1 /* packet-sap.c
2 * Routines for sap packet dissection
3 * RFC 2974
4 *
5 * Heikki Vatiainen <hessu@cs.tut.fi>
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * Copied from packet-tftp.c
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 */
15
16 #include "config.h"
17
18 #include <epan/packet.h>
19 #include <epan/expert.h>
20
21 #define UDP_PORT_SAP 9875
22
23 #define MCAST_SAP_VERSION_MASK 0xE0 /* 3 bits for SAP version*/
24 #define MCAST_SAP_VERSION_SHIFT 5 /* Right shift 5 bits to get the version */
25 #define MCAST_SAP_VER0 0 /* Version 0 */
26 #define MCAST_SAP_VER1PLUS 1 /* Version 1 or later */
27
28 void proto_register_sap(void);
29 void proto_reg_handoff_sap(void);
30
31 static const value_string mcast_sap_ver[] = {
32 { MCAST_SAP_VER0, "SAPv0"},
33 { MCAST_SAP_VER1PLUS, "SAPv1 or later"},
34 { 0, NULL}
35 };
36
37 static const true_false_string mcast_sap_address_type = {"IPv6", "IPv4"};
38 static const true_false_string mcast_sap_message_type = { "Deletion", "Announcement"};
39 static const true_false_string mcast_sap_crypt_type = { "Payload encrypted", "Payload not encrypted"};
40 static const true_false_string mcast_sap_comp_type = { "Payload compressed", "Payload not compressed"};
41
42 static const value_string mcast_sap_auth_ver[] = {
43 { 1, "SAP authentication header v1"},
44 { 0, NULL}
45 };
46
47 static const true_false_string mcast_sap_auth_pad = {
48 "Authentication subheader padded to 32 bits",
49 "No padding required for the authentication subheader"
50 };
51
52 #define MCAST_SAP_AUTH_TYPE_MASK 0x0F /* 4 bits for the type of the authentication header */
53 #define MCAST_SAP_AUTH_TYPE_PGP 0
54 #define MCAST_SAP_AUTH_TYPE_CMS 1
55 static const value_string mcast_sap_auth_type[] = {
56 { MCAST_SAP_AUTH_TYPE_PGP, "PGP"},
57 { MCAST_SAP_AUTH_TYPE_CMS, "CMS"},
58 { 0, NULL}
59 };
60
61 #define MCAST_SAP_BIT_A 0x10 /* Address type: 0 IPv4, 1 IPv6 */
62 #define MCAST_SAP_BIT_R 0x08 /* Reserved: Must be 0 */
63 #define MCAST_SAP_BIT_T 0x04 /* Message Type: 0 announcement, 1 deletion */
64 #define MCAST_SAP_BIT_E 0x02 /* Encryption Bit: 1 payload encrypted */
65 #define MCAST_SAP_BIT_C 0x01 /* Compressed Bit: 1 payload zlib compressed */
66
67 #define MCAST_SAP_AUTH_BIT_P 0x10 /* Padding required for the authentication header */
68
69
70 static int proto_sap = -1;
71 static int hf_sap_flags = -1;
72 static int hf_sap_flags_v = -1;
73 static int hf_sap_flags_a = -1;
74 static int hf_sap_flags_r = -1;
75 static int hf_sap_flags_t = -1;
76 static int hf_sap_flags_e = -1;
77 static int hf_sap_flags_c = -1;
78 static int hf_auth_data = -1;
79 static int hf_auth_flags = -1;
80 static int hf_auth_flags_v = -1;
81 static int hf_auth_flags_p = -1;
82 static int hf_auth_flags_t = -1;
83 /* Generated from convert_proto_tree_add_text.pl */
84 static int hf_sap_auth_len = -1;
85 static int hf_sap_originating_source_ipv4 = -1;
86 static int hf_sap_auth_data_padding = -1;
87 static int hf_sap_auth_subheader = -1;
88 static int hf_sap_originating_source_ipv6 = -1;
89 static int hf_sap_message_identifier_hash = -1;
90 static int hf_sap_auth_data_padding_len = -1;
91 static int hf_sap_payload_type = -1;
92
93 static gint ett_sap = -1;
94 static gint ett_sap_flags = -1;
95 static gint ett_sap_auth = -1;
96 static gint ett_sap_authf = -1;
97
98 static expert_field ei_sap_compressed_and_encrypted = EI_INIT;
99 static expert_field ei_sap_encrypted = EI_INIT;
100 static expert_field ei_sap_compressed = EI_INIT;
101 /* Generated from convert_proto_tree_add_text.pl */
102 static expert_field ei_sap_bogus_authentication_or_pad_length = EI_INIT;
103
104 static dissector_handle_t sdp_handle;
105
106 static int
dissect_sap(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)107 dissect_sap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
108 {
109 int offset = 0;
110 int sap_version, is_ipv6, is_del, is_enc, is_comp, addr_len;
111 guint8 vers_flags;
112 guint8 auth_len;
113 guint8 auth_flags;
114 tvbuff_t *next_tvb;
115
116 proto_item *si, *sif;
117 proto_tree *sap_tree = NULL, *sap_flags_tree;
118
119 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAP");
120 col_clear(pinfo->cinfo, COL_INFO);
121
122 vers_flags = tvb_get_guint8(tvb, offset);
123 is_ipv6 = vers_flags&MCAST_SAP_BIT_A;
124 is_del = vers_flags&MCAST_SAP_BIT_T;
125 is_enc = vers_flags&MCAST_SAP_BIT_E;
126 is_comp = vers_flags&MCAST_SAP_BIT_C;
127
128 sap_version = (vers_flags&MCAST_SAP_VERSION_MASK)>>MCAST_SAP_VERSION_SHIFT;
129 addr_len = (is_ipv6) ? (int)sizeof(ws_in6_addr) : 4;
130
131 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (v%u)",
132 (is_del) ? "Deletion" : "Announcement", sap_version);
133
134 if (tree) {
135 si = proto_tree_add_item(tree, proto_sap, tvb, offset, -1, ENC_NA);
136 sap_tree = proto_item_add_subtree(si, ett_sap);
137
138 sif = proto_tree_add_item(sap_tree, hf_sap_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
139 sap_flags_tree = proto_item_add_subtree(sif, ett_sap_flags);
140 proto_tree_add_item(sap_flags_tree, hf_sap_flags_v, tvb, offset, 1, ENC_BIG_ENDIAN);
141 proto_tree_add_item(sap_flags_tree, hf_sap_flags_a, tvb, offset, 1, ENC_NA);
142 proto_tree_add_item(sap_flags_tree, hf_sap_flags_r, tvb, offset, 1, ENC_NA);
143 proto_tree_add_item(sap_flags_tree, hf_sap_flags_t, tvb, offset, 1, ENC_NA);
144 proto_tree_add_item(sap_flags_tree, hf_sap_flags_e, tvb, offset, 1, ENC_NA);
145 proto_tree_add_item(sap_flags_tree, hf_sap_flags_c, tvb, offset, 1, ENC_NA);
146 }
147
148 offset++;
149
150 auth_len = tvb_get_guint8(tvb, offset);
151 proto_tree_add_item(sap_tree, hf_sap_auth_len, tvb, offset, 1, ENC_BIG_ENDIAN);
152 offset++;
153
154 proto_tree_add_item(sap_tree, hf_sap_message_identifier_hash, tvb, offset, 2, ENC_BIG_ENDIAN);
155 offset +=2;
156
157 if (is_ipv6)
158 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv6, tvb, offset, addr_len, ENC_NA);
159 else
160 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv4, tvb, offset, addr_len, ENC_BIG_ENDIAN);
161 offset += addr_len;
162
163 /* Authentication data lives in its own subtree */
164 if (auth_len > 0) {
165 guint32 auth_data_len;
166 proto_item *sdi, *sai;
167 proto_tree *sa_tree, *saf_tree;
168 int has_pad;
169 guint8 pad_len = 0;
170
171 auth_data_len = (guint32)(auth_len * sizeof(guint32));
172
173 sdi = proto_tree_add_item(sap_tree, hf_auth_data, tvb, offset, auth_data_len, ENC_NA);
174 sa_tree = proto_item_add_subtree(sdi, ett_sap_auth);
175
176 auth_flags = tvb_get_guint8(tvb, offset);
177 sai = proto_tree_add_item(sa_tree, hf_auth_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
178 saf_tree = proto_item_add_subtree(sai, ett_sap_authf);
179 proto_tree_add_item(saf_tree, hf_auth_flags_v, tvb, offset, 1, ENC_BIG_ENDIAN);
180 proto_tree_add_item(saf_tree, hf_auth_flags_p, tvb, offset, 1, ENC_NA);
181 proto_tree_add_item(saf_tree, hf_auth_flags_t, tvb, offset, 1, ENC_BIG_ENDIAN);
182
183 has_pad = auth_flags&MCAST_SAP_AUTH_BIT_P;
184 if (has_pad) {
185 pad_len = tvb_get_guint8(tvb, offset+auth_data_len-1);
186 }
187
188 if ((int) auth_data_len - pad_len - 1 < 0) {
189 expert_add_info_format(pinfo, sai, &ei_sap_bogus_authentication_or_pad_length,
190 "Bogus authentication length (%d) or pad length (%d)", auth_len, pad_len);
191 return tvb_captured_length(tvb);
192 }
193
194
195 proto_tree_add_item(sa_tree, hf_sap_auth_subheader, tvb, offset+1, auth_data_len-pad_len-1, ENC_NA);
196 if (has_pad) {
197 proto_tree_add_item(sa_tree, hf_sap_auth_data_padding_len, tvb, offset+auth_data_len-1, 1, ENC_BIG_ENDIAN);
198 proto_tree_add_item(sa_tree, hf_sap_auth_data_padding, tvb, offset+auth_data_len-pad_len, pad_len, ENC_NA);
199 }
200
201 offset += auth_data_len;
202 }
203
204 if (is_enc || is_comp) {
205 expert_field *mangle;
206 if (is_enc && is_comp)
207 mangle = &ei_sap_compressed_and_encrypted;
208 else if (is_enc)
209 mangle = &ei_sap_encrypted;
210 else
211 mangle = &ei_sap_compressed;
212
213 proto_tree_add_expert(sap_tree, pinfo, mangle, tvb, offset, -1);
214 return tvb_captured_length(tvb);
215 }
216
217 if (tree) {
218 /* Do we have the optional payload type aka. MIME content specifier */
219 if (tvb_strneql(tvb, offset, "v=", strlen("v="))) {
220 gint remaining_len;
221 guint32 pt_len;
222 int pt_string_len;
223 guint8* pt_str;
224
225 remaining_len = tvb_captured_length_remaining(tvb, offset);
226 if (remaining_len == 0) {
227 /*
228 * "tvb_strneql()" failed because there was no
229 * data left in the packet.
230 *
231 * Set the remaining length to 1, so that
232 * we throw the appropriate exception in
233 * "tvb_get_ptr()", rather than displaying
234 * the payload type.
235 */
236 remaining_len = 1;
237 }
238
239 pt_string_len = tvb_strnlen(tvb, offset, remaining_len);
240 if (pt_string_len == -1) {
241 /*
242 * We didn't find a terminating '\0'; run to the
243 * end of the buffer.
244 */
245 pt_string_len = remaining_len;
246 pt_len = pt_string_len;
247 } else {
248 /*
249 * Include the '\0' in the total item length.
250 */
251 pt_len = pt_string_len + 1;
252 }
253
254 pt_str = tvb_get_string_enc(pinfo->pool, tvb, offset, pt_string_len, ENC_ASCII);
255 proto_tree_add_string_format_value(sap_tree, hf_sap_payload_type, tvb, offset, pt_len,
256 pt_str, "%.*s", pt_string_len, pt_str);
257 offset += pt_len;
258 }
259 }
260
261 /* Done with SAP */
262 next_tvb = tvb_new_subset_remaining(tvb, offset);
263 call_dissector(sdp_handle, next_tvb, pinfo, tree);
264 return tvb_captured_length(tvb);
265 }
266
proto_register_sap(void)267 void proto_register_sap(void)
268 {
269
270 static hf_register_info hf[] = {
271 { &hf_sap_flags,
272 { "Flags", "sap.flags",
273 FT_UINT8, BASE_HEX, NULL, 0x0,
274 "Bits in the beginning of the SAP header", HFILL }},
275
276 { &hf_sap_flags_v,
277 { "Version Number", "sap.flags.v",
278 FT_UINT8, BASE_DEC, VALS(mcast_sap_ver), MCAST_SAP_VERSION_MASK,
279 "3 bit version field in the SAP header", HFILL }},
280
281 { &hf_sap_flags_a,
282 { "Address Type", "sap.flags.a",
283 FT_BOOLEAN, 8, TFS(&mcast_sap_address_type), MCAST_SAP_BIT_A,
284 "Originating source address type", HFILL }},
285
286 { &hf_sap_flags_r,
287 { "Reserved", "sap.flags.r",
288 FT_BOOLEAN, 8, TFS(&tfs_set_notset), MCAST_SAP_BIT_R,
289 NULL, HFILL }},
290
291 { &hf_sap_flags_t,
292 { "Message Type", "sap.flags.t",
293 FT_BOOLEAN, 8, TFS(&mcast_sap_message_type), MCAST_SAP_BIT_T,
294 "Announcement type", HFILL }},
295
296 { &hf_sap_flags_e,
297 { "Encryption Bit", "sap.flags.e",
298 FT_BOOLEAN, 8, TFS(&mcast_sap_crypt_type), MCAST_SAP_BIT_E,
299 NULL, HFILL }},
300
301 { &hf_sap_flags_c,
302 { "Compression Bit", "sap.flags.c",
303 FT_BOOLEAN, 8, TFS(&mcast_sap_comp_type), MCAST_SAP_BIT_C,
304 NULL, HFILL }},
305
306 { &hf_auth_data,
307 { "Authentication data", "sap.auth",
308 FT_NONE, BASE_NONE, NULL, 0x0,
309 NULL, HFILL }},
310
311 { &hf_auth_flags,
312 { "Authentication data flags", "sap.auth.flags",
313 FT_UINT8, BASE_HEX, NULL, 0x0,
314 NULL, HFILL }},
315
316 { &hf_auth_flags_v,
317 { "Version Number", "sap.auth.flags.v",
318 FT_UINT8, BASE_DEC, VALS(mcast_sap_auth_ver), MCAST_SAP_VERSION_MASK,
319 NULL, HFILL }},
320
321 { &hf_auth_flags_p,
322 { "Padding Bit", "sap.auth.flags.p",
323 FT_BOOLEAN, 8, TFS(&mcast_sap_auth_pad), MCAST_SAP_AUTH_BIT_P,
324 NULL, HFILL }},
325
326 { &hf_auth_flags_t,
327 { "Authentication Type", "sap.auth.flags.t",
328 FT_UINT8, BASE_DEC, VALS(mcast_sap_auth_type), MCAST_SAP_AUTH_TYPE_MASK,
329 NULL, HFILL }},
330
331 /* Generated from convert_proto_tree_add_text.pl */
332 { &hf_sap_auth_len, { "Authentication Length", "sap.auth.len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
333 { &hf_sap_message_identifier_hash, { "Message Identifier Hash", "sap.message_identifier_hash", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
334 { &hf_sap_originating_source_ipv4, { "Originating Source", "sap.originating_source", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
335 { &hf_sap_originating_source_ipv6, { "Originating Source", "sap.originating_source.ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL }},
336 { &hf_sap_auth_subheader, { "Authentication subheader", "sap.auth.subheader", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
337 { &hf_sap_auth_data_padding, { "Authentication data padding", "sap.auth.data_padding", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
338 { &hf_sap_auth_data_padding_len, { "Authentication data pad count (bytes)", "sap.auth.data_padding.len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
339 { &hf_sap_payload_type, { "Payload type", "sap.payload_type", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
340
341 };
342 static gint *ett[] = {
343 &ett_sap,
344 &ett_sap_flags,
345 &ett_sap_auth,
346 &ett_sap_authf,
347 };
348
349 static ei_register_info ei[] = {
350 { &ei_sap_compressed_and_encrypted, { "sap.compressed_and_encrypted", PI_UNDECODED, PI_WARN, "The rest of the packet is compressed and encrypted", EXPFILL }},
351 { &ei_sap_encrypted, { "sap.encrypted", PI_UNDECODED, PI_WARN, "The rest of the packet is encrypted", EXPFILL }},
352 { &ei_sap_compressed, { "sap.compressed", PI_UNDECODED, PI_WARN, "The rest of the packet is compressed", EXPFILL }},
353
354 /* Generated from convert_proto_tree_add_text.pl */
355 { &ei_sap_bogus_authentication_or_pad_length, { "sap.bogus_authentication_or_pad_length", PI_PROTOCOL, PI_WARN, "Bogus authentication length", EXPFILL }},
356 };
357
358 expert_module_t* expert_sap;
359
360 proto_sap = proto_register_protocol("Session Announcement Protocol", "SAP", "sap");
361
362 proto_register_field_array(proto_sap, hf, array_length(hf));
363 proto_register_subtree_array(ett, array_length(ett));
364 expert_sap = expert_register_protocol(proto_sap);
365 expert_register_field_array(expert_sap, ei, array_length(ei));
366 }
367
368 void
proto_reg_handoff_sap(void)369 proto_reg_handoff_sap(void)
370 {
371 dissector_handle_t sap_handle;
372
373 sap_handle = create_dissector_handle(dissect_sap, proto_sap);
374 dissector_add_uint_with_preference("udp.port", UDP_PORT_SAP, sap_handle);
375
376 /*
377 * Get a handle for the SDP dissector.
378 */
379 sdp_handle = find_dissector_add_dependency("sdp", proto_sap);
380 }
381
382 /*
383 * Editor modelines - https://www.wireshark.org/tools/modelines.html
384 *
385 * Local variables:
386 * c-basic-offset: 4
387 * tab-width: 8
388 * indent-tabs-mode: nil
389 * End:
390 *
391 * vi: set shiftwidth=4 tabstop=8 expandtab:
392 * :indentSize=4:tabSize=8:noTabs=true:
393 */
394