1 /* packet-classicstun.c
2 * Routines for Simple Traversal of UDP Through NAT dissection
3 * Copyright 2003, Shiang-Ming Huang <smhuang@pcs.csie.nctu.edu.tw>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 *
11 * Please refer to RFC 3489 for protocol detail.
12 * (supports extra message attributes described in draft-ietf-behave-rfc3489bis-00)
13 */
14
15 #include "config.h"
16
17 #include <epan/packet.h>
18 #include <epan/conversation.h>
19 void proto_register_classicstun(void);
20 void proto_reg_handoff_classicstun(void);
21
22 /* heuristic subdissectors */
23 static heur_dissector_list_t heur_subdissector_list;
24
25 static dissector_handle_t data_handle;
26
27 /* Initialize the protocol and registered fields */
28 static int proto_classicstun = -1;
29
30 static int hf_classicstun_type = -1; /* CLASSIC-STUN message header */
31 static int hf_classicstun_length = -1;
32 static int hf_classicstun_id = -1;
33 static int hf_classicstun_att = -1;
34 static int hf_classicstun_response_in = -1;
35 static int hf_classicstun_response_to = -1;
36 static int hf_classicstun_time = -1;
37
38
39 static int classicstun_att_type = -1; /* CLASSIC-STUN attribute fields */
40 static int classicstun_att_length = -1;
41 static int classicstun_att_value = -1;
42 static int classicstun_att_family = -1;
43 static int classicstun_att_ipv4 = -1;
44 static int classicstun_att_ipv6 = -1;
45 static int classicstun_att_port = -1;
46 static int classicstun_att_change_ip = -1;
47 static int classicstun_att_change_port = -1;
48 static int classicstun_att_unknown = -1;
49 static int classicstun_att_error_class = -1;
50 static int classicstun_att_error_number = -1;
51 static int classicstun_att_error_reason = -1;
52 static int classicstun_att_server_string = -1;
53 static int classicstun_att_xor_ipv4 = -1;
54 static int classicstun_att_xor_ipv6 = -1;
55 static int classicstun_att_xor_port = -1;
56 static int classicstun_att_lifetime = -1;
57 static int classicstun_att_magic_cookie = -1;
58 static int classicstun_att_bandwidth = -1;
59 static int classicstun_att_data = -1;
60 static int classicstun_att_connection_request_binding = -1;
61
62 /* Structure containing transaction specific information */
63 typedef struct _classicstun_transaction_t {
64 guint32 req_frame;
65 guint32 rep_frame;
66 nstime_t req_time;
67 } classicstun_transaction_t;
68
69 /* Structure containing conversation specific information */
70 typedef struct _classicstun_conv_info_t {
71 wmem_tree_t *pdus;
72 } classicstun_conv_info_t;
73
74
75 /* Message Types */
76 #define BINDING_REQUEST 0x0001
77 #define BINDING_RESPONSE 0x0101
78 #define BINDING_ERROR_RESPONSE 0x0111
79 #define SHARED_SECRET_REQUEST 0x0002
80 #define SHARED_SECRET_RESPONSE 0x0102
81 #define SHARED_SECRET_ERROR_RESPONSE 0x1112
82 #define ALLOCATE_REQUEST 0x0003
83 #define ALLOCATE_RESPONSE 0x0103
84 #define ALLOCATE_ERROR_RESPONSE 0x0113
85 #define SEND_REQUEST 0x0004
86 #define SEND_RESPONSE 0x0104
87 #define SEND_ERROR_RESPONSE 0x0114
88 #define DATA_INDICATION 0x0115
89 #define SET_ACTIVE_DESTINATION_REQUEST 0x0006
90 #define SET_ACTIVE_DESTINATION_RESPONSE 0x0106
91 #define SET_ACTIVE_DESTINATION_ERROR_RESPONSE 0x0116
92
93
94 /* Message classes */
95 #define CLASS_MASK 0xC110
96 #define REQUEST 0x0000
97 #define INDICATION 0x0001
98 #define RESPONSE 0x0010
99 #define ERROR_RESPONSE 0x0011
100
101 /* Attribute Types */
102 #define MAPPED_ADDRESS 0x0001
103 #define RESPONSE_ADDRESS 0x0002
104 #define CHANGE_REQUEST 0x0003
105 #define SOURCE_ADDRESS 0x0004
106 #define CHANGED_ADDRESS 0x0005
107 #define USERNAME 0x0006
108 #define PASSWORD 0x0007
109 #define MESSAGE_INTEGRITY 0x0008
110 #define ERROR_CODE 0x0009
111 #define UNKNOWN_ATTRIBUTES 0x000a
112 #define REFLECTED_FROM 0x000b
113 #define LIFETIME 0x000d
114 #define ALTERNATE_SERVER 0x000e
115 #define MAGIC_COOKIE 0x000f
116 #define BANDWIDTH 0x0010
117 #define DESTINATION_ADDRESS 0x0011
118 #define REMOTE_ADDRESS 0x0012
119 #define DATA 0x0013
120 #define NONCE 0x0014
121 #define REALM 0x0015
122 #define REQUESTED_ADDRESS_TYPE 0x0016
123 #define XOR_MAPPED_ADDRESS 0x8020
124 #define XOR_ONLY 0x0021
125 #define SERVER 0x8022
126 #define CONNECTION_REQUEST_BINDING 0xc001
127 #define BINDING_CHANGE 0xc002
128
129
130
131 /* Initialize the subtree pointers */
132 static gint ett_classicstun = -1;
133 static gint ett_classicstun_att_type = -1;
134 static gint ett_classicstun_att = -1;
135
136
137 #define UDP_PORT_STUN 3478
138 #define TCP_PORT_STUN 3478
139
140
141 #define CLASSICSTUN_HDR_LEN ((guint)20) /* CLASSIC-STUN message header length */
142 #define ATTR_HDR_LEN 4 /* CLASSIC-STUN attribute header length */
143
144
145 static const value_string messages[] = {
146 {BINDING_REQUEST , "Binding Request"},
147 {BINDING_RESPONSE , "Binding Response"},
148 {BINDING_ERROR_RESPONSE , "Binding Error Response"},
149 {SHARED_SECRET_REQUEST , "Shared Secret Request"},
150 {SHARED_SECRET_RESPONSE , "Shared Secret Response"},
151 {SHARED_SECRET_ERROR_RESPONSE , "Shared Secret Error Response"},
152 {ALLOCATE_REQUEST , "Allocate Request"},
153 {ALLOCATE_RESPONSE , "Allocate Response"},
154 {ALLOCATE_ERROR_RESPONSE , "Allocate Error Response"},
155 {SEND_REQUEST , "Send Request"},
156 {SEND_RESPONSE , "Send Response"},
157 {SEND_ERROR_RESPONSE , "Send Error Response"},
158 {DATA_INDICATION , "Data Indication"},
159 {SET_ACTIVE_DESTINATION_REQUEST , "Set Active Destination Request"},
160 {SET_ACTIVE_DESTINATION_RESPONSE , "Set Active Destination Response"},
161 {SET_ACTIVE_DESTINATION_ERROR_RESPONSE , "Set Active Destination Error Response"},
162 {0x00 , NULL}
163 };
164
165 static const value_string attributes[] = {
166 {MAPPED_ADDRESS , "MAPPED-ADDRESS"},
167 {RESPONSE_ADDRESS , "RESPONSE-ADDRESS"},
168 {CHANGE_REQUEST , "CHANGE-REQUEST"},
169 {SOURCE_ADDRESS , "SOURCE-ADDRESS"},
170 {CHANGED_ADDRESS , "CHANGED-ADDRESS"},
171 {USERNAME , "USERNAME"},
172 {PASSWORD , "PASSWORD"},
173 {MESSAGE_INTEGRITY , "MESSAGE-INTEGRITY"},
174 {ERROR_CODE , "ERROR-CODE"},
175 {REFLECTED_FROM , "REFLECTED-FROM"},
176 {LIFETIME , "LIFETIME"},
177 {ALTERNATE_SERVER , "ALTERNATE_SERVER"},
178 {MAGIC_COOKIE , "MAGIC_COOKIE"},
179 {BANDWIDTH , "BANDWIDTH"},
180 {DESTINATION_ADDRESS , "DESTINATION_ADDRESS"},
181 {REMOTE_ADDRESS , "REMOTE_ADDRESS"},
182 {DATA , "DATA"},
183 {NONCE , "NONCE"},
184 {REALM , "REALM"},
185 {REQUESTED_ADDRESS_TYPE , "REQUESTED_ADDRESS_TYPE"},
186 {XOR_MAPPED_ADDRESS , "XOR_MAPPED_ADDRESS"},
187 {XOR_ONLY , "XOR_ONLY"},
188 {SERVER , "SERVER"},
189 {CONNECTION_REQUEST_BINDING , "CONNECTION-REQUEST-BINDING"},
190 {BINDING_CHANGE , "BINDING-CHANGE"},
191 {0x00 , NULL}
192 };
193
194 static const value_string attributes_family[] = {
195 {0x0001 , "IPv4"},
196 {0x0002 , "IPv6"},
197 {0x00 , NULL}
198 };
199
200 static int
dissect_classicstun(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)201 dissect_classicstun(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
202 {
203
204 proto_item *ti;
205 proto_item *ta;
206 proto_tree *classicstun_tree;
207 proto_tree *att_type_tree;
208 proto_tree *att_tree;
209 guint16 msg_type;
210 guint16 msg_length;
211 const char *msg_type_str;
212 guint16 att_type;
213 guint16 att_length, clear_port;
214 guint32 clear_ip;
215 guint16 offset;
216 guint len;
217 guint i;
218 conversation_t *conversation;
219 classicstun_conv_info_t *classicstun_info;
220 classicstun_transaction_t *classicstun_trans;
221 wmem_tree_key_t transaction_id_key[2];
222 guint32 transaction_id[4];
223
224
225 /*
226 * First check if the frame is really meant for us.
227 */
228 len = tvb_captured_length(tvb);
229 /* First, make sure we have enough data to do the check. */
230 if (len < CLASSICSTUN_HDR_LEN)
231 return 0;
232
233 msg_type = tvb_get_ntohs(tvb, 0);
234
235 if (msg_type & 0xC000 || tvb_get_ntohl(tvb, 4) == 0x2112a442 /* New STUN */
236 || tvb_get_ntohl(tvb, 4) == 0x7f5a9bc7) /* XMCP */
237 return 0;
238
239 /* check if message type is correct */
240 msg_type_str = try_val_to_str(msg_type, messages);
241 if (msg_type_str == NULL)
242 return 0;
243
244 msg_length = tvb_get_ntohs(tvb, 2);
245
246 /* check if payload enough */
247 if (len != CLASSICSTUN_HDR_LEN+msg_length)
248 return 0;
249
250 /* The message seems to be a valid CLASSIC-STUN message! */
251
252 /* Create the transaction key which may be used
253 to track the conversation */
254 transaction_id[0] = tvb_get_ntohl(tvb, 4);
255 transaction_id[1] = tvb_get_ntohl(tvb, 8);
256 transaction_id[2] = tvb_get_ntohl(tvb, 12);
257 transaction_id[3] = tvb_get_ntohl(tvb, 16);
258
259 transaction_id_key[0].length = 4;
260 transaction_id_key[0].key = transaction_id;
261 transaction_id_key[1].length = 0;
262 transaction_id_key[1].key = NULL;
263
264 /*
265 * Do we have a conversation for this connection?
266 */
267 conversation = find_or_create_conversation(pinfo);
268
269 /*
270 * Do we already have a state structure for this conv
271 */
272 classicstun_info = (classicstun_conv_info_t *)conversation_get_proto_data(conversation, proto_classicstun);
273 if (!classicstun_info) {
274 /* No. Attach that information to the conversation, and add
275 * it to the list of information structures.
276 */
277 classicstun_info = wmem_new(wmem_file_scope(), classicstun_conv_info_t);
278 classicstun_info->pdus=wmem_tree_new(wmem_file_scope());
279 conversation_add_proto_data(conversation, proto_classicstun, classicstun_info);
280 }
281
282 if(!pinfo->fd->visited){
283 if (((msg_type & CLASS_MASK) >> 4) == REQUEST) {
284 /* This is a request */
285 classicstun_trans=wmem_new(wmem_file_scope(), classicstun_transaction_t);
286 classicstun_trans->req_frame=pinfo->num;
287 classicstun_trans->rep_frame=0;
288 classicstun_trans->req_time=pinfo->abs_ts;
289 wmem_tree_insert32_array(classicstun_info->pdus, transaction_id_key,
290 (void *)classicstun_trans);
291 } else {
292 classicstun_trans=(classicstun_transaction_t *)wmem_tree_lookup32_array(classicstun_info->pdus,
293 transaction_id_key);
294 if(classicstun_trans){
295 classicstun_trans->rep_frame=pinfo->num;
296 }
297 }
298 } else {
299 classicstun_trans=(classicstun_transaction_t *)wmem_tree_lookup32_array(classicstun_info->pdus, transaction_id_key);
300 }
301 if(!classicstun_trans){
302 /* create a "fake" pana_trans structure */
303 classicstun_trans=wmem_new(pinfo->pool, classicstun_transaction_t);
304 classicstun_trans->req_frame=0;
305 classicstun_trans->rep_frame=0;
306 classicstun_trans->req_time=pinfo->abs_ts;
307 }
308
309
310
311 col_set_str(pinfo->cinfo, COL_PROTOCOL, "CLASSIC-STUN");
312
313 col_add_fstr(pinfo->cinfo, COL_INFO, "Message: %s",
314 msg_type_str);
315
316 guint transaction_id_first_word;
317
318 ti = proto_tree_add_item(tree, proto_classicstun, tvb, 0, -1, ENC_NA);
319
320 classicstun_tree = proto_item_add_subtree(ti, ett_classicstun);
321
322 if (((msg_type & CLASS_MASK) >> 4) == REQUEST) {
323 if (classicstun_trans->rep_frame) {
324 proto_item *it;
325 it=proto_tree_add_uint(classicstun_tree, hf_classicstun_response_in,
326 tvb, 0, 0,
327 classicstun_trans->rep_frame);
328 proto_item_set_generated(it);
329 }
330 }
331 else if ((((msg_type & CLASS_MASK) >> 4) == RESPONSE) ||
332 (((msg_type & CLASS_MASK) >> 4) == ERROR_RESPONSE)) {
333 /* This is a response */
334 if(classicstun_trans->req_frame){
335 proto_item *it;
336 nstime_t ns;
337
338 it=proto_tree_add_uint(classicstun_tree, hf_classicstun_response_to, tvb, 0, 0, classicstun_trans->req_frame);
339 proto_item_set_generated(it);
340
341 nstime_delta(&ns, &pinfo->abs_ts, &classicstun_trans->req_time);
342 it=proto_tree_add_time(classicstun_tree, hf_classicstun_time, tvb, 0, 0, &ns);
343 proto_item_set_generated(it);
344 }
345
346 }
347
348 proto_tree_add_uint(classicstun_tree, hf_classicstun_type, tvb, 0, 2, msg_type);
349 proto_tree_add_uint(classicstun_tree, hf_classicstun_length, tvb, 2, 2, msg_length);
350 proto_tree_add_item(classicstun_tree, hf_classicstun_id, tvb, 4, 16, ENC_NA);
351
352 /* Remember this (in host order) so we can show clear xor'd addresses */
353 transaction_id_first_word = tvb_get_ntohl(tvb, 4);
354
355 if (msg_length > 0) {
356 ta = proto_tree_add_item(classicstun_tree, hf_classicstun_att, tvb, CLASSICSTUN_HDR_LEN, msg_length, ENC_NA);
357 att_type_tree = proto_item_add_subtree(ta, ett_classicstun_att_type);
358
359 offset = CLASSICSTUN_HDR_LEN;
360
361 while( msg_length > 0) {
362 att_type = tvb_get_ntohs(tvb, offset); /* Type field in attribute header */
363 att_length = tvb_get_ntohs(tvb, offset+2); /* Length field in attribute header */
364
365 att_tree = proto_tree_add_subtree_format(att_type_tree, tvb, offset,
366 ATTR_HDR_LEN+att_length, ett_classicstun_att, NULL,
367 "Attribute: %s",
368 val_to_str(att_type, attributes, "Unknown (0x%04x)"));
369
370 proto_tree_add_uint(att_tree, classicstun_att_type, tvb,
371 offset, 2, att_type);
372 offset += 2;
373 if (ATTR_HDR_LEN+att_length > msg_length) {
374 proto_tree_add_uint_format_value(att_tree,
375 classicstun_att_length, tvb, offset, 2,
376 att_length,
377 "%u (bogus, goes past the end of the message)",
378 att_length);
379 break;
380 }
381 proto_tree_add_uint(att_tree, classicstun_att_length, tvb,
382 offset, 2, att_length);
383 offset += 2;
384 switch( att_type ){
385 case MAPPED_ADDRESS:
386 case RESPONSE_ADDRESS:
387 case SOURCE_ADDRESS:
388 case CHANGED_ADDRESS:
389 case REFLECTED_FROM:
390 case ALTERNATE_SERVER:
391 case DESTINATION_ADDRESS:
392 case REMOTE_ADDRESS:
393 if (att_length < 2)
394 break;
395 proto_tree_add_item(att_tree, classicstun_att_family, tvb, offset+1, 1, ENC_BIG_ENDIAN);
396 if (att_length < 4)
397 break;
398 proto_tree_add_item(att_tree, classicstun_att_port, tvb, offset+2, 2, ENC_BIG_ENDIAN);
399 switch( tvb_get_guint8(tvb, offset+1) ){
400 case 1:
401 if (att_length < 8)
402 break;
403 proto_tree_add_item(att_tree, classicstun_att_ipv4, tvb, offset+4, 4, ENC_BIG_ENDIAN);
404 break;
405
406 case 2:
407 if (att_length < 20)
408 break;
409 proto_tree_add_item(att_tree, classicstun_att_ipv6, tvb, offset+4, 16, ENC_NA);
410 break;
411 }
412 break;
413
414 case CHANGE_REQUEST:
415 if (att_length < 4)
416 break;
417 proto_tree_add_item(att_tree, classicstun_att_change_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
418 proto_tree_add_item(att_tree, classicstun_att_change_port, tvb, offset, 4, ENC_BIG_ENDIAN);
419 break;
420
421 case USERNAME:
422 case PASSWORD:
423 case MESSAGE_INTEGRITY:
424 case NONCE:
425 case REALM:
426 if (att_length < 1)
427 break;
428 proto_tree_add_item(att_tree, classicstun_att_value, tvb, offset, att_length, ENC_NA);
429 break;
430
431 case ERROR_CODE:
432 if (att_length < 3)
433 break;
434 proto_tree_add_item(att_tree, classicstun_att_error_class, tvb, offset+2, 1, ENC_BIG_ENDIAN);
435 if (att_length < 4)
436 break;
437 proto_tree_add_item(att_tree, classicstun_att_error_number, tvb, offset+3, 1, ENC_BIG_ENDIAN);
438 if (att_length < 5)
439 break;
440 proto_tree_add_item(att_tree, classicstun_att_error_reason, tvb, offset+4, (att_length-4), ENC_UTF_8|ENC_NA);
441 break;
442
443 case LIFETIME:
444 if (att_length < 4)
445 break;
446 proto_tree_add_item(att_tree, classicstun_att_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
447 break;
448
449 case MAGIC_COOKIE:
450 if (att_length < 4)
451 break;
452 proto_tree_add_item(att_tree, classicstun_att_magic_cookie, tvb, offset, 4, ENC_BIG_ENDIAN);
453 break;
454
455 case BANDWIDTH:
456 if (att_length < 4)
457 break;
458 proto_tree_add_item(att_tree, classicstun_att_bandwidth, tvb, offset, 4, ENC_BIG_ENDIAN);
459 break;
460
461 case DATA:
462 proto_tree_add_item(att_tree, classicstun_att_data, tvb, offset, att_length, ENC_NA);
463
464 tvbuff_t *next_tvb;
465 heur_dtbl_entry_t *hdtbl_entry;
466 next_tvb = tvb_new_subset_length(tvb, offset, att_length);
467
468 if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, att_tree, &hdtbl_entry, NULL)) {
469 call_dissector_only(data_handle, next_tvb, pinfo, att_tree, NULL);
470 }
471
472 break;
473
474 case UNKNOWN_ATTRIBUTES:
475 for (i = 0; i < att_length; i += 4) {
476 proto_tree_add_item(att_tree, classicstun_att_unknown, tvb, offset+i, 2, ENC_BIG_ENDIAN);
477 proto_tree_add_item(att_tree, classicstun_att_unknown, tvb, offset+i+2, 2, ENC_BIG_ENDIAN);
478 }
479 break;
480
481 case SERVER:
482 proto_tree_add_item(att_tree, classicstun_att_server_string, tvb, offset, att_length, ENC_UTF_8|ENC_NA);
483 break;
484
485 case XOR_MAPPED_ADDRESS:
486 if (att_length < 2)
487 break;
488 proto_tree_add_item(att_tree, classicstun_att_family, tvb, offset+1, 1, ENC_BIG_ENDIAN);
489 if (att_length < 4)
490 break;
491 proto_tree_add_item(att_tree, classicstun_att_xor_port, tvb, offset+2, 2, ENC_BIG_ENDIAN);
492
493 /* Show the port 'in the clear'
494 XOR (host order) transid with (host order) xor-port.
495 Add host-order port into tree. */
496 clear_port = tvb_get_ntohs(tvb, offset+2) ^ (transaction_id_first_word >> 16);
497 ti = proto_tree_add_uint(att_tree, classicstun_att_port, tvb, offset+2, 2, clear_port);
498 proto_item_set_generated(ti);
499
500 switch( tvb_get_guint8(tvb, offset+1) ){
501 case 1:
502 if (att_length < 8)
503 break;
504 proto_tree_add_item(att_tree, classicstun_att_xor_ipv4, tvb, offset+4, 4, ENC_BIG_ENDIAN);
505
506 /* Show the address 'in the clear'.
507 XOR (host order) transid with (host order) xor-address.
508 Add in network order tree. */
509 clear_ip = tvb_get_ipv4(tvb, offset+4) ^ g_htonl(transaction_id_first_word);
510 ti = proto_tree_add_ipv4(att_tree, classicstun_att_ipv4, tvb, offset+4, 4, clear_ip);
511 proto_item_set_generated(ti);
512 break;
513
514 case 2:
515 if (att_length < 20)
516 break;
517 proto_tree_add_item(att_tree, classicstun_att_xor_ipv6, tvb, offset+4, 16, ENC_NA);
518 break;
519 }
520 break;
521
522 case REQUESTED_ADDRESS_TYPE:
523 if (att_length < 2)
524 break;
525 proto_tree_add_item(att_tree, classicstun_att_family, tvb, offset+1, 1, ENC_BIG_ENDIAN);
526 break;
527
528 case CONNECTION_REQUEST_BINDING:
529 proto_tree_add_item(att_tree, classicstun_att_connection_request_binding, tvb, offset, att_length, ENC_UTF_8|ENC_NA);
530 break;
531
532 default:
533 break;
534 }
535 offset += att_length;
536 msg_length -= ATTR_HDR_LEN+att_length;
537 }
538 }
539 return tvb_reported_length(tvb);
540 }
541
542
543 static gboolean
dissect_classicstun_heur(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)544 dissect_classicstun_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
545 {
546 if (dissect_classicstun(tvb, pinfo, tree, NULL) == 0)
547 return FALSE;
548
549 return TRUE;
550 }
551
552
553
554
555 void
proto_register_classicstun(void)556 proto_register_classicstun(void)
557 {
558 static hf_register_info hf[] = {
559 { &hf_classicstun_type,
560 { "Message Type", "classicstun.type", FT_UINT16,
561 BASE_HEX, VALS(messages), 0x0, NULL, HFILL }
562 },
563 { &hf_classicstun_length,
564 { "Message Length", "classicstun.length", FT_UINT16,
565 BASE_HEX, NULL, 0x0, NULL, HFILL }
566 },
567 { &hf_classicstun_id,
568 { "Message Transaction ID", "classicstun.id", FT_BYTES,
569 BASE_NONE, NULL, 0x0, NULL, HFILL }
570 },
571 { &hf_classicstun_att,
572 { "Attributes", "classicstun.att", FT_NONE,
573 BASE_NONE, NULL, 0x0, NULL, HFILL }
574 },
575 { &hf_classicstun_response_in,
576 { "Response In", "classicstun.response_in",
577 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
578 "The response to this CLASSICSTUN query is in this frame", HFILL }},
579 { &hf_classicstun_response_to,
580 { "Request In", "classicstun.response_to",
581 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
582 "This is a response to the CLASSICSTUN Request in this frame", HFILL }},
583 { &hf_classicstun_time,
584 { "Time", "classicstun.time",
585 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
586 "The time between the Request and the Response", HFILL }},
587
588 /* ////////////////////////////////////// */
589 { &classicstun_att_type,
590 { "Attribute Type", "classicstun.att.type", FT_UINT16,
591 BASE_HEX, VALS(attributes), 0x0, NULL, HFILL }
592 },
593 { &classicstun_att_length,
594 { "Attribute Length", "classicstun.att.length", FT_UINT16,
595 BASE_DEC, NULL, 0x0, NULL, HFILL }
596 },
597 { &classicstun_att_value,
598 { "Value", "classicstun.att.value", FT_BYTES,
599 BASE_NONE, NULL, 0x0, NULL, HFILL }
600 },
601 { &classicstun_att_family,
602 { "Protocol Family", "classicstun.att.family", FT_UINT16,
603 BASE_HEX, VALS(attributes_family), 0x0, NULL, HFILL }
604 },
605 { &classicstun_att_ipv4,
606 { "IP", "classicstun.att.ipv4", FT_IPv4,
607 BASE_NONE, NULL, 0x0, NULL, HFILL }
608 },
609 { &classicstun_att_ipv6,
610 { "IP", "classicstun.att.ipv6", FT_IPv6,
611 BASE_NONE, NULL, 0x0, NULL, HFILL }
612 },
613 { &classicstun_att_port,
614 { "Port", "classicstun.att.port", FT_UINT16,
615 BASE_DEC, NULL, 0x0, NULL, HFILL }
616 },
617 { &classicstun_att_change_ip,
618 { "Change IP","classicstun.att.change.ip", FT_BOOLEAN,
619 16, TFS(&tfs_set_notset), 0x0004, NULL, HFILL}
620 },
621 { &classicstun_att_change_port,
622 { "Change Port","classicstun.att.change.port", FT_BOOLEAN,
623 16, TFS(&tfs_set_notset), 0x0002, NULL, HFILL}
624 },
625 { &classicstun_att_unknown,
626 { "Unknown Attribute","classicstun.att.unknown", FT_UINT16,
627 BASE_HEX, NULL, 0x0, NULL, HFILL}
628 },
629 { &classicstun_att_error_class,
630 { "Error Class","classicstun.att.error.class", FT_UINT8,
631 BASE_DEC, NULL, 0x07, NULL, HFILL}
632 },
633 { &classicstun_att_error_number,
634 { "Error Code","classicstun.att.error", FT_UINT8,
635 BASE_DEC, NULL, 0x0, NULL, HFILL}
636 },
637 { &classicstun_att_error_reason,
638 { "Error Reason Phase","classicstun.att.error.reason", FT_STRING,
639 BASE_NONE, NULL, 0x0, NULL, HFILL}
640 },
641 { &classicstun_att_xor_ipv4,
642 { "IP (XOR-d)", "classicstun.att.ipv4-xord", FT_IPv4,
643 BASE_NONE, NULL, 0x0, NULL, HFILL }
644 },
645 { &classicstun_att_xor_ipv6,
646 { "IP (XOR-d)", "classicstun.att.ipv6-xord", FT_IPv6,
647 BASE_NONE, NULL, 0x0, NULL, HFILL }
648 },
649 { &classicstun_att_xor_port,
650 { "Port (XOR-d)", "classicstun.att.port-xord", FT_UINT16,
651 BASE_DEC, NULL, 0x0, NULL, HFILL }
652 },
653 { &classicstun_att_server_string,
654 { "Server version","classicstun.att.server", FT_STRING,
655 BASE_NONE, NULL, 0x0, NULL, HFILL}
656 },
657 { &classicstun_att_lifetime,
658 { "Lifetime", "classicstun.att.lifetime", FT_UINT32,
659 BASE_DEC, NULL, 0x0, NULL, HFILL }
660 },
661 { &classicstun_att_magic_cookie,
662 { "Magic Cookie", "classicstun.att.magic.cookie", FT_UINT32,
663 BASE_HEX, NULL, 0x0, NULL, HFILL }
664 },
665 { &classicstun_att_bandwidth,
666 { "Bandwidth", "classicstun.att.bandwidth", FT_UINT32,
667 BASE_DEC, NULL, 0x0, NULL, HFILL }
668 },
669 { &classicstun_att_data,
670 { "Data", "classicstun.att.data", FT_BYTES,
671 BASE_NONE, NULL, 0x0, NULL, HFILL }
672 },
673 { &classicstun_att_connection_request_binding,
674 { "Connection Request Binding", "classicstun.att.connection_request_binding", FT_STRING,
675 BASE_NONE, NULL, 0x0, NULL, HFILL }
676 },
677 };
678
679 /* Setup protocol subtree array */
680 static gint *ett[] = {
681 &ett_classicstun,
682 &ett_classicstun_att_type,
683 &ett_classicstun_att,
684 };
685
686 /* Register the protocol name and description */
687 proto_classicstun = proto_register_protocol("Simple Traversal of UDP Through NAT",
688 "CLASSICSTUN", "classicstun");
689
690 /* Required function calls to register the header fields and subtrees used */
691 proto_register_field_array(proto_classicstun, hf, array_length(hf));
692 proto_register_subtree_array(ett, array_length(ett));
693
694 /* heuristic subdissectors (used for the DATA field) */
695 heur_subdissector_list = register_heur_dissector_list("classicstun", proto_classicstun);
696
697 register_dissector("classicstun", dissect_classicstun, proto_classicstun);
698 register_dissector("classicstun-heur", dissect_classicstun_heur, proto_classicstun);
699 }
700
701
702 void
proto_reg_handoff_classicstun(void)703 proto_reg_handoff_classicstun(void)
704 {
705 #if 0 /* The stun dissector registers on these ports */
706 dissector_handle_t classicstun_handle;
707
708 classicstun_handle = find_dissector("classicstun");
709
710 dissector_add_uint_with_preference("tcp.port", TCP_PORT_STUN, classicstun_handle);
711 dissector_add_uint_with_preference("udp.port", UDP_PORT_STUN, classicstun_handle);
712 #endif
713 heur_dissector_add("udp", dissect_classicstun_heur, "Classic STUN over UDP", "classicstun_udp", proto_classicstun, HEURISTIC_ENABLE);
714 heur_dissector_add("tcp", dissect_classicstun_heur, "Classic STUN over TCP", "classicstun_tcp", proto_classicstun, HEURISTIC_ENABLE);
715
716 data_handle = find_dissector("data");
717 }
718
719 /*
720 * Editor modelines - https://www.wireshark.org/tools/modelines.html
721 *
722 * Local variables:
723 * c-basic-offset: 4
724 * tab-width: 8
725 * indent-tabs-mode: nil
726 * End:
727 *
728 * vi: set shiftwidth=4 tabstop=8 expandtab:
729 * :indentSize=4:tabSize=8:noTabs=true:
730 */
731