proto, const gchar *table_name, const gchar *ui_name, build_label_func label_func)
62 {
63 decode_as_t *da;
64
65 dissector_table_t dt = register_dissector_table(table_name, ui_name, proto, FT_NONE, BASE_NONE);
66
67 da = wmem_new0(wmem_epan_scope(), decode_as_t);
68 da->name = wmem_strdup(wmem_epan_scope(), proto_get_protocol_filter_name(proto));
69 da->table_name = wmem_strdup(wmem_epan_scope(), table_name);
70 da->num_items = 1;
71 if (label_func == NULL)
72 {
73 da->values = &next_proto_da_values;
74 }
75 else
76 {
77 da->values = wmem_new(wmem_epan_scope(), decode_as_value_t);
78 da->values->label_func = label_func;
79 da->values->num_values = 1;
80 da->values->build_values = next_proto_values;
81 }
82 da->populate_list = decode_as_default_populate_list;
83 da->reset_value = decode_as_default_reset;
84 da->change_value = decode_as_default_change;
85
86 register_decode_as(da);
87 return dt;
88 }
89
90 struct decode_as_default_populate
91 {
92 decode_as_add_to_list_func add_to_list;
93 gpointer ui_element;
94 };
95
96 static void
decode_proto_add_to_list(const gchar * table_name,gpointer value,gpointer user_data)97 decode_proto_add_to_list (const gchar *table_name, gpointer value, gpointer user_data)
98 {
99 struct decode_as_default_populate* populate = (struct decode_as_default_populate*)user_data;
100 const gchar *proto_name;
101 gint i;
102 dissector_handle_t handle;
103
104
105 handle = (dissector_handle_t)value;
106 proto_name = dissector_handle_get_short_name(handle);
107
108 i = dissector_handle_get_protocol_index(handle);
109 if (i >= 0 && !proto_is_protocol_enabled(find_protocol_by_id(i)))
110 return;
111
112 populate->add_to_list(table_name, proto_name, value, populate->ui_element);
113 }
114
decode_as_default_populate_list(const gchar * table_name,decode_as_add_to_list_func add_to_list,gpointer ui_element)115 void decode_as_default_populate_list(const gchar *table_name, decode_as_add_to_list_func add_to_list, gpointer ui_element)
116 {
117 struct decode_as_default_populate populate;
118
119 populate.add_to_list = add_to_list;
120 populate.ui_element = ui_element;
121
122 dissector_table_foreach_handle(table_name, decode_proto_add_to_list, &populate);
123 }
124
decode_as_default_reset(const gchar * name,gconstpointer pattern)125 gboolean decode_as_default_reset(const gchar *name, gconstpointer pattern)
126 {
127 switch (get_dissector_table_selector_type(name)) {
128 case FT_UINT8:
129 case FT_UINT16:
130 case FT_UINT24:
131 case FT_UINT32:
132 dissector_reset_uint(name, GPOINTER_TO_UINT(pattern));
133 return TRUE;
134 case FT_NONE:
135 dissector_reset_payload(name);
136 return TRUE;
137 case FT_STRING:
138 case FT_STRINGZ:
139 case FT_UINT_STRING:
140 case FT_STRINGZPAD:
141 case FT_STRINGZTRUNC:
142 dissector_reset_string(name, (!pattern)?"":(const gchar *) pattern);
143 return TRUE;
144 default:
145 return FALSE;
146 };
147
148 return TRUE;
149 }
150
decode_as_default_change(const gchar * name,gconstpointer pattern,gconstpointer handle,const gchar * list_name _U_)151 gboolean decode_as_default_change(const gchar *name, gconstpointer pattern, gconstpointer handle, const gchar *list_name _U_)
152 {
153 const dissector_handle_t* dissector = (const dissector_handle_t*)handle;
154 if (dissector != NULL) {
155 switch (get_dissector_table_selector_type(name)) {
156 case FT_UINT8:
157 case FT_UINT16:
158 case FT_UINT24:
159 case FT_UINT32:
160 dissector_change_uint(name, GPOINTER_TO_UINT(pattern), *dissector);
161 return TRUE;
162 case FT_NONE:
163 dissector_change_payload(name, *dissector);
164 return TRUE;
165 case FT_STRING:
166 case FT_STRINGZ:
167 case FT_UINT_STRING:
168 case FT_STRINGZPAD:
169 case FT_STRINGZTRUNC:
170 dissector_change_string(name, (!pattern)?"":(const gchar *) pattern, *dissector);
171 return TRUE;
172 default:
173 return FALSE;
174 };
175
176 return FALSE;
177 }
178
179 return TRUE;
180 }
181
182 /* Some useful utilities for Decode As */
183
184 /*
185 * A list of dissectors that need to be reset.
186 */
187 static GSList *dissector_reset_list = NULL;
188
189 /*
190 * A callback function to parse each "decode as" entry in the file and apply the change
191 */
192 static prefs_set_pref_e
read_set_decode_as_entries(gchar * key,const gchar * value,void * user_data,gboolean return_range_errors _U_)193 read_set_decode_as_entries(gchar *key, const gchar *value,
194 void *user_data,
195 gboolean return_range_errors _U_)
196 {
197 gchar *values[4] = {NULL, NULL, NULL, NULL};
198 gchar delimiter[4] = {',', ',', ',','\0'};
199 gchar *pch;
200 guint i, j;
201 GHashTable* processed_entries = (GHashTable*)user_data;
202 dissector_table_t sub_dissectors;
203 prefs_set_pref_e retval = PREFS_SET_OK;
204 gboolean is_valid = FALSE;
205
206 if (strcmp(key, DECODE_AS_ENTRY) == 0) {
207 /* Parse csv into table, selector, initial, current */
208 for (i = 0; i < 4; i++) {
209 pch = strchr(value, delimiter[i]);
210 if (pch == NULL) {
211 for (j = 0; j < i; j++) {
212 g_free(values[j]);
213 }
214 return PREFS_SET_SYNTAX_ERR;
215 }
216 values[i] = g_strndup(value, pch - value);
217 value = pch + 1;
218 }
219 sub_dissectors = find_dissector_table(values[0]);
220 if (sub_dissectors != NULL) {
221 dissector_handle_t handle;
222 ftenum_t selector_type;
223 pref_t* pref_value;
224 module_t *module;
225 const char* proto_name;
226
227 selector_type = dissector_table_get_type(sub_dissectors);
228
229 handle = dissector_table_get_dissector_handle(sub_dissectors, values[3]);
230 if (handle != NULL || g_ascii_strcasecmp(values[3], DECODE_AS_NONE) == 0) {
231 is_valid = TRUE;
232 }
233
234 if (is_valid) {
235 if (IS_FT_STRING(selector_type)) {
236 dissector_change_string(values[0], values[1], handle);
237 } else {
238 char *p;
239 long long_value;
240
241 long_value = strtol(values[1], &p, 0);
242 if (p == values[0] || *p != '\0' || long_value < 0 ||
243 (unsigned long)long_value > UINT_MAX) {
244 retval = PREFS_SET_SYNTAX_ERR;
245 is_valid = FALSE;
246 } else {
247 dissector_change_uint(values[0], (guint)long_value, handle);
248 }
249
250 /* Now apply the value data back to dissector table preference */
251 proto_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle));
252 module = prefs_find_module(proto_name);
253 pref_value = prefs_find_preference(module, values[0]);
254 if (pref_value != NULL) {
255 gboolean replace = FALSE;
256 if (g_hash_table_lookup(processed_entries, proto_name) == NULL) {
257 /* First decode as entry for this protocol, ranges may be replaced */
258 replace = TRUE;
259
260 /* Remember we've processed this protocol */
261 g_hash_table_insert(processed_entries, (gpointer)proto_name, (gpointer)proto_name);
262 }
263
264 prefs_add_decode_as_value(pref_value, (guint)long_value, replace);
265 module->prefs_changed_flags |= prefs_get_effect_flags(pref_value);
266 }
267
268 }
269 }
270 if (is_valid) {
271 decode_build_reset_list(values[0], selector_type, values[1], NULL, NULL);
272 }
273 } else {
274 retval = PREFS_SET_SYNTAX_ERR;
275 }
276
277 } else {
278 retval = PREFS_SET_NO_SUCH_PREF;
279 }
280
281 for (i = 0; i < 4; i++) {
282 g_free(values[i]);
283 }
284 return retval;
285 }
286
287 void
load_decode_as_entries(void)288 load_decode_as_entries(void)
289 {
290 char *daf_path;
291 FILE *daf;
292
293 decode_clear_all();
294
295 daf_path = get_persconffile_path(DECODE_AS_ENTRIES_FILE_NAME, TRUE);
296 if ((daf = ws_fopen(daf_path, "r")) != NULL) {
297 /* Store saved entries for better range processing */
298 GHashTable* processed_entries = g_hash_table_new(g_str_hash, g_str_equal);
299 read_prefs_file(daf_path, daf, read_set_decode_as_entries, processed_entries);
300 g_hash_table_destroy(processed_entries);
301 fclose(daf);
302 }
303 g_free(daf_path);
304 }
305
306
307 /* Make a sorted list of the enties as we are fetching them from a hash table. Then write it out from the sorted list */
308 static void
decode_as_write_entry(const gchar * table_name,ftenum_t selector_type,gpointer key,gpointer value,gpointer user_data)309 decode_as_write_entry (const gchar *table_name, ftenum_t selector_type,
310 gpointer key, gpointer value, gpointer user_data)
311 {
312 GList **decode_as_rows_list = (GList **)user_data;
313 dissector_handle_t current, initial;
314 const gchar *current_proto_name, *initial_proto_name, *decode_as_row;
315
316 current = dtbl_entry_get_handle((dtbl_entry_t *)value);
317 if (current == NULL)
318 current_proto_name = DECODE_AS_NONE;
319 else
320 current_proto_name = dissector_handle_get_short_name(current);
321 initial = dtbl_entry_get_initial_handle((dtbl_entry_t *)value);
322 if (initial == NULL)
323 initial_proto_name = DECODE_AS_NONE;
324 else
325 initial_proto_name = dissector_handle_get_short_name(initial);
326
327 switch (selector_type) {
328
329 case FT_UINT8:
330 case FT_UINT16:
331 case FT_UINT24:
332 case FT_UINT32:
333 /*
334 * XXX - write these in decimal, regardless of the base of
335 * the dissector table's selector, as older versions of
336 * Wireshark used atoi() when reading this file, and
337 * failed to handle hex or octal numbers.
338 *
339 * That will be fixed in future 1.10 and 1.12 releases,
340 * but pre-1.10 releases are at end-of-life and won't
341 * be fixed.
342 */
343 decode_as_row = g_strdup_printf(
344 DECODE_AS_ENTRY ": %s,%u,%s,%s\n",
345 table_name, GPOINTER_TO_UINT(key), initial_proto_name,
346 current_proto_name);
347 break;
348 case FT_NONE:
349 /*
350 * XXX - Just put a placeholder for the key value. Currently
351 * FT_NONE dissector table uses a single uint value for
352 * a placeholder
353 */
354 decode_as_row = g_strdup_printf(
355 DECODE_AS_ENTRY ": %s,0,%s,%s\n",
356 table_name, initial_proto_name,
357 current_proto_name);
358 break;
359
360 case FT_STRING:
361 case FT_STRINGZ:
362 case FT_UINT_STRING:
363 case FT_STRINGZPAD:
364 case FT_STRINGZTRUNC:
365 decode_as_row = g_strdup_printf(
366 DECODE_AS_ENTRY ": %s,%s,%s,%s\n",
367 table_name, (gchar *)key, initial_proto_name,
368 current_proto_name);
369 break;
370
371 default:
372 ws_assert_not_reached();
373 break;
374 }
375
376 /* Do we need a better sort function ???*/
377 *decode_as_rows_list = g_list_insert_sorted (*decode_as_rows_list, (gpointer)decode_as_row,
378 (GCompareFunc)g_ascii_strcasecmp);
379
380 }
381
382 /* Print the sorted rows to File */
383 static void
decode_as_print_rows(gpointer data,gpointer user_data)384 decode_as_print_rows(gpointer data, gpointer user_data)
385 {
386 FILE *da_file = (FILE *)user_data;
387 const gchar *decode_as_row = (const gchar *)data;
388
389 fprintf(da_file, "%s",decode_as_row);
390
391 }
392 int
save_decode_as_entries(gchar ** err)393 save_decode_as_entries(gchar** err)
394 {
395 char *pf_dir_path;
396 char *daf_path;
397 FILE *da_file;
398 GList *decode_as_rows_list = NULL;
399
400 if (create_persconffile_dir(&pf_dir_path) == -1) {
401 *err = g_strdup_printf("Can't create directory\n\"%s\"\nfor recent file: %s.",
402 pf_dir_path, g_strerror(errno));
403 g_free(pf_dir_path);
404 return -1;
405 }
406
407 daf_path = get_persconffile_path(DECODE_AS_ENTRIES_FILE_NAME, TRUE);
408 if ((da_file = ws_fopen(daf_path, "w")) == NULL) {
409 *err = g_strdup_printf("Can't open decode_as_entries file\n\"%s\": %s.",
410 daf_path, g_strerror(errno));
411 g_free(daf_path);
412 return -1;
413 }
414
415 fputs("# \"Decode As\" entries file for Wireshark " VERSION ".\n"
416 "#\n"
417 "# This file is regenerated each time \"Decode As\" preferences\n"
418 "# are saved within Wireshark. Making manual changes should be safe,\n"
419 "# however.\n", da_file);
420
421 dissector_all_tables_foreach_changed(decode_as_write_entry, &decode_as_rows_list);
422
423 g_list_foreach(decode_as_rows_list, decode_as_print_rows, da_file);
424
425 fclose(da_file);
426 g_free(daf_path);
427 g_list_free_full(decode_as_rows_list, g_free);
428
429 return 0;
430 }
431
432 /*
433 * Data structure for tracking which dissector need to be reset. This
434 * structure is necessary as a hash table entry cannot be removed
435 * while a g_hash_table_foreach walk is in progress.
436 */
437 typedef struct dissector_delete_item {
438 /* The name of the dissector table */
439 gchar *ddi_table_name;
440 /* The type of the selector in that dissector table */
441 ftenum_t ddi_selector_type;
442 /* The selector in the dissector table */
443 union {
444 guint sel_uint;
445 char *sel_string;
446 } ddi_selector;
447 } dissector_delete_item_t;
448
449 void
decode_build_reset_list(const gchar * table_name,ftenum_t selector_type,gpointer key,gpointer value _U_,gpointer user_data _U_)450 decode_build_reset_list (const gchar *table_name, ftenum_t selector_type,
451 gpointer key, gpointer value _U_,
452 gpointer user_data _U_)
453 {
454 dissector_delete_item_t *item;
455
456 item = g_new(dissector_delete_item_t,1);
457 item->ddi_table_name = g_strdup(table_name);
458 item->ddi_selector_type = selector_type;
459 switch (selector_type) {
460
461 case FT_UINT8:
462 case FT_UINT16:
463 case FT_UINT24:
464 case FT_UINT32:
465 item->ddi_selector.sel_uint = GPOINTER_TO_UINT(key);
466 break;
467
468 case FT_NONE:
469 /* Not really needed, but prevents the assert */
470 item->ddi_selector.sel_uint = 0;
471 break;
472
473 case FT_STRING:
474 case FT_STRINGZ:
475 case FT_UINT_STRING:
476 case FT_STRINGZPAD:
477 case FT_STRINGZTRUNC:
478 item->ddi_selector.sel_string = g_strdup((char *)key);
479 break;
480
481 default:
482 ws_assert_not_reached();
483 }
484 dissector_reset_list = g_slist_prepend(dissector_reset_list, item);
485 }
486
487 /* clear all settings */
488 void
decode_clear_all(void)489 decode_clear_all(void)
490 {
491 dissector_delete_item_t *item;
492 GSList *tmp;
493
494 dissector_all_tables_foreach_changed(decode_build_reset_list, NULL);
495
496 for (tmp = dissector_reset_list; tmp; tmp = g_slist_next(tmp)) {
497 item = (dissector_delete_item_t *)tmp->data;
498 switch (item->ddi_selector_type) {
499
500 case FT_UINT8:
501 case FT_UINT16:
502 case FT_UINT24:
503 case FT_UINT32:
504 dissector_reset_uint(item->ddi_table_name,
505 item->ddi_selector.sel_uint);
506 break;
507
508 case FT_NONE:
509 dissector_reset_payload(item->ddi_table_name);
510 break;
511
512 case FT_STRING:
513 case FT_STRINGZ:
514 case FT_UINT_STRING:
515 case FT_STRINGZPAD:
516 case FT_STRINGZTRUNC:
517 dissector_reset_string(item->ddi_table_name,
518 item->ddi_selector.sel_string);
519 g_free(item->ddi_selector.sel_string);
520 break;
521
522 default:
523 ws_assert_not_reached();
524 }
525 g_free(item->ddi_table_name);
526 g_free(item);
527 }
528 g_slist_free(dissector_reset_list);
529 dissector_reset_list = NULL;
530
531 decode_dcerpc_reset_all();
532 }
533
534 void
decode_cleanup(void)535 decode_cleanup(void)
536 {
537 g_list_free(decode_as_list);
538 decode_as_list = NULL;
539 }
540
541 /*
542 * Editor modelines
543 *
544 * Local Variables:
545 * c-basic-offset: 4
546 * tab-width: 8
547 * indent-tabs-mode: nil
548 * End:
549 *
550 * ex: set shiftwidth=4 tabstop=8 expandtab:
551 * :indentSize=4:tabSize=8:noTabs=true:
552 */
553