1 /* packet-edonkey.c
2 * Routines for edonkey dissection
3 * Copyright 2003, Xuan Zhang <xz@aemail4u.com>
4 * Copyright 2007, Stefano Picerno <stefano.picerno@gmail.com>
5 * Copyright 2008, Stefan Monhof <stefan.monhof@stud.uni-due.de>
6 *
7 * eDonkey dissector based on protocol descriptions from mldonkey:
8 * ftp://ftp.chatnfiles.com/gnu-mirror/savannah/files/mldonkey/docs/Edonkey-Overnet/edonkey-protocol.txt
9 * ftp://ftp.chatnfiles.com/gnu-mirror/savannah/files/mldonkey/docs/Edonkey-Overnet/overnet-protocol.txt
10 *
11 * Kademlia dissector based on source code inspection of aMule 2.1.3 and eMule 0.48a
12 * Modified and added on the basis of information and names from the eMule 0.50 source code
13 * found at http://www.emule-project.net
14 *
15 * Wireshark - Network traffic analyzer
16 * By Gerald Combs <gerald@wireshark.org>
17 * Copyright 1998 Gerald Combs
18 *
19 * SPDX-License-Identifier: GPL-2.0-or-later
20 */
21
22 #include "config.h"
23
24 #include <stdlib.h>
25
26 #include <epan/packet.h>
27 #include <epan/prefs.h>
28 #include <epan/expert.h>
29 #include "packet-edonkey.h"
30 #include "packet-tcp.h"
31
32 void proto_reg_handoff_edonkey(void);
33
34 static int proto_edonkey = -1;
35
36 static int hf_edonkey_message = -1;
37 static int hf_edonkey_protocol = -1;
38 static int hf_edonkey_message_length = -1;
39 static int hf_edonkey_message_type = -1;
40 static int hf_edonkey_client_hash = -1;
41 static int hf_edonkey_server_hash = -1;
42 static int hf_edonkey_file_hash = -1;
43 static int hf_edonkey_client_id = -1;
44 static int hf_edonkey_metatag_namesize = -1;
45 static int hf_edonkey_metatag_type = -1;
46 static int hf_edonkey_metatag = -1;
47 static int hf_edonkey_metatag_name = -1;
48 static int hf_edonkey_metatag_id = -1;
49 static int hf_edonkey_ip = -1;
50 static int hf_edonkey_port = -1;
51 static int hf_edonkey_hash = -1;
52 static int hf_edonkey_part_count = -1;
53 static int hf_edonkey_file_status = -1;
54 static int hf_edonkey_directory = -1;
55 static int hf_edonkey_string = -1;
56 static int hf_edonkey_string_length = -1;
57 static int hf_edonkey_fileinfo = -1;
58 static int hf_edonkey_clientinfo = -1;
59 static int hf_edonkey_serverinfo = -1;
60 static int hf_emule_aich_partnum = -1;
61 static int hf_emule_aich_root_hash = -1;
62 static int hf_emule_aich_hash_entry = -1;
63 static int hf_emule_aich_hash_id = -1;
64 static int hf_emule_aich_hash = -1;
65 static int hf_emule_multipacket_entry = -1;
66 static int hf_emule_multipacket_opcode = -1;
67 static int hf_emule_source_count = -1;
68 static int hf_emule_zlib = -1;
69 static int hf_emule_public_key = -1;
70 static int hf_emule_signature = -1;
71 static int hf_emule_sourceOBFU = -1;
72 static int hf_overnet_peer = -1;
73
74 static int hf_edonkey_unparsed_data_length = -1;
75 static int hf_kademlia = -1;
76 static int hf_kademlia_search_condition = -1;
77 static int hf_kademlia_search_condition_argument_uint32 = -1;
78 static int hf_kademlia_search_condition_argument_uint64 = -1;
79 /* static int hf_kademlia_unparsed_data_length = -1; */
80 static int hf_kademlia_peer = -1;
81 static int hf_kademlia_peer_id = -1;
82 static int hf_kademlia_hash = -1;
83 static int hf_kademlia_file_id = -1;
84 static int hf_kademlia_keyword_hash = -1;
85 static int hf_kademlia_recipients_id = -1;
86 static int hf_kademlia_sender_id = -1;
87 static int hf_kademlia_target_id = -1;
88 static int hf_kademlia_distance = -1;
89 static int hf_kademlia_version = -1;
90 static int hf_kademlia_peertype = -1;
91 static int hf_kademlia_tag_float = -1;
92 static int hf_kademlia_tag_uint64 = -1;
93 static int hf_kademlia_tag_uint32 = -1;
94 static int hf_kademlia_tag_ipv4 = -1;
95 static int hf_kademlia_tag_uint16 = -1;
96 static int hf_kademlia_tag_uint8 = -1;
97 static int hf_kademlia_tag_hash = -1;
98 static int hf_kademlia_tag_bsob = -1;
99 static int hf_kademlia_tag_string = -1;
100 static int hf_kademlia_udp_port = -1;
101 static int hf_kademlia_tcp_port = -1;
102 static int hf_kademlia_ip = -1;
103 static int hf_kademlia_tag_name = -1;
104 static int hf_kademlia_tag_name_length = -1;
105 static int hf_kademlia_tag_type = -1;
106 static int hf_kademlia_request_type = -1;
107 static int hf_kademlia_search_expression_type = -1;
108 static int hf_kademlia_search_bool_op = -1;
109
110 /* Generated from convert_proto_tree_add_text.pl */
111 static int hf_edonkey_list_size = -1;
112 static int hf_edonkey_meta_tag_value_revision = -1;
113 static int hf_edonkey_meta_tag_value_uint = -1;
114 static int hf_edonkey_boolean_array_length = -1;
115 static int hf_edonkey_blob_length = -1;
116 static int hf_edonkey_kademlia_string = -1;
117 static int hf_emule_public_key_length = -1;
118 static int hf_emule_signature_length = -1;
119 static int hf_edonkey_obfuscation_settings = -1;
120 static int hf_edonkey_start_offset = -1;
121 static int hf_edonkey_start_offset_64 = -1;
122 static int hf_edonkey_end_offset = -1;
123 static int hf_edonkey_end_offset_64 = -1;
124 static int hf_edonkey_emule_file_length = -1;
125 static int hf_edonkey_overnet_peer_type = -1;
126 static int hf_edonkey_more_search_file_results = -1;
127 static int hf_edonkey_file_size = -1;
128 static int hf_edonkey_large_file_size = -1;
129 static int hf_edonkey_number_of_users = -1;
130 static int hf_edonkey_number_of_files = -1;
131 static int hf_edonkey_message_data = -1;
132 static int hf_edonkey_emule_version = -1;
133 static int hf_edonkey_emule_queue_ranking = -1;
134 static int hf_edonkey_emule_ident_state = -1;
135 static int hf_edonkey_emule_rndchallenge = -1;
136 static int hf_edonkey_emule_sig_ip_used = -1;
137 static int hf_edonkey_packed_length = -1;
138 static int hf_edonkey_compressed_message_data = -1;
139 static int hf_edonkey_challenge = -1;
140 static int hf_edonkey_max_number_of_users = -1;
141 static int hf_edonkey_search_type = -1;
142 static int hf_edonkey_search_range_min = -1;
143 static int hf_edonkey_search_range_max = -1;
144 static int hf_edonkey_kademlia_uload = -1;
145 static int hf_edonkey_kademlia_start_position = -1;
146 static int hf_edonkey_kademlia_filesize = -1;
147 static int hf_edonkey_kademlia_restrictive = -1;
148 static int hf_edonkey_broken_compressed_data = -1;
149 static int hf_edonkey_search_limit = -1;
150 static int hf_edonkey_search_limit_type = -1;
151 static int hf_edonkey_search_ops = -1;
152 static int hf_edonkey_user_hash_length = -1;
153
154 static gint ett_kademlia_tag = -1;
155 static gint ett_edonkey_listitem = -1;
156 static gint ett_kademlia_search_expression = -1;
157 static gint ett_edonkey = -1;
158 static gint ett_edonkey_message = -1;
159 static gint ett_edonkey_metatag = -1;
160 static gint ett_edonkey_search = -1;
161 static gint ett_edonkey_fileinfo = -1;
162 static gint ett_edonkey_serverinfo = -1;
163 static gint ett_edonkey_clientinfo = -1;
164 static gint ett_emule_aichhash = -1;
165 static gint ett_emule_multipacket = -1;
166 static gint ett_emule_zlib = -1;
167 static gint ett_overnet_peer = -1;
168 static gint ett_emule_sourceOBFU = -1;
169
170 static expert_field ei_kademlia_tag_type = EI_INIT;
171 static expert_field ei_kademlia_search_expression_type = EI_INIT;
172
173 #define EDONKEY_TCP_PORT_RANGE "4661-4663" /* Not IANA registered */
174 #define EDONKEY_UDP_PORT_RANGE "4665,4672" /* Not IANA registered */
175
176 /* desegmentation of eDonkey over TCP */
177 static gboolean edonkey_desegment = TRUE;
178
179 static const value_string kademlia_msgs[] = {
180 { KADEMLIA2_BOOTSTRAP_REQ ,"KADEMLIA2_BOOTSTRAP_REQ" },
181 { KADEMLIA2_BOOTSTRAP_RES ,"KADEMLIA2_BOOTSTRAP_RES" },
182 { KADEMLIA2_HELLO_REQ ,"KADEMLIA2_HELLO_REQ" },
183 { KADEMLIA2_HELLO_RES ,"KADEMLIA2_HELLO_RES" },
184 { KADEMLIA2_PUBLISH_KEY_REQ ,"KADEMLIA2_PUBLISH_KEY_REQ" },
185 { KADEMLIA2_PUBLISH_NOTES_REQ ,"KADEMLIA2_PUBLISH_NOTES_REQ" },
186 { KADEMLIA2_PUBLISH_RES ,"KADEMLIA2_PUBLISH_RES" },
187 { KADEMLIA2_PUBLISH_SOURCE_REQ ,"KADEMLIA2_PUBLISH_SOURCE_REQ" },
188 { KADEMLIA2_REQ ,"KADEMLIA2_REQ" },
189 { KADEMLIA2_RES ,"KADEMLIA2_RES" },
190 { KADEMLIA2_SEARCH_KEY_REQ ,"KADEMLIA2_SEARCH_KEY_REQ" },
191 { KADEMLIA2_SEARCH_NOTES_REQ ,"KADEMLIA2_SEARCH_NOTES_REQ" },
192 { KADEMLIA2_SEARCH_RES ,"KADEMLIA2_SEARCH_RES" },
193 { KADEMLIA2_SEARCH_SOURCE_REQ ,"KADEMLIA2_SEARCH_SOURCE_REQ" },
194 { KADEMLIA_BOOTSTRAP_REQ ,"KADEMLIA_BOOTSTRAP_REQ" },
195 { KADEMLIA_BOOTSTRAP_RES ,"KADEMLIA_BOOTSTRAP_RES" },
196 { KADEMLIA_CALLBACK_REQ ,"KADEMLIA_CALLBACK_REQ" },
197 { KADEMLIA_FINDBUDDY_REQ ,"KADEMLIA_FINDBUDDY_REQ" },
198 { KADEMLIA_FINDBUDDY_RES ,"KADEMLIA_FINDBUDDY_RES" },
199 { KADEMLIA_FIREWALLED_ACK_RES ,"KADEMLIA_FIREWALLED_ACK_RES" },
200 { KADEMLIA_FIREWALLED_REQ ,"KADEMLIA_FIREWALLED_REQ" },
201 { KADEMLIA_FIREWALLED_RES ,"KADEMLIA_FIREWALLED_RES" },
202 { KADEMLIA_HELLO_REQ ,"KADEMLIA_HELLO_REQ" },
203 { KADEMLIA_HELLO_RES ,"KADEMLIA_HELLO_RES" },
204 { KADEMLIA_PUBLISH_NOTES_REQ ,"KADEMLIA_PUBLISH_NOTES_REQ" },
205 { KADEMLIA_PUBLISH_NOTES_RES ,"KADEMLIA_PUBLISH_NOTES_RES" },
206 { KADEMLIA_PUBLISH_REQ ,"KADEMLIA_PUBLISH_REQ" },
207 { KADEMLIA_PUBLISH_RES ,"KADEMLIA_PUBLISH_RES" },
208 { KADEMLIA_REQ ,"KADEMLIA_REQ" },
209 { KADEMLIA_RES ,"KADEMLIA_RES" },
210 { KADEMLIA_SEARCH_NOTES_REQ ,"KADEMLIA_SEARCH_NOTES_REQ" },
211 { KADEMLIA_SEARCH_NOTES_RES ,"KADEMLIA_SEARCH_NOTES_RES" },
212 { KADEMLIA_SEARCH_REQ ,"KADEMLIA_SEARCH_REQ" },
213 { KADEMLIA_SEARCH_RES ,"KADEMLIA_SEARCH_RES" },
214 { 0, NULL }
215 };
216
217 static const value_string kademlia_tag_types[] = {
218 { KADEMLIA_TAGTYPE_HASH ,"TAGTYPE_HASH" },
219 { KADEMLIA_TAGTYPE_STRING ,"TAGTYPE_STRING" },
220 { KADEMLIA_TAGTYPE_UINT32 ,"TAGTYPE_UINT32" },
221 { KADEMLIA_TAGTYPE_FLOAT32 ,"TAGTYPE_FLOAT32" },
222 { KADEMLIA_TAGTYPE_BOOL ,"TAGTYPE_BOOL" },
223 { KADEMLIA_TAGTYPE_BOOLARRAY ,"TAGTYPE_BOOLARRAY" },
224 { KADEMLIA_TAGTYPE_BLOB ,"TAGTYPE_BLOB" },
225 { KADEMLIA_TAGTYPE_UINT16 ,"TAGTYPE_UINT16" },
226 { KADEMLIA_TAGTYPE_UINT8 ,"TAGTYPE_UINT8" },
227 { KADEMLIA_TAGTYPE_BSOB ,"TAGTYPE_BSOB" },
228 { KADEMLIA_TAGTYPE_UINT64 ,"TAGTYPE_UINT64" },
229
230 { KADEMLIA_TAGTYPE_STR1 ,"TAGTYPE_STR1" },
231 { KADEMLIA_TAGTYPE_STR2 ,"TAGTYPE_STR2" },
232 { KADEMLIA_TAGTYPE_STR3 ,"TAGTYPE_STR3" },
233 { KADEMLIA_TAGTYPE_STR4 ,"TAGTYPE_STR4" },
234 { KADEMLIA_TAGTYPE_STR5 ,"TAGTYPE_STR5" },
235 { KADEMLIA_TAGTYPE_STR6 ,"TAGTYPE_STR6" },
236 { KADEMLIA_TAGTYPE_STR7 ,"TAGTYPE_STR7" },
237 { KADEMLIA_TAGTYPE_STR8 ,"TAGTYPE_STR8" },
238 { KADEMLIA_TAGTYPE_STR9 ,"TAGTYPE_STR9" },
239 { KADEMLIA_TAGTYPE_STR10 ,"TAGTYPE_STR10" },
240 { KADEMLIA_TAGTYPE_STR11 ,"TAGTYPE_STR11" },
241 { KADEMLIA_TAGTYPE_STR12 ,"TAGTYPE_STR12" },
242 { KADEMLIA_TAGTYPE_STR13 ,"TAGTYPE_STR13" },
243 { KADEMLIA_TAGTYPE_STR14 ,"TAGTYPE_STR14" },
244 { KADEMLIA_TAGTYPE_STR15 ,"TAGTYPE_STR15" },
245 { KADEMLIA_TAGTYPE_STR16 ,"TAGTYPE_STR16" },
246 { KADEMLIA_TAGTYPE_STR17 ,"TAGTYPE_STR17" },
247 { KADEMLIA_TAGTYPE_STR18 ,"TAGTYPE_STR18" },
248 { KADEMLIA_TAGTYPE_STR19 ,"TAGTYPE_STR19" },
249 { KADEMLIA_TAGTYPE_STR20 ,"TAGTYPE_STR20" },
250 { KADEMLIA_TAGTYPE_STR21 ,"TAGTYPE_STR21" },
251 { KADEMLIA_TAGTYPE_STR22 ,"TAGTYPE_STR22" },
252 { 0, NULL }
253 };
254
255 static const value_string kademlia_tags[] = {
256 { KADEMLIA_TAG_BUDDYHASH ,"TAG_BUDDYHASH" },
257 { KADEMLIA_TAG_CLIENTLOWID ,"TAG_CLIENTLOWID" },
258 { KADEMLIA_TAG_COLLECTION ,"TAG_COLLECTION" },
259 { KADEMLIA_TAG_COPIED ,"TAG_COPIED" },
260 { KADEMLIA_TAG_DESCRIPTION ,"TAG_DESCRIPTION" },
261 { KADEMLIA_TAG_ENCRYPTION ,"TAG_ENCRYPTION" },
262 { KADEMLIA_TAG_FAIL ,"TAG_FAIL" },
263 { KADEMLIA_TAG_FILECOMMENT ,"TAG_FILECOMMENT" },
264 { KADEMLIA_TAG_FILE_COUNT ,"TAG_FILE_COUNT" },
265 { KADEMLIA_TAG_FILEFORMAT ,"TAG_FILEFORMAT" },
266 { KADEMLIA_TAG_FILENAME ,"TAG_FILENAME" },
267 { KADEMLIA_TAG_FILERATING ,"TAG_FILERATING" },
268 { KADEMLIA_TAG_FILESIZE_HI ,"TAG_FILESIZE_HI" },
269 { KADEMLIA_TAG_FILESIZE ,"TAG_FILESIZE" },
270 { KADEMLIA_TAG_FILETYPE ,"TAG_FILETYPE" },
271 { KADEMLIA_TAG_GAP_END ,"TAG_GAP_END" },
272 { KADEMLIA_TAG_GAP_START ,"TAG_GAP_START" },
273 { KADEMLIA_TAG_IP_ADDRESS ,"TAG_IP_ADDRESS" },
274 { KADEMLIA_TAG_MEDIA_ALBUM ,"TAG_MEDIA_ALBUM" },
275 { KADEMLIA_TAG_MEDIA_ARTIST ,"TAG_MEDIA_ARTIST" },
276 { KADEMLIA_TAG_MEDIA_BITRATE ,"TAG_MEDIA_BITRATE"},
277 { KADEMLIA_TAG_MEDIA_CODEC ,"TAG_MEDIA_CODEC" },
278 { KADEMLIA_TAG_MEDIA_LENGTH ,"TAG_MEDIA_LENGTH" },
279 { KADEMLIA_TAG_MEDIA_TITLE ,"TAG_MEDIA_TITLE" },
280 { KADEMLIA_TAG_PART_HASH ,"TAG_PART_HASH" },
281 { KADEMLIA_TAG_PART_PATH ,"TAG_PART_PATH" },
282 { KADEMLIA_TAG_PARTS ,"TAG_PARTS" },
283 { KADEMLIA_TAG_PERMISSIONS ,"TAG_PERMISSIONS" },
284 { KADEMLIA_TAG_PING ,"TAG_PING" },
285 { KADEMLIA_TAG_PORT ,"TAG_PORT" },
286 { KADEMLIA_TAG_PREFERENCE ,"TAG_PREFERENCE" },
287 { KADEMLIA_TAG_PRIORITY ,"TAG_PRIORITY" },
288 { KADEMLIA_TAG_QTIME ,"TAG_QTIME" },
289 { KADEMLIA_TAG_SERVERIP ,"TAG_SERVERIP" },
290 { KADEMLIA_TAG_SERVERPORT ,"TAG_SERVERPORT" },
291 { KADEMLIA_TAG_SOURCEIP ,"TAG_SOURCEIP" },
292 { KADEMLIA_TAG_SOURCEPORT ,"TAG_SOURCEPORT" },
293 { KADEMLIA_TAG_SOURCES ,"TAG_SOURCES" },
294 { KADEMLIA_TAG_SOURCETYPE ,"TAG_SOURCETYPE" },
295 { KADEMLIA_TAG_SOURCEUPORT ,"TAG_SOURCEUPORT" },
296 { KADEMLIA_TAG_STATUS ,"TAG_STATUS" },
297 { KADEMLIA_TAG_TEMPFILE ,"TAG_TEMPFILE" },
298 { KADEMLIA_TAG_USER_COUNT ,"TAG_USER_COUNT" },
299 { KADEMLIA_TAG_VERSION ,"TAG_VERSION" },
300
301 { 0, NULL }
302 };
303
304 static const value_string edonkey_protocols[] = {
305 { EDONKEY_PROTO_EDONKEY, "eDonkey" },
306 { EDONKEY_PROTO_EMULE_EXT, "eMule Extensions" },
307 { EDONKEY_PROTO_EMULE_COMP, "eMule Compressed" },
308 { EDONKEY_PROTO_KADEMLIA, "Kademlia" },
309 { EDONKEY_PROTO_KADEMLIA_COMP, "Kademlia Compressed" },
310 { EDONKEY_PROTO_ADU_KADEMLIA, "KAdu" },
311 { EDONKEY_PROTO_ADU_KADEMLIA_COMP, "KAdu Compressed" },
312 { 0, NULL }
313 };
314
315 static const value_string edonkey_tcp_msgs[] = {
316 { EDONKEY_MSG_HELLO, "Hello" },
317 { EDONKEY_MSG_BAD_PROTO, "Bad Proto" },
318 { EDONKEY_MSG_GET_SERVER_LIST, "Get Server List" },
319 { EDONKEY_MSG_OFFER_FILES, "Offer Files" },
320 { EDONKEY_MSG_SEARCH_FILES, "Search Files" },
321 { EDONKEY_MSG_DISCONNECT, "Disconnect" },
322 { EDONKEY_MSG_GET_SOURCES, "Get Sources" },
323 { EDONKEY_MSG_GET_SOURCES_OBFU, "Get Sources Obfuscation" },
324 { EDONKEY_MSG_SEARCH_USER, "Search User" },
325 { EDONKEY_MSG_CLIENT_CB_REQ, "Client Callback Request" },
326 { EDONKEY_MSG_MORE_RESULTS, "More Results" },
327 { EDONKEY_MSG_SERVER_LIST, "Server List" },
328 { EDONKEY_MSG_SEARCH_FILE_RESULTS, "Search File Results" },
329 { EDONKEY_MSG_SERVER_STATUS, "Server Status" },
330 { EDONKEY_MSG_SERVER_CB_REQ, "Server Callback Request" },
331 { EDONKEY_MSG_CALLBACK_FAIL, "Callback Fail" },
332 { EDONKEY_MSG_SERVER_MESSAGE, "Server Message" },
333 { EDONKEY_MSG_ID_CHANGE, "ID Change" },
334 { EDONKEY_MSG_SERVER_INFO_DATA, "Server Info Data" },
335 { EDONKEY_MSG_FOUND_SOURCES, "Found Sources" },
336 { EDONKEY_MSG_FOUND_SOURCES_OBFU, "Found Sources Obfuscation"},
337 { EDONKEY_MSG_SEARCH_USER_RESULTS, "Search User Results" },
338 { EDONKEY_MSG_SENDING_PART, "Sending Part" },
339 { EDONKEY_MSG_REQUEST_PARTS, "Request Parts" },
340 { EDONKEY_MSG_NO_SUCH_FILE, "No Such File" },
341 { EDONKEY_MSG_END_OF_DOWNLOAD, "End of Download" },
342 { EDONKEY_MSG_VIEW_FILES, "View Files" },
343 { EDONKEY_MSG_VIEW_FILES_ANSWER, "View Files Answer" },
344 { EDONKEY_MSG_HELLO_ANSWER, "Hello Answer" },
345 { EDONKEY_MSG_NEW_CLIENT_ID, "New Client ID" },
346 { EDONKEY_MSG_CLIENT_MESSAGE, "Client Message" },
347 { EDONKEY_MSG_FILE_STATUS_REQUEST, "File Status Request" },
348 { EDONKEY_MSG_FILE_STATUS, "File Status" },
349 { EDONKEY_MSG_HASHSET_REQUEST, "Hashset Request" },
350 { EDONKEY_MSG_HASHSET_ANSWER, "Hashset Answer" },
351 { EDONKEY_MSG_SLOT_REQUEST, "Slot Request" },
352 { EDONKEY_MSG_SLOT_GIVEN, "Slot Given" },
353 { EDONKEY_MSG_SLOT_RELEASE, "Slot Release" },
354 { EDONKEY_MSG_SLOT_TAKEN, "Slot Taken" },
355 { EDONKEY_MSG_FILE_REQUEST, "File Request" },
356 { EDONKEY_MSG_FILE_REQUEST_ANSWER, "File Request Answer" },
357 { EDONKEY_MSG_GET_SHARED_DIRS, "Get Shared Directories" },
358 { EDONKEY_MSG_GET_SHARED_FILES, "Get Shared Files" },
359 { EDONKEY_MSG_SHARED_DIRS, "Shared Directories" },
360 { EDONKEY_MSG_SHARED_FILES, "Shared Files" },
361 { EDONKEY_MSG_SHARED_DENIED, "Shared Denied" },
362 { 0, NULL }
363 };
364
365 static const value_string emule_tcp_msgs[] = {
366 { EMULE_MSG_HELLO, "Hello" },
367 { EMULE_MSG_HELLO_ANSWER, "Hello Answer" },
368 { EMULE_MSG_DATA_COMPRESSED, "Data Compressed" },
369 { EMULE_MSG_QUEUE_RANKING, "Queue Ranking" },
370 { EMULE_MSG_FILE_DESC, "File Description" },
371 { EMULE_MSG_SOURCES_REQUEST, "Sources Request" },
372 { EMULE_MSG_SOURCES_ANSWER, "Sources Answer" },
373 { EMULE_MSG_SIGNATURE, "Signature" },
374 { EMULE_MSG_PUBLIC_KEY, "Public Key" },
375 { EMULE_MSG_SEC_IDENT_STATE, "Second Identification State" },
376 { EMULE_MSG_MULTIPACKET, "MultiPacket" },
377 { EMULE_MSG_MULTIPACKET_EXT, "MultiPacketExt" },
378 { EMULE_MSG_MULTIPACKET_ANSWER, "MultiPacket Answer" },
379 { EMULE_MSG_CALLBACK, "Callback" },
380 { EMULE_MSG_AICH_REQUEST, "AICH Hashset Request" },
381 { EMULE_MSG_AICH_ANSWER, "AICH Hashset Answer" },
382 { EMULE_MSG_AICHFILEHASH_ANSWER, "AICH Master Hash Request" },
383 { EMULE_MSG_AICHFILEHASH_REQUEST, "AICH Master Hash Answer" },
384 { EMULE_MSG_DATA_COMPRESSED_64, "Data Compressed (64bit)" },
385 { EMULE_MSG_SENDING_PART_64, "Sending Part (64bit)" },
386 { EMULE_MSG_REQUEST_PARTS_64, "Request Parts (64bit)" },
387 { 0, NULL }
388 };
389
390 static const value_string edonkey_udp_msgs[] = {
391 { EDONKEY_MSG_UDP_SERVER_STATUS_REQUEST, "Server Status Request" },
392 { EDONKEY_MSG_UDP_SERVER_STATUS, "Server Status" },
393 { EDONKEY_MSG_UDP_SEARCH_FILE, "Search File" },
394 { EDONKEY_MSG_UDP_SEARCH_FILE_RESULTS, "Search File Results" },
395 { EDONKEY_MSG_UDP_GET_SOURCES, "Get Sources" },
396 { EDONKEY_MSG_UDP_FOUND_SOURCES, "Found Sources" },
397 { EDONKEY_MSG_UDP_CALLBACK_REQUEST, "Callback Request" },
398 { EDONKEY_MSG_UDP_CALLBACK_FAIL, "Callback Fail" },
399 { EDONKEY_MSG_UDP_SERVER_LIST, "Server List" },
400 { EDONKEY_MSG_UDP_GET_SERVER_INFO, "Get Server Info" },
401 { EDONKEY_MSG_UDP_SERVER_INFO, "Server Info" },
402 { EDONKEY_MSG_UDP_GET_SERVER_LIST, "Get Server List" },
403
404 /* eMule Extensions */
405 { EMULE_MSG_UDP_REASKFILEPING, "Reask File Ping" },
406 { EMULE_MSG_UDP_REASKACK, "Reask ACK" },
407 { EMULE_MSG_UDP_FILE_NOT_FOUND, "File not found" },
408 { EMULE_MSG_UDP_QUEUE_FULL, "Queue Full" },
409
410 /* Overnet Extensions */
411 { OVERNET_MSG_UDP_CONNECT, "Connect" },
412 { OVERNET_MSG_UDP_CONNECT_REPLY, "Connect Reply" },
413 { OVERNET_MSG_UDP_PUBLICIZE, "Publicize" },
414 { OVERNET_MSG_UDP_PUBLICIZE_ACK, "Publicize ACK" },
415 { OVERNET_MSG_UDP_SEARCH, "Search" },
416 { OVERNET_MSG_UDP_SEARCH_NEXT, "Search Next" },
417 { OVERNET_MSG_UDP_SEARCH_INFO, "Search Info" },
418 { OVERNET_MSG_UDP_SEARCH_RESULT, "Search Result" },
419 { OVERNET_MSG_UDP_SEARCH_END, "Search End" },
420 { OVERNET_MSG_UDP_PUBLISH, "Publish" },
421 { OVERNET_MSG_UDP_PUBLISH_ACK, "Publish ACK" },
422 { OVERNET_MSG_UDP_IDENTIFY_REPLY, "Identify Reply" },
423 { OVERNET_MSG_UDP_IDENTIFY_ACK, "Identify ACK" },
424 { OVERNET_MSG_UDP_FIREWALL_CONNECTION, "Firewall Connection" },
425 { OVERNET_MSG_UDP_FIREWALL_CONNECTION_ACK, "Firewall Connection ACK" },
426 { OVERNET_MSG_UDP_FIREWALL_CONNECTION_NACK, "Firewall Connection NACK" },
427 { OVERNET_MSG_UDP_IP_QUERY, "IP Query" },
428 { OVERNET_MSG_UDP_IP_QUERY_ANSWER, "IP Query Answer" },
429 { OVERNET_MSG_UDP_IP_QUERY_END, "IP Query End" },
430 { OVERNET_MSG_UDP_IDENTIFY, "Identify" },
431 { 0, NULL }
432 };
433
434 static const value_string edonkey_special_tags[] = {
435 { EDONKEY_STAG_NAME, "Name" },
436 { EDONKEY_STAG_SIZE, "Size" },
437 { EDONKEY_STAG_TYPE, "Type" },
438 { EDONKEY_STAG_FORMAT, "Format" },
439 { EDONKEY_STAG_COLLECTION, "Collection" },
440 { EDONKEY_STAG_PART_PATH, "Part Path" },
441 { EDONKEY_STAG_PART_HASH, "Part Hash" },
442 { EDONKEY_STAG_COPIED, "Copied" },
443 { EDONKEY_STAG_GAP_START, "Gap Start" },
444 { EDONKEY_STAG_GAP_END, "Gap End" },
445 { EDONKEY_STAG_DESCRIPTION, "Description" },
446 { EDONKEY_STAG_PING, "Ping" },
447 { EDONKEY_STAG_FAIL, "Fail" },
448 { EDONKEY_STAG_PREFERENCE, "Preference" },
449 { EDONKEY_STAG_PORT, "Port" },
450 { EDONKEY_STAG_IP, "IP" },
451 { EDONKEY_STAG_VERSION, "Version" },
452 { EDONKEY_STAG_TEMPFILE, "Temporary File" },
453 { EDONKEY_STAG_PRIORITY, "Priority" },
454 { EDONKEY_STAG_STATUS, "Status" },
455 { EDONKEY_STAG_AVAILABILITY, "Availability" },
456 { EDONKEY_STAG_QTIME, "Queue Time" },
457 { EDONKEY_STAG_PARTS, "Parts" },
458 { EDONKEY_STAG_MOD_VERSION, "Mod Version" },
459 { EMULE_STAG_COMPRESSION, "Compression" },
460 { EMULE_STAG_UDP_CLIENT_PORT, "UDP Client Port" },
461 { EMULE_STAG_UDP_VERSION, "UDP Version" },
462 { EMULE_STAG_SOURCE_EXCHANGE, "Source Exchange" },
463 { EMULE_STAG_COMMENTS, "Comments" },
464 { EMULE_STAG_EXTENDED_REQUEST, "Extended Request" },
465 { EMULE_STAG_COMPATIBLE_CLIENT, "Compatible Client" },
466 { EMULE_STAG_COMPLETE_SOURCES, "Complete Sources" },
467 { EMULE_STAG_SIZE_HI, "Size (High Byte)" },
468 { EMULE_STAG_SERVER_VERSION, "Server Version" },
469 { EMULE_STAG_COMPAT_OPTIONS1, "Compatible Options" },
470 { EMULE_STAG_UDPPORTS, "UDP Ports" },
471 { EMULE_STAG_MISCOPTIONS1, "Misc Options 1" },
472 { EMULE_STAG_VERSION, "eMule Version" },
473 { EMULE_STAG_BUDDYIP, "Buddy IP" },
474 { EMULE_STAG_BUDDYUDP, "Buddy UDP" },
475 { EMULE_STAG_MISCOPTIONS2, "Misc Options 2" },
476 { 0, NULL }
477 };
478
479 static const value_string edonkey_search_type_vals[] = {
480 { EDONKEY_SEARCH_BOOL, "Boolean" },
481 { EDONKEY_SEARCH_NAME, "Name" },
482 { EDONKEY_SEARCH_META, "Metadata" },
483 { EDONKEY_SEARCH_LIMIT, "Limit" },
484 { 0, NULL }
485 };
486
487 static const value_string edonkey_search_ext_type_vals[] = {
488 { 0, "BoolOp" },
489 { 1, "String" },
490 { 2, "MetaTag" },
491 { 3, "32bitOp" },
492 { 4, "64bitOp" },
493 { 0, NULL }
494 };
495
496 static const value_string edonkey_search_ops[] = {
497 { EDONKEY_SEARCH_AND, "AND" },
498 { EDONKEY_SEARCH_OR, "OR" },
499 { EDONKEY_SEARCH_ANDNOT, "AND NOT" },
500 { 0, NULL }
501 };
502
503 static const value_string edonkey_search_conds[] = {
504 { EDONKEY_SEARCH_MIN, "MIN" },
505 { EDONKEY_SEARCH_MAX, "MAX" },
506 { 0, NULL }
507 };
508
509 static const value_string kademlia_search_conds[] = {
510 { 0, "=" },
511 { 1, ">" },
512 { 2, "<" },
513 { 3, ">=" },
514 { 4, "<=" },
515 { 5, "<>" },
516 { 0, NULL }
517 };
518
519 static const value_string kademlia_versions[] = {
520 { KADEMLIA_VERSION1_46c, " (eMule <= 0.46c or compatibles)" },
521 { KADEMLIA_VERSION2_47a, " (eMule 0.47a or compatibles)" },
522 { KADEMLIA_VERSION3_47b, " (eMule 0.47b or compatibles)" },
523 { KADEMLIA_VERSION5_48a, " (eMule 0.48a or compatibles)" },
524 { KADEMLIA_VERSION6_49aBETA, " (eMule 0.49aBETA1 or compatibles)" },
525 { KADEMLIA_VERSION7_49a, " (eMule 0.49a or compatibles)" },
526 { 0, NULL }
527 };
528
529 static const value_string kademlia_parameter[] = {
530 { KADEMLIA_FIND_VALUE, " (Find Value)" },
531 { KADEMLIA_STORE, " (Store)" },
532 { KADEMLIA_FIND_NODE, " (Find Node)" },
533 { 0, NULL }
534 };
535
536 static const value_string kademlia_tag_sourcetype[] = {
537 { 1, "HighID Source" },
538 { 3, "Firewalled Kad Source" },
539 { 4, ">4GB file HighID Source" },
540 { 5, ">4GB file Firewalled Kad Source" },
541 { 6, "Firewalled Source with Direct Callback (supports >4GB)" },
542 { 0, NULL }
543 };
544
545 static const value_string kademlia_tag_encryption[] = {
546 { 1, "Supports Crypt Layer" },
547 { 2, "Requests Crypt Layer" },
548 { 3, "Supports & Requests Crypt Layer" },
549 { 4, "Requires Crypt Layer" },
550 { 5, "Supports & Requires Crypt Layer" },
551 { 6, "Requests & Requires Crypt Layer" },
552 { 7, "Supports, Requests & Requires Crypt Layer" },
553 { 8, "Direct UDP Callback" },
554 { 9, "Supports Crypt Layer; Direct UDP Callback" },
555 { 10, "Requests Crypt Layer; Direct UDP Callback" },
556 { 11, "Supports & Requests Crypt Layer; Direct UDP Callback" },
557 { 12, "Requires Crypt Layer; Direct UDP Callback" },
558 { 13, "Supports & Requires Crypt Layer; Direct UDP Callback" },
559 { 14, "Requests & Requires Crypt Layer; Direct UDP Callback" },
560 { 15, "Supports, Requests & Requires Crypt Layer; Direct UDP Callback" },
561 { 0, NULL }
562 };
563
564 static const range_string emule_ident_state_rvals[] = {
565 { 0, 0, "nothing is needed" },
566 { 1, 1, "signature is needed" },
567 { 2, 255, "public key and signature are needed" },
568 { 0, 0, NULL }
569 };
570
571 /* Dissects a generic eDonkey list */
dissect_edonkey_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree,int listnum_length,const char * listdesc,int (* item_dissector)(tvbuff_t *,packet_info *,int,proto_tree *))572 static int dissect_edonkey_list(tvbuff_t *tvb, packet_info *pinfo,
573 int offset, proto_tree *tree,
574 int listnum_length, const char* listdesc,
575 int (*item_dissector)(tvbuff_t *, packet_info *, int, proto_tree *))
576 {
577 /* <List> ::= <List Size> <Item>* */
578 guint32 listnum, i;
579 proto_tree *subtree;
580 proto_item* ti;
581 proto_item* list_ti;
582 int list_start_offset;
583
584 list_start_offset = offset;
585
586 switch (listnum_length) {
587 case -1:
588 case 1:
589 listnum = tvb_get_guint8(tvb, offset);
590 break;
591
592 case -2:
593 listnum = tvb_get_ntohs(tvb, offset);
594 break;
595
596 case 2:
597 listnum = tvb_get_letohs(tvb, offset);
598 break;
599
600 case 4:
601 listnum = tvb_get_letohl(tvb, offset);
602 break;
603
604 case -4:
605 listnum = tvb_get_ntohl(tvb, offset);
606 break;
607
608 default:
609 /* Not Supported */
610 return offset;
611 }
612 if (listnum_length < 0)
613 listnum_length = -listnum_length;
614
615 /* keep the tree item object, its length will be set at the end of the function */
616 list_ti = proto_tree_add_uint_format(tree, hf_edonkey_list_size, tvb, offset, listnum_length, listnum, "%s List Size: %u", listdesc, listnum);
617
618 offset+= listnum_length;
619
620 for (i=0; i<listnum; i++)
621 {
622 int item_start_offset;
623
624 item_start_offset = offset;
625 subtree = proto_tree_add_subtree_format( tree, tvb, item_start_offset, 1, ett_edonkey_listitem, &ti,
626 "%s[%u/%u]", listdesc, i+1, listnum);
627
628 /* dissect one list element */
629 offset = (*item_dissector)(tvb, pinfo, offset, subtree);
630 /* Set the container node length */
631 proto_item_set_len( ti, offset - item_start_offset );
632 }
633
634 /* Set the container node length */
635 proto_item_set_len(list_ti, offset - list_start_offset );
636 return offset;
637 }
638
lookup_str_index(gchar * str,gint length,const value_string * vs)639 static gint lookup_str_index(gchar* str, gint length, const value_string *vs)
640 {
641 gint i = 0;
642
643 if (str == NULL) return -1;
644
645 while (vs[i].strptr) {
646 if (g_ascii_strncasecmp(str, vs[i].strptr, length) == 0)
647 return i;
648 i++;
649 }
650
651 return -1;
652 }
653
edonkey_metatag_name_get_type(tvbuff_t * tvb,gint start,gint length,guint8 special_tagtype)654 static guint8 edonkey_metatag_name_get_type(tvbuff_t *tvb, gint start, gint length, guint8 special_tagtype)
655 {
656 guint8 *tag_name;
657
658 if (try_val_to_str(special_tagtype, edonkey_special_tags) == NULL) {
659 gint idx;
660 tag_name = tvb_get_string_enc(wmem_packet_scope(), tvb, start, length, ENC_ASCII|ENC_NA);
661 idx = lookup_str_index(tag_name, length, edonkey_special_tags);
662 if (idx < 0)
663 return EDONKEY_STAG_UNKNOWN;
664 else return edonkey_special_tags[idx].value;
665 }
666 else return special_tagtype;
667
668 }
669
edonkey_tree_add_metatag_name(proto_tree * tree,tvbuff_t * tvb,gint start,gint length,guint8 special_tagtype)670 static proto_item* edonkey_tree_add_metatag_name(proto_tree *tree, tvbuff_t *tvb,
671 gint start, gint length, guint8 special_tagtype)
672 {
673 const gchar *tag_name;
674
675 /*
676 * XXX - what, in the *protocol*, distinguishes integral from string
677 * tag names? Name length > 1 means "string"? Something else?
678 */
679 tag_name = try_val_to_str(special_tagtype, edonkey_special_tags);
680 if (tag_name == NULL) {
681 return proto_tree_add_item(tree, hf_edonkey_metatag_name, tvb, start, length, ENC_ASCII|ENC_NA);
682 }
683 else {
684 return proto_tree_add_uint_format(tree, hf_edonkey_metatag_id, tvb, start, length,
685 special_tagtype, "Meta Tag Name: %s (0x%02x)",
686 tag_name, special_tagtype);
687 }
688 }
689
dissect_kademlia_search_condition_argument_uint64(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)690 static int dissect_kademlia_search_condition_argument_uint64(tvbuff_t *tvb, packet_info *pinfo _U_,
691 int offset, proto_tree *tree)
692 {
693 proto_tree_add_item( tree, hf_kademlia_search_condition_argument_uint64, tvb, offset, 8, ENC_LITTLE_ENDIAN );
694 return offset + 8;
695 }
696
dissect_kademlia_search_condition_argument_uint32(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)697 static int dissect_kademlia_search_condition_argument_uint32(tvbuff_t *tvb, packet_info *pinfo _U_,
698 int offset, proto_tree *tree)
699 {
700 proto_tree_add_item( tree, hf_kademlia_search_condition_argument_uint32, tvb, offset, 4, ENC_LITTLE_ENDIAN );
701 return offset + 4;
702 }
703
dissect_kademlia_search_condition(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)704 static int dissect_kademlia_search_condition(tvbuff_t *tvb, packet_info *pinfo _U_,
705 int offset, proto_tree *tree )
706 {
707 proto_item * ti;
708 guint16 value = tvb_get_guint8(tvb, offset);
709 ti = proto_tree_add_item( tree, hf_kademlia_search_condition, tvb, offset, 1, ENC_BIG_ENDIAN );
710 proto_item_append_text(ti, " [%s]", val_to_str_const( value, kademlia_search_conds, "Unknown") );
711
712 return offset + 1;
713 }
714
715 /* Dissects the eDonkey meta tag */
dissect_edonkey_metatag(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)716 static int dissect_edonkey_metatag(tvbuff_t *tvb, packet_info *pinfo _U_,
717 int offset, proto_tree *tree)
718 {
719 /* <Meta Tag> ::= <Tag Type (guint8)> <Tag Name> <Tag> */
720 /* <Tag Name> ::= <Tag Name Size (guint16)> <Special Tag> || <String> */
721 /* <Tag Name> ::= <Special Tag> iff Tag Type had the top bit set */
722 proto_item *ti;
723 proto_tree *metatag_tree;
724 guint8 real_tag_type, tag_type, special_tagtype, trans_tagtype;
725 guint16 tag_name_size, string_length, array_length;
726 guint32 tag_length, blob_length;
727 int tag_offset;
728
729 real_tag_type = tag_type = tvb_get_guint8(tvb, offset);
730 if (tag_type & EDONKEY_MTAG_SHORTNAME) {
731 real_tag_type &= ~EDONKEY_MTAG_SHORTNAME;
732 tag_name_size = 1;
733 special_tagtype = tvb_get_guint8(tvb, offset+1);
734 tag_length = 2;
735 } else {
736 tag_name_size = tvb_get_letohs(tvb, offset+1);
737 special_tagtype = tvb_get_guint8(tvb, offset+3);
738 tag_length = 3 + tag_name_size;
739 }
740
741 tag_offset = offset + tag_length;
742
743 switch (real_tag_type)
744 {
745 case EDONKEY_MTAG_HASH:
746 /* <Tag> ::= HASH */
747 tag_length += 16;
748 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
749 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
750 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
751 if (tag_type==real_tag_type)
752 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
753 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
754 proto_tree_add_item(metatag_tree, hf_edonkey_hash, tvb, tag_offset, 16, ENC_NA);
755 break;
756
757 case EDONKEY_MTAG_STRING:
758 /* <Tag> ::= <Length (guint16)> <String> */
759 string_length = tvb_get_letohs(tvb, tag_offset);
760 tag_length += 2+string_length;
761 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
762 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
763 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
764 if (tag_type==real_tag_type)
765 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
766 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
767 proto_tree_add_uint(metatag_tree, hf_edonkey_string_length, tvb, tag_offset, 2, string_length);
768 proto_tree_add_item(metatag_tree, hf_edonkey_string, tvb, tag_offset+2, string_length, ENC_ASCII|ENC_NA);
769 break;
770
771 case EDONKEY_MTAG_DWORD:
772 /* <Tag> ::= guint32 */
773 tag_length += 4;
774 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
775 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
776 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
777 if (tag_type==real_tag_type)
778 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
779 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
780 trans_tagtype = edonkey_metatag_name_get_type(tvb, offset+3, tag_name_size, special_tagtype);
781 if (trans_tagtype == EDONKEY_STAG_IP) {
782 proto_tree_add_item(metatag_tree, hf_edonkey_ip, tvb, tag_offset, 4, ENC_BIG_ENDIAN);
783 }
784 else if (trans_tagtype == EMULE_STAG_SERVER_VERSION) {
785 proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_revision, tvb, tag_offset, 4, ENC_LITTLE_ENDIAN);
786 }
787 else {
788 proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 4, ENC_LITTLE_ENDIAN);
789 }
790 break;
791
792 case EDONKEY_MTAG_FLOAT:
793 /* <Tag> ::= 4 byte float */
794 tag_length += 4;
795 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
796 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
797 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
798 if (tag_type==real_tag_type)
799 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
800 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
801 break;
802
803 case EDONKEY_MTAG_WORD:
804 /* <Tag> ::= guint16 */
805 tag_length += 2;
806 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
807 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
808 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
809 if (tag_type==real_tag_type)
810 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
811 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
812
813 proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN);
814 break;
815
816 case EDONKEY_MTAG_BYTE:
817 /* <Tag> ::= guint8 */
818 tag_length += 1;
819 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
820 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
821 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
822 if (tag_type==real_tag_type)
823 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
824 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
825 proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 1, ENC_NA);
826 break;
827
828 case EDONKEY_MTAG_BOOL:
829 /* <Tag> ::= <Bool (guint8)> */
830 tag_length += 1;
831 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
832 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
833 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
834 if (tag_type==real_tag_type)
835 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
836 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
837 proto_tree_add_item(metatag_tree, hf_edonkey_meta_tag_value_uint, tvb, tag_offset, 1, ENC_NA);
838 break;
839
840 case EDONKEY_MTAG_BOOL_ARRAY:
841 /* <Tag> ::= <Length (guint16)> <BoolArray> */
842 array_length = tvb_get_letohs(tvb, tag_offset);
843 /*
844 * This is allegedly what the protocol uses, rather than the
845 * correct value of (array_length+7)/8
846 * Therefore an extra unused byte is transmitted if the array
847 * is a multiple of 8 longs.
848 */
849 tag_length += 2+(array_length/8)+1;
850 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
851 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
852 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
853 if (tag_type==real_tag_type)
854 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
855 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
856 proto_tree_add_item(metatag_tree, hf_edonkey_boolean_array_length, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN);
857 break;
858
859 case EDONKEY_MTAG_BLOB:
860 /* <Tag> ::= <Length (guint32)> <BLOB> */
861 blob_length = tvb_get_letohl(tvb, tag_offset);
862 tag_length += 4+blob_length;
863 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
864 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
865 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
866 if (tag_type==real_tag_type)
867 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
868 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
869 proto_tree_add_item(metatag_tree, hf_edonkey_blob_length, tvb, tag_offset, 2, ENC_LITTLE_ENDIAN);
870 break;
871
872 case EDONKEY_MTAG_BSOB:
873 /* This is possibly a Binary Small OBject, like a BLOB but with an 8 or 16-bit length field */
874 /* That's a complete guess though, so don't handle it yet. */
875 case EDONKEY_MTAG_UNKNOWN:
876 default:
877 if (real_tag_type>=EDONKEY_MTAG_STR1 && real_tag_type<=EDONKEY_MTAG_STR16) {
878 /* <Tag> ::= <String> */
879 string_length = real_tag_type-EDONKEY_MTAG_STR1+1;
880 tag_length += string_length;
881 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
882 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
883 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type);
884 if (real_tag_type==tag_type)
885 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
886 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
887 proto_tree_add_item(metatag_tree, hf_edonkey_string, tvb, tag_offset, string_length, ENC_ASCII|ENC_NA);
888
889 } else {
890 /* Unknown tag type - actual tag length is also unknown */
891 ti = proto_tree_add_item(tree, hf_edonkey_metatag, tvb, offset, tag_length, ENC_NA);
892 metatag_tree = proto_item_add_subtree(ti, ett_edonkey_metatag);
893 proto_tree_add_uint_format(metatag_tree, hf_edonkey_metatag_type, tvb, offset, 1, tag_type, "Unknown Meta Tag Type (0x%02x)", tag_type);
894 if (real_tag_type==tag_type)
895 proto_tree_add_uint(metatag_tree, hf_edonkey_metatag_namesize, tvb, offset+1, 2, tag_name_size);
896 edonkey_tree_add_metatag_name(metatag_tree, tvb, tag_offset-tag_name_size, tag_name_size, special_tagtype);
897 }
898 break;
899
900 }
901
902 return offset + tag_length;
903 }
904
905 /* Dissects the eDonkey address */
dissect_edonkey_address(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)906 static int dissect_edonkey_address(tvbuff_t *tvb, packet_info *pinfo _U_,
907 int offset, proto_tree *tree)
908 {
909 /* <Address> ::= <IP> <Port> */
910 /* guint32 ip = tvb_get_letohl(tvb, offset);
911 proto_tree_add_ipv4(tree, hf_edonkey_ip, tvb, offset, 4, ip); */
912 proto_tree_add_item(tree, hf_edonkey_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
913 proto_tree_add_item(tree, hf_edonkey_port, tvb, offset+4, 2, ENC_LITTLE_ENDIAN);
914 return offset+6;
915 }
916
917
dissect_kademlia_udp_port(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)918 static int dissect_kademlia_udp_port(tvbuff_t *tvb, packet_info *pinfo _U_,
919 int offset, proto_tree *tree)
920 {
921 proto_tree_add_item(tree, hf_kademlia_udp_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
922 return offset +2;
923 }
924
dissect_kademlia_tcp_port(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)925 static int dissect_kademlia_tcp_port(tvbuff_t *tvb, packet_info *pinfo _U_,
926 int offset, proto_tree *tree)
927 {
928 proto_tree_add_item(tree, hf_kademlia_tcp_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
929 return offset +2;
930 }
931
932
dissect_kademlia_ip_address(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)933 static int dissect_kademlia_ip_address(tvbuff_t *tvb, packet_info *pinfo _U_,
934 int offset, proto_tree *tree)
935 {
936 proto_tree_add_item(tree, hf_kademlia_ip, tvb, offset, 4, ENC_LITTLE_ENDIAN);
937 return offset + 4;
938 }
939
940
dissect_kademlia_address(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)941 static int dissect_kademlia_address(tvbuff_t *tvb, packet_info *pinfo,
942 int offset, proto_tree *tree)
943 {
944 /* <Address> ::= <IP> <Port> <Tcp Port>*/
945 offset = dissect_kademlia_ip_address( tvb, pinfo, offset, tree );
946
947 offset = dissect_kademlia_udp_port( tvb, pinfo, offset, tree );
948
949 offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree );
950
951 return offset;
952 }
953
dissect_kademlia_tagname(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree,const gchar ** outputTagName,const gchar ** outputExtendedTagName)954 static int dissect_kademlia_tagname(tvbuff_t *tvb, packet_info *pinfo _U_,
955 int offset, proto_tree *tree, const gchar** outputTagName, const gchar** outputExtendedTagName)
956 {
957 /* <String> ::= <String length (guint16)> DATA */
958 const gchar * tagname;
959 const gchar * tag_full_name = NULL;
960 guint8 tagname_value;
961 proto_item *ti, *hidden_item;
962
963 guint16 string_length = tvb_get_letohs(tvb, offset);
964
965 proto_tree_add_uint(tree, hf_kademlia_tag_name_length, tvb, offset, 2, string_length);
966
967 hidden_item = proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length);
968 proto_item_set_hidden(hidden_item);
969
970 tagname = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 2, string_length, ENC_ASCII|ENC_NA);
971
972 tag_full_name = "UnknownTagName";
973
974 if ( tagname && string_length == 1 ) {
975 tagname_value = *(const guint8*)tagname;
976 /* lookup tagname */
977 tag_full_name = val_to_str_const( tagname_value, kademlia_tags, tag_full_name );
978 }
979
980 ti = proto_tree_add_item(tree, hf_kademlia_tag_name, tvb, offset + 2, string_length, ENC_BIG_ENDIAN);
981 proto_item_append_text(ti, " [%s]", tag_full_name);
982
983 if (outputTagName)
984 *outputTagName = tagname;
985
986 if (outputExtendedTagName)
987 *outputExtendedTagName = tag_full_name;
988
989 return offset+2+string_length;
990 }
991
dissect_kademlia_string(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)992 static int dissect_kademlia_string(tvbuff_t *tvb, packet_info *pinfo _U_,
993 int offset, proto_tree *tree)
994 {
995 /* <String> ::= <String length (guint16)> DATA */
996 guint16 string_length = tvb_get_letohs(tvb, offset);
997
998 proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length);
999
1000 /* TODO: ASCII or UTF-8? */
1001 proto_tree_add_item(tree, hf_edonkey_kademlia_string, tvb, offset+2, string_length, ENC_ASCII|ENC_NA);
1002
1003 return offset+2+string_length;
1004 }
1005
1006 /* Dissects the eDonkey address list */
dissect_edonkey_address_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1007 static int dissect_edonkey_address_list(tvbuff_t *tvb, packet_info *pinfo,
1008 int offset, proto_tree *tree)
1009 {
1010 /* <Address List> ::= <List Size (guint8)> <Address>* */
1011 return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Address", dissect_edonkey_address);
1012 }
1013
1014 /* Dissects the eDonkey hash */
dissect_edonkey_hash(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1015 static int dissect_edonkey_hash(tvbuff_t *tvb, packet_info *pinfo _U_,
1016 int offset, proto_tree *tree)
1017 {
1018 /* <hash> ::= HASH (16 word MD4 digest) */
1019 proto_tree_add_item(tree, hf_edonkey_hash, tvb, offset, 16, ENC_NA);
1020 return offset+16;
1021 }
1022
1023 /* Dissects the eDonkey file hash */
dissect_edonkey_file_hash(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1024 static int dissect_edonkey_file_hash(tvbuff_t *tvb, packet_info *pinfo _U_,
1025 int offset, proto_tree *tree)
1026 {
1027 /* <File hash> ::= HASH (16 word MD4 digest) */
1028 proto_tree_add_item(tree, hf_edonkey_file_hash, tvb, offset, 16, ENC_NA);
1029 return offset+16;
1030 }
1031
1032 /* Dissects the eMule public key */
dissect_edonkey_public_key(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1033 static int dissect_edonkey_public_key(tvbuff_t *tvb, packet_info *pinfo _U_,
1034 int offset, proto_tree *tree)
1035 {
1036 guint8 length = tvb_get_guint8(tvb, offset);
1037 proto_tree_add_item(tree, hf_emule_public_key_length, tvb, offset, 1, ENC_NA);
1038 offset++;
1039 proto_tree_add_item(tree, hf_emule_public_key, tvb, offset, length, ENC_NA);
1040 return offset + length;
1041 }
1042
1043 /* Dissects the eMule signature */
dissect_edonkey_signature(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1044 static int dissect_edonkey_signature(tvbuff_t *tvb, packet_info *pinfo _U_,
1045 int offset, proto_tree *tree)
1046 {
1047 guint8 length = tvb_get_guint8(tvb, offset);
1048 proto_tree_add_item(tree, hf_emule_signature_length, tvb, offset, 1, ENC_NA);
1049 offset++;
1050 proto_tree_add_item(tree, hf_emule_signature, tvb, offset, length, ENC_NA);
1051 return offset + length;
1052 }
1053
kademlia_hash(tvbuff_t * tvb,int offset)1054 static const char *kademlia_hash(tvbuff_t *tvb, int offset) {
1055 guint32 hash[4];
1056 int i;
1057
1058 for (i = 0; i < 4; i++)
1059 hash[i] = tvb_get_letohl(tvb, offset + i*4);
1060
1061 return wmem_strdup_printf(wmem_packet_scope(),
1062 "%08X%08X%08X%08X", hash[0], hash[1], hash[2], hash[3]);
1063 }
1064
dissect_kademlia_hash_hidden(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1065 static int dissect_kademlia_hash_hidden(tvbuff_t *tvb, packet_info *pinfo _U_,
1066 int offset, proto_tree *tree) {
1067 proto_item *hidden_item;
1068 const char *hash;
1069
1070 hash = kademlia_hash(tvb, offset);
1071
1072 /* <File hash> ::= HASH (16 word MD4 digest) */
1073 hidden_item = proto_tree_add_string(tree, hf_kademlia_hash, tvb, offset, 16, hash);
1074 proto_item_set_hidden(hidden_item);
1075
1076 return offset+16;
1077 }
1078
1079 /* Dissects the Kademlia hash*/
dissect_kademlia_hash(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree,int * value_ptr)1080 static int dissect_kademlia_hash(tvbuff_t *tvb, packet_info *pinfo,
1081 int offset, proto_tree *tree, int *value_ptr) {
1082 const char *hash;
1083
1084 hash = kademlia_hash(tvb, offset);
1085
1086 /* <File hash> ::= HASH (16 word MD4 digest) */
1087 proto_tree_add_string(tree, *value_ptr, tvb, offset, 16, hash);
1088
1089 return dissect_kademlia_hash_hidden(tvb, pinfo, offset, tree);
1090 }
1091
dissect_kademlia_tag_hash_hidden(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1092 static int dissect_kademlia_tag_hash_hidden(tvbuff_t *tvb, packet_info *pinfo _U_,
1093 int offset, proto_tree *tree) {
1094 proto_item *hidden_item;
1095 const char *hash;
1096
1097 hash = kademlia_hash(tvb, offset);
1098
1099 /* <File hash> ::= HASH (16 word MD4 digest) */
1100 hidden_item = proto_tree_add_string(tree, hf_kademlia_tag_hash, tvb, offset, 16, hash);
1101 proto_item_set_hidden(hidden_item);
1102
1103 return offset+16;
1104 }
1105
dissect_kademlia_tag_hash(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1106 static int dissect_kademlia_tag_hash(tvbuff_t *tvb, packet_info *pinfo,
1107 int offset, proto_tree *tree) {
1108 const char *hash;
1109
1110 hash = kademlia_hash(tvb, offset);
1111
1112 /* <File hash> ::= HASH (16 word MD4 digest) */
1113 proto_tree_add_string(tree, hf_kademlia_hash, tvb, offset, 16, hash);
1114 return dissect_kademlia_tag_hash_hidden( tvb, pinfo, offset, tree );
1115 }
1116
dissect_kademlia_tag_bsob(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree,const gchar ** string_value)1117 static int dissect_kademlia_tag_bsob(tvbuff_t *tvb, packet_info *pinfo _U_,
1118 int offset, proto_tree *tree, const gchar** string_value )
1119 {
1120 guint16 bsob_length;
1121
1122 bsob_length = tvb_get_guint8(tvb, offset);
1123 *string_value = tvb_bytes_to_str(wmem_packet_scope(), tvb, offset + 1, bsob_length );
1124
1125 proto_tree_add_item(tree, hf_kademlia_tag_bsob, tvb, offset + 1, bsob_length, ENC_NA);
1126 return offset + 1 + bsob_length;
1127 }
1128
1129
dissect_kademlia_tag_string(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree,const guint8 ** string_value)1130 static int dissect_kademlia_tag_string(tvbuff_t *tvb, packet_info *pinfo _U_,
1131 int offset, proto_tree *tree, const guint8** string_value)
1132 {
1133 proto_item *hidden_item;
1134 guint16 string_length = tvb_get_letohs(tvb, offset);
1135
1136 hidden_item = proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length);
1137 proto_item_set_hidden(hidden_item);
1138 hidden_item = proto_tree_add_item_ret_string(tree, hf_edonkey_string, tvb, offset + 2, string_length, ENC_ASCII|ENC_NA, wmem_packet_scope(), string_value);
1139 proto_item_set_hidden(hidden_item);
1140
1141 proto_tree_add_item(tree, hf_kademlia_tag_string, tvb, offset + 2, string_length, ENC_ASCII|ENC_NA);
1142 return offset + 2 + string_length;
1143 }
1144
1145 /* Dissects the eDonkey hash list */
dissect_edonkey_hash_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1146 static int dissect_edonkey_hash_list(tvbuff_t *tvb, packet_info *pinfo,
1147 int offset, proto_tree *tree)
1148 {
1149 /* <Hash List> ::= <File Hash> <List Size (guint16)> <Hash>* */
1150 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1151 return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Hash", dissect_edonkey_hash);
1152 }
1153
1154 /* Dissects the eDonkey meta tag list */
dissect_edonkey_metatag_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1155 static int dissect_edonkey_metatag_list(tvbuff_t *tvb, packet_info *pinfo,
1156 int offset, proto_tree *tree)
1157 {
1158 /* <Meta Tag List> ::= <List Size (guint32)> <Meta tag>* */
1159 return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Meta Tag", dissect_edonkey_metatag);
1160 }
1161
1162 /* Dissects the eDonkey String */
dissect_edonkey_string(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1163 static int dissect_edonkey_string(tvbuff_t *tvb, packet_info *pinfo _U_,
1164 int offset, proto_tree *tree)
1165 {
1166 /* <String> ::= <String length (guint16)> DATA */
1167 guint16 string_length = tvb_get_letohs(tvb, offset);
1168 proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length);
1169 proto_tree_add_item(tree, hf_edonkey_string, tvb, offset+2, string_length, ENC_ASCII|ENC_NA);
1170 return offset+2+string_length;
1171 }
1172
1173 /* Dissects the eDonkey Directory */
dissect_edonkey_directory(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1174 static int dissect_edonkey_directory(tvbuff_t *tvb, packet_info *pinfo _U_,
1175 int offset, proto_tree *tree)
1176 {
1177 /* <Directory> ::= <String> */
1178 guint16 string_length = tvb_get_letohs(tvb, offset);
1179 proto_tree_add_uint(tree, hf_edonkey_string_length, tvb, offset, 2, string_length);
1180 proto_tree_add_item(tree, hf_edonkey_directory, tvb, offset+2, string_length, ENC_ASCII|ENC_NA);
1181 return offset+2+string_length;
1182 }
1183
1184 /* Dissects the eDonkey Filename */
dissect_edonkey_file_name(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1185 static int dissect_edonkey_file_name(tvbuff_t *tvb, packet_info *pinfo,
1186 int offset, proto_tree *tree)
1187 {
1188 /* <Filename> ::= <String> */
1189 return dissect_edonkey_string(tvb, pinfo, offset, tree);
1190 }
1191
1192 /* Dissects the eDonkey File Status */
dissect_edonkey_file_status(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1193 static int dissect_edonkey_file_status(tvbuff_t *tvb, packet_info *pinfo _U_,
1194 int offset, proto_tree *tree)
1195 {
1196 guint16 partcount, arrlen;
1197
1198 /* <File Status> ::= <Part Count> <Part Status> */
1199 partcount = tvb_get_letohs(tvb, offset);
1200 arrlen = (partcount+7)/8;
1201
1202 proto_tree_add_uint(tree, hf_edonkey_part_count, tvb, offset, 2, partcount);
1203 if (partcount>0) {
1204 proto_tree_add_item(tree, hf_edonkey_file_status, tvb, offset+2, arrlen, ENC_NA);
1205 }
1206 return offset+2+arrlen;
1207 }
1208
1209
1210 /* Dissects the eDonkey directory list */
dissect_edonkey_directory_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1211 static int dissect_edonkey_directory_list(tvbuff_t *tvb, packet_info *pinfo,
1212 int offset, proto_tree *tree)
1213 {
1214 /* <Directory List> ::= <List Size (guint32)> <Directory>* */
1215 return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Directory", dissect_edonkey_directory);
1216 }
1217
1218 /* Dissects the eDonkey server hash */
dissect_edonkey_server_hash(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1219 static int dissect_edonkey_server_hash(tvbuff_t *tvb, packet_info *pinfo _U_,
1220 int offset, proto_tree *tree)
1221 {
1222 /* <Server hash> ::= HASH (16 word MD4 digest) */
1223 proto_tree_add_item(tree, hf_edonkey_server_hash, tvb, offset, 16, ENC_NA);
1224 return offset+16;
1225 }
1226
1227 /* Dissects the eDonkey client hash */
dissect_edonkey_client_hash(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1228 static int dissect_edonkey_client_hash(tvbuff_t *tvb, packet_info *pinfo _U_,
1229 int offset, proto_tree *tree)
1230 {
1231 /* <Client hash> ::= HASH (16 word MD4 digest) */
1232 proto_tree_add_item(tree, hf_edonkey_client_hash, tvb, offset, 16, ENC_NA);
1233 return offset+16;
1234 }
1235
1236 /* Dissects the eMule sourceOBFU */
dissect_emule_sourceOBFU(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1237 static int dissect_emule_sourceOBFU(tvbuff_t *tvb, packet_info *pinfo,
1238 int offset, proto_tree *tree)
1239 {
1240
1241 proto_item *ti;
1242 proto_tree *sourceOBFU_tree;
1243 guint8 settings = tvb_get_guint8(tvb, offset+6);
1244 /* Add subtree for client info */
1245 ti = proto_tree_add_item(tree, hf_emule_sourceOBFU, tvb, offset, 7 + ((settings & 0x80) ? 16 : 0), ENC_NA);
1246 sourceOBFU_tree = proto_item_add_subtree(ti, ett_emule_sourceOBFU);
1247
1248 proto_tree_add_item(sourceOBFU_tree, hf_edonkey_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
1249 proto_tree_add_item(sourceOBFU_tree, hf_edonkey_port, tvb, offset+4, 2, ENC_LITTLE_ENDIAN);
1250 proto_tree_add_item(sourceOBFU_tree, hf_edonkey_obfuscation_settings, tvb, offset+6, 1, ENC_NA);
1251 offset += 7;
1252 if (settings & 0x80)
1253 offset = dissect_edonkey_client_hash(tvb, pinfo, offset, sourceOBFU_tree);
1254 return offset;
1255 }
1256
1257
1258 /* Dissects the eMule sourceOBFU list */
dissect_emule_sourceOBFU_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1259 static int dissect_emule_sourceOBFU_list(tvbuff_t *tvb, packet_info *pinfo,
1260 int offset, proto_tree *tree)
1261 {
1262 return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Sources Obfuscation", dissect_emule_sourceOBFU);
1263 }
1264
1265
1266 /* Dissects the eDonkey client ID */
dissect_edonkey_client_id(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree,gboolean fileinfo)1267 static int dissect_edonkey_client_id(tvbuff_t *tvb, packet_info *pinfo _U_,
1268 int offset, proto_tree *tree, gboolean fileinfo)
1269 {
1270 proto_item *ti;
1271 /* <Client ID> ::= guint32 */
1272 /* guint32 ip = tvb_get_letohl(tvb, offset);
1273 proto_tree_add_ipv4(tree, hf_edonkey_client_id, tvb, offset, 4, ip); */
1274 ti = proto_tree_add_item(tree, hf_edonkey_client_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1275 if (fileinfo) {
1276 guint32 ip = tvb_get_letohl(tvb, offset);
1277 guint16 port = tvb_get_letohs(tvb, offset+4);
1278 if (ip==0xfcfcfcfc && port==0xfcfc) {
1279 proto_item_append_text(ti, " (myself, incomplete file)");
1280 } else if (ip==0xfbfbfbfb && port==0xfbfb) {
1281 proto_item_append_text(ti, " (myself, complete file)");
1282 }
1283 }
1284 return offset+4;
1285 }
1286
1287 /* Dissects the eDonkey port */
dissect_edonkey_port(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1288 static int dissect_edonkey_port(tvbuff_t *tvb, packet_info *pinfo _U_,
1289 int offset, proto_tree *tree)
1290 {
1291 /* <Port> ::= guint16 */
1292 proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1293 return offset+2;
1294 }
1295
1296 /* Dissects the eDonkey start offset */
dissect_edonkey_start_offset(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1297 static int dissect_edonkey_start_offset(tvbuff_t *tvb, packet_info *pinfo _U_,
1298 int offset, proto_tree *tree)
1299 {
1300 /* <Start Offset> ::= guint32 */
1301 proto_tree_add_item(tree, hf_edonkey_start_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1302 return offset+4;
1303 }
1304
dissect_edonkey_start_offset_64(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1305 static int dissect_edonkey_start_offset_64(tvbuff_t *tvb, packet_info *pinfo _U_,
1306 int offset, proto_tree *tree)
1307 {
1308 /* <Start Offset> ::= guint64 */
1309 proto_tree_add_item(tree, hf_edonkey_start_offset_64, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1310 return offset+8;
1311 }
1312
1313 /* Dissects the eDonkey end offset */
dissect_edonkey_end_offset(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1314 static int dissect_edonkey_end_offset(tvbuff_t *tvb, packet_info *pinfo _U_,
1315 int offset, proto_tree *tree)
1316 {
1317 /* <End Offset> ::= guint32 */
1318 proto_tree_add_item(tree, hf_edonkey_end_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1319 return offset+4;
1320 }
1321
dissect_edonkey_end_offset_64(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1322 static int dissect_edonkey_end_offset_64(tvbuff_t *tvb, packet_info *pinfo _U_,
1323 int offset, proto_tree *tree)
1324 {
1325 /* <End Offset> ::= guint64 */
1326 proto_tree_add_item(tree, hf_edonkey_end_offset_64, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1327 return offset+8;
1328 }
1329
1330 /* Dissects the eDonkey client info */
dissect_edonkey_client_info(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1331 static int dissect_edonkey_client_info(tvbuff_t *tvb, packet_info *pinfo,
1332 int offset, proto_tree *tree)
1333 {
1334 /* <Client info> ::= <Client hash> <Client ID> <Port> <Meta tag list> */
1335 proto_item *ti;
1336 proto_tree *clientinfo_tree;
1337 /* Add subtree for client info */
1338 ti = proto_tree_add_item(tree, hf_edonkey_clientinfo, tvb, offset, 0, ENC_NA);
1339 clientinfo_tree = proto_item_add_subtree(ti, ett_edonkey_clientinfo);
1340 offset = dissect_edonkey_client_hash(tvb, pinfo, offset, clientinfo_tree);
1341 offset = dissect_edonkey_client_id(tvb, pinfo, offset, clientinfo_tree, FALSE);
1342 offset = dissect_edonkey_port(tvb, pinfo, offset, clientinfo_tree);
1343 offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, clientinfo_tree);
1344 return offset;
1345 }
1346
1347 /* Dissects the eDonkey client info list */
dissect_edonkey_client_info_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1348 static int dissect_edonkey_client_info_list(tvbuff_t *tvb, packet_info *pinfo,
1349 int offset, proto_tree *tree)
1350 {
1351 /* <Client Info List> ::= <List Size (guint32)> <Client Info>* */
1352 return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Client Info", dissect_edonkey_client_info);
1353 }
1354
1355 /* Dissects the eDonkey server info */
dissect_edonkey_server_info(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1356 static int dissect_edonkey_server_info(tvbuff_t *tvb, packet_info *pinfo,
1357 int offset, proto_tree *tree)
1358 {
1359 /* <Server info> ::= <Server hash> <Server Address> <Meta tag list> */
1360 proto_item *ti;
1361 proto_tree *serverinfo_tree;
1362 /* Add subtree for server info */
1363 ti = proto_tree_add_item(tree, hf_edonkey_serverinfo, tvb, offset, 0, ENC_NA);
1364 serverinfo_tree = proto_item_add_subtree(ti, ett_edonkey_serverinfo);
1365 offset = dissect_edonkey_server_hash(tvb, pinfo, offset, serverinfo_tree);
1366 offset = dissect_edonkey_address(tvb, pinfo, offset, serverinfo_tree);
1367 offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, serverinfo_tree);
1368 return offset;
1369 }
1370
1371 /* Dissects the eDonkey file info */
dissect_edonkey_file_info(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1372 static int dissect_edonkey_file_info(tvbuff_t *tvb, packet_info *pinfo,
1373 int offset, proto_tree *tree)
1374 {
1375 /* <File info> ::= <File hash> <Client ID> <Port> <Meta tag list> */
1376 proto_item *ti;
1377 proto_tree *fileinfo_tree;
1378 int startoff;
1379 /* Add subtree for file info */
1380 ti = proto_tree_add_item(tree, hf_edonkey_fileinfo, tvb, offset, 0, ENC_NA);
1381 startoff = offset;
1382 fileinfo_tree = proto_item_add_subtree(ti, ett_edonkey_fileinfo);
1383 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, fileinfo_tree);
1384 offset = dissect_edonkey_client_id(tvb, pinfo, offset, fileinfo_tree, TRUE);
1385 offset = dissect_edonkey_port(tvb, pinfo, offset, fileinfo_tree);
1386 offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, fileinfo_tree);
1387 proto_item_set_len(ti, offset-startoff);
1388 return offset;
1389 }
1390
1391 /* Dissects the eDonkey file info list */
dissect_edonkey_file_info_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1392 static int dissect_edonkey_file_info_list(tvbuff_t *tvb, packet_info *pinfo,
1393 int offset, proto_tree *tree)
1394 {
1395 /* <File Info List> ::= <List Size (guint32)> <File Info>* */
1396 return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "File Info", dissect_edonkey_file_info);
1397 }
1398
1399
1400 /* Dissects the eMule address list */
dissect_emule_address_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1401 static int dissect_emule_address_list(tvbuff_t *tvb, packet_info *pinfo,
1402 int offset, proto_tree *tree)
1403 {
1404 /* <Address List> ::= <List Size (guint16)> <Address>* */
1405 return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Address", dissect_edonkey_address);
1406 }
1407
dissect_emule_aich_root_hash(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1408 static int dissect_emule_aich_root_hash(tvbuff_t *tvb, packet_info *pinfo _U_,
1409 int offset, proto_tree *tree)
1410 {
1411 /* <AICH Root Hash> ::= HASH (20 byte SHA1 digest) */
1412 proto_tree_add_item(tree, hf_emule_aich_root_hash, tvb, offset, 20, ENC_NA);
1413 return offset + 20;
1414 }
1415
dissect_emule_aich_hash_list_entry(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1416 static int dissect_emule_aich_hash_list_entry(tvbuff_t *tvb, packet_info *pinfo _U_,
1417 int offset, proto_tree *tree)
1418 {
1419 guint16 hashid;
1420 proto_item *ti;
1421 proto_tree *aichhash_tree;
1422 /* <AICH Hash List Entry> ::= <AICH Hash ID> <AICH Hash> */
1423 ti = proto_tree_add_item(tree, hf_emule_aich_hash_entry, tvb, offset, 22, ENC_NA);
1424 aichhash_tree = proto_item_add_subtree(ti, ett_emule_aichhash);
1425
1426 hashid = tvb_get_letohs(tvb, offset);
1427 proto_tree_add_uint(aichhash_tree, hf_emule_aich_hash_id, tvb, offset, 2, hashid);
1428 proto_tree_add_item(aichhash_tree, hf_emule_aich_hash, tvb, offset+2, 20, ENC_NA);
1429 return offset + 22;
1430 }
1431
dissect_emule_aich_hash_list(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1432 static int dissect_emule_aich_hash_list(tvbuff_t *tvb, packet_info *pinfo,
1433 int offset, proto_tree *tree)
1434 {
1435 /* <AICH Hash List> ::= <List Size (guint16)> < <AICH Hash ID> <AICH Hash> >* */
1436 return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "AICH Hash", dissect_emule_aich_hash_list_entry);
1437 }
1438
dissect_emule_multipacket(tvbuff_t * tvb,packet_info * pinfo,int offset,int eoffset,proto_tree * tree,int isext)1439 static int dissect_emule_multipacket(tvbuff_t *tvb, packet_info *pinfo,
1440 int offset, int eoffset, proto_tree *tree, int isext)
1441 {
1442 guint8 opcode, nextop;
1443 guint16 namelen, partcount, arrlen, oplen;
1444 guint32 sourcecount;
1445 proto_item *ti;
1446 proto_tree *mp_tree;
1447
1448 /* <MultiPacket> ::= <File Hash> <Opcodes>* */
1449 /* <MultiPacketExt> ::= <File Hash> <FileLength> <Opcodes>* */
1450 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1451
1452 if (isext) {
1453 proto_tree_add_item(tree, hf_edonkey_emule_file_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1454 offset += 8;
1455 }
1456
1457 while (offset<eoffset) {
1458 opcode = tvb_get_guint8(tvb, offset);
1459
1460 switch (opcode) {
1461 case EDONKEY_MSG_FILE_STATUS_REQUEST:
1462 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA);
1463 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1464
1465 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1466 opcode, "File Status Request (0x%02x)", opcode);
1467 offset += 1;
1468 break;
1469 case EDONKEY_MSG_FILE_REQUEST:
1470 partcount = 443; /* Invalid */
1471 sourcecount = 65536; /* Out of range */
1472 arrlen = 0;
1473 oplen = 1;
1474
1475 if (offset+2<eoffset) {
1476 nextop = tvb_get_guint8(tvb, offset+1);
1477 if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST &&
1478 nextop!=EMULE_MSG_SOURCES_REQUEST &&
1479 nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) {
1480
1481 partcount = tvb_get_letohs(tvb, offset+1);
1482 if (partcount<=442) {
1483 arrlen = (partcount+7)/8;
1484 oplen += 2+arrlen;
1485
1486 if (offset+2+arrlen+2<eoffset) {
1487 nextop = tvb_get_guint8(tvb, offset+2+arrlen+1);
1488 if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST &&
1489 nextop!=EMULE_MSG_SOURCES_REQUEST &&
1490 nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) {
1491
1492 sourcecount = tvb_get_letohs(tvb, offset+2+arrlen+1);
1493 oplen += 2;
1494 }
1495 }
1496 }
1497 }
1498 }
1499
1500 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, oplen, ENC_NA);
1501 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1502
1503 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1504 opcode, "File Name Request (0x%02x)", opcode);
1505 if (partcount<=442) {
1506 dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree);
1507 if (sourcecount<65536) {
1508 proto_tree_add_uint(mp_tree, hf_emule_source_count, tvb, offset+3+arrlen, 2, sourcecount);
1509 }
1510 }
1511 offset += oplen;
1512 break;
1513 case EMULE_MSG_SOURCES_REQUEST:
1514 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA);
1515 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1516
1517 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1518 opcode, "Sources Request (0x%02x)", opcode);
1519 offset += 1;
1520 break;
1521 case EMULE_MSG_AICHFILEHASH_REQUEST:
1522 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, ENC_NA);
1523 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1524
1525 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1526 opcode, "AICH Root Hash Request (0x%02x)", opcode);
1527 offset += 1;
1528 break;
1529
1530 case EDONKEY_MSG_FILE_STATUS:
1531 partcount = tvb_get_letohs(tvb, offset+1);
1532 arrlen = (partcount+7)/8;
1533
1534 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+arrlen, ENC_NA);
1535 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1536
1537 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1538 opcode, "File Status (0x%02x)", opcode);
1539 offset = dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree);
1540 break;
1541 case EDONKEY_MSG_FILE_REQUEST_ANSWER:
1542 namelen = tvb_get_letohs(tvb, offset+1);
1543
1544 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+namelen, ENC_NA);
1545 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1546
1547 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1548 opcode, "File Name (0x%02x)", opcode);
1549 offset = dissect_edonkey_file_name(tvb, pinfo, offset+1, mp_tree);
1550 break;
1551 case EMULE_MSG_AICHFILEHASH_ANSWER:
1552 ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 21, ENC_NA);
1553 mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket);
1554
1555 proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1556 opcode, "AICH Root Hash (0x%02x)", opcode);
1557 proto_tree_add_item(mp_tree, hf_emule_aich_root_hash, tvb, offset+1, 20, ENC_NA);
1558 offset += 21;
1559 break;
1560
1561 default:
1562 /* Unknown opcode means we can't continue parsing the stream */
1563 proto_tree_add_uint_format(tree, hf_emule_multipacket_opcode, tvb, offset, 1,
1564 opcode, "Unknown MultiPacket opcode (0x%02x)", opcode);
1565 return offset+1;
1566 }
1567 }
1568
1569 return offset;
1570 }
1571
1572 /* Dissects the Overnet peer type */
dissect_overnet_peertype(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1573 static int dissect_overnet_peertype(tvbuff_t *tvb, packet_info *pinfo _U_,
1574 int offset, proto_tree *tree)
1575 {
1576 /* <Peer type> ::= guint8 */
1577 proto_tree_add_item(tree, hf_edonkey_overnet_peer_type, tvb, offset, 1, ENC_NA);
1578 return offset+1;
1579 }
1580
1581 /* Dissects the Overnet peer */
dissect_overnet_peer(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1582 static int dissect_overnet_peer(tvbuff_t *tvb, packet_info *pinfo,
1583 int offset, proto_tree *tree)
1584 {
1585 /* <Peer> ::= <Hash> <Address> <Peer type> */
1586 proto_item *ti;
1587 proto_tree *peer_tree;
1588 ti = proto_tree_add_item(tree, hf_overnet_peer, tvb, offset, 16 + 6 + 1, ENC_NA);
1589 peer_tree = proto_item_add_subtree(ti, ett_overnet_peer);
1590 offset = dissect_edonkey_hash(tvb, pinfo, offset, peer_tree);
1591 offset = dissect_edonkey_address(tvb, pinfo, offset, peer_tree);
1592 offset = dissect_overnet_peertype(tvb, pinfo, offset, peer_tree);
1593 return offset;
1594 }
1595
dissect_kademlia_peertype(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)1596 static int dissect_kademlia_peertype(tvbuff_t *tvb, packet_info *pinfo _U_,
1597 int offset, proto_tree *tree)
1598 {
1599 /* <Peer type> ::= 1bytes */
1600 proto_tree_add_item( tree, hf_kademlia_peertype, tvb, offset, 1, ENC_BIG_ENDIAN );
1601 return offset + 1;
1602 }
1603
1604 /* Dissects the Kademlia peer */
dissect_kademlia_peer(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1605 static int dissect_kademlia_peer(tvbuff_t *tvb, packet_info *pinfo,
1606 int offset, proto_tree *tree)
1607 {
1608 /* <Peer> ::= <Hash> <Address> <Peer type> */
1609 proto_item *ti;
1610 proto_tree *peer_tree;
1611
1612 ti = proto_tree_add_item(tree, hf_kademlia_peer, tvb, offset, 16 + 4 + 4 + 1, ENC_NA);
1613
1614 peer_tree = proto_item_add_subtree(ti, ett_overnet_peer);
1615
1616 /* 16 */
1617 offset = dissect_kademlia_hash(tvb, pinfo, offset, peer_tree, &hf_kademlia_peer_id);
1618
1619 /* 8 ( 4 ip + 2 tcp port + 2 udp port ) */
1620 offset = dissect_kademlia_address(tvb, pinfo, offset, peer_tree);
1621
1622 /* 1 */
1623 /* offset = dissect_kademlia_peertype(tvb, pinfo, offset, peer_tree); */
1624 proto_tree_add_item(peer_tree, hf_kademlia_version, tvb, offset, 1, ENC_BIG_ENDIAN);
1625 return offset + 1;
1626 }
1627
1628 /* Dissects the Kademlia2 peer */
dissect_kademlia2_peer(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1629 static int dissect_kademlia2_peer(tvbuff_t *tvb, packet_info *pinfo,
1630 int offset, proto_tree *tree)
1631 {
1632 /* <Peer> ::= <Hash> <Address> <Peer type> */
1633 proto_item *ti;
1634 proto_tree *peer_tree;
1635
1636 ti = proto_tree_add_item(tree, hf_kademlia_peer, tvb, offset, 16 + 4 + 4 + 1, ENC_NA);
1637
1638 peer_tree = proto_item_add_subtree(ti, ett_overnet_peer);
1639
1640 /* 16 */
1641 offset = dissect_kademlia_hash(tvb, pinfo, offset, peer_tree, &hf_kademlia_peer_id);
1642
1643 /* 8 ( 4 ip + 2 tcp port + 2 udp port ) */
1644 offset = dissect_kademlia_address(tvb, pinfo, offset, peer_tree);
1645
1646 /* 1 */
1647 offset = dissect_kademlia_peertype(tvb, pinfo, offset, peer_tree);
1648 return offset;
1649 }
1650
1651
1652 /* Dissects the eDonkey search query */
dissect_edonkey_search_query(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)1653 static int dissect_edonkey_search_query(tvbuff_t *tvb, packet_info *pinfo,
1654 int offset, proto_tree *tree)
1655 {
1656 /* <Search Query> ::= <Search Type> <Search> */
1657 proto_item *ti;
1658 proto_tree *search_tree;
1659 guint8 search_type, special_tagtype;
1660 guint16 tag_name_size, string_length;
1661 guint32 search_length;
1662 int string_offset, tag_name_offset;
1663
1664 search_type = tvb_get_guint8(tvb, offset);
1665 search_length = 1;
1666 ti = proto_tree_add_uint(tree, hf_edonkey_search_type, tvb, offset, 1, search_type);
1667
1668 switch (search_type)
1669 {
1670 case EDONKEY_SEARCH_BOOL:
1671 /* <Search> ::= <Operator> <Search Query> <Search Query> */
1672 search_length += 1;
1673
1674 /* Add subtree for search entry */
1675 proto_item_set_len(ti, search_length);
1676 search_tree = proto_item_add_subtree(ti, ett_edonkey_search);
1677
1678 /* Add query info */
1679 proto_tree_add_item(search_tree, hf_edonkey_search_ops, tvb, offset+1, 1, ENC_LITTLE_ENDIAN);
1680
1681 offset+=2;
1682 offset = dissect_edonkey_search_query(tvb, pinfo, offset, search_tree);
1683 offset = dissect_edonkey_search_query(tvb, pinfo, offset, search_tree);
1684 break;
1685
1686 case EDONKEY_SEARCH_NAME:
1687 /* <Search> ::= <String> */
1688 string_offset = offset + search_length;
1689 string_length = tvb_get_letohs(tvb, string_offset);
1690 search_length += 2+string_length;
1691
1692 /* Add subtree for search entry */
1693 proto_item_set_len(ti, search_length);
1694 search_tree = proto_item_add_subtree(ti, ett_edonkey_search);
1695
1696 /* Add query info */
1697 proto_tree_add_uint(search_tree, hf_edonkey_string_length, tvb, string_offset, 2, string_length);
1698 proto_tree_add_item(search_tree, hf_edonkey_string, tvb, string_offset+2, string_length, ENC_ASCII|ENC_NA);
1699 offset += search_length;
1700 break;
1701
1702 case EDONKEY_SEARCH_META:
1703 /* <Search> ::= <String> <Meta tag Name> */
1704 string_offset = offset + search_length;
1705 string_length = tvb_get_letohs(tvb, offset+1);
1706 search_length += 2+string_length;
1707
1708 tag_name_offset = offset + search_length;
1709 tag_name_size = tvb_get_letohs(tvb, tag_name_offset);
1710 special_tagtype = tvb_get_guint8(tvb, tag_name_offset+2);
1711 search_length += 2 + tag_name_size;
1712
1713 /* Add subtree for search entry */
1714 proto_item_set_len(ti, search_length);
1715 search_tree = proto_item_add_subtree(ti, ett_edonkey_search);
1716
1717 /* Add query info */
1718 proto_tree_add_uint(search_tree, hf_edonkey_string_length, tvb, string_offset, 2, string_length);
1719 proto_tree_add_item(search_tree, hf_edonkey_string, tvb, string_offset+2, string_length, ENC_ASCII|ENC_NA);
1720 proto_tree_add_uint(search_tree, hf_edonkey_metatag_namesize, tvb, tag_name_offset, 2, tag_name_size);
1721 edonkey_tree_add_metatag_name(search_tree, tvb, tag_name_offset+2, tag_name_size, special_tagtype);
1722 offset += search_length;
1723 break;
1724
1725 case EDONKEY_SEARCH_LIMIT:
1726 /* <Search> ::= <Limit (guint32)> <Minmax> <Meta tag Name> */
1727 search_length += 5; /* 4 bytes for the limit, one for the minmax */
1728
1729 tag_name_offset = offset + search_length;
1730 tag_name_size = tvb_get_letohs(tvb, tag_name_offset);
1731 special_tagtype = tvb_get_guint8(tvb, tag_name_offset+2);
1732 search_length += 2 + tag_name_size;
1733
1734 /* Add subtree for search entry */
1735 proto_item_set_len(ti, search_length);
1736 search_tree = proto_item_add_subtree(ti, ett_edonkey_search);
1737
1738 /* Add query info */
1739 proto_tree_add_item(search_tree, hf_edonkey_search_limit, tvb, offset+1, 4, ENC_LITTLE_ENDIAN);
1740 proto_tree_add_item(search_tree, hf_edonkey_search_limit_type, tvb, offset+5, 1, ENC_LITTLE_ENDIAN);
1741 proto_tree_add_uint(search_tree, hf_edonkey_metatag_namesize, tvb, tag_name_offset, 2, tag_name_size);
1742 edonkey_tree_add_metatag_name(search_tree, tvb, tag_name_offset+2, tag_name_size, special_tagtype);
1743 offset += search_length;
1744 break;
1745
1746 default:
1747 /* Unknown search type - actual search length is also unknown */
1748 proto_item_set_len(ti, search_length);
1749 offset += search_length;
1750 break;
1751 }
1752
1753 return offset;
1754 }
1755
dissect_edonkey_tcp_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)1756 static void dissect_edonkey_tcp_message(guint8 msg_type,
1757 tvbuff_t *tvb, packet_info *pinfo,
1758 int offset, int length, proto_tree *tree)
1759 {
1760 int msg_end, bytes_remaining;
1761 guint8 helloClient;
1762
1763 bytes_remaining = tvb_reported_length_remaining(tvb, offset);
1764 if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining;
1765 if (length <= 0) return;
1766
1767 msg_end = offset + length;
1768
1769 switch (msg_type) {
1770 case EDONKEY_MSG_HELLO:
1771 /* Client to Server: <Client Info> */
1772 /* Client to Client: 0x10 <Client Info> <Server address> */
1773 /* If Hello is sent to server 0x10 before UserHash is skipped,
1774 but UserHash might starts with 0x10. To decrease posibility
1775 of mistake, we check also 6th and 15h byte of UserHash -
1776 they have constant value. The best way would be to process
1777 whole packet to check it. */
1778 helloClient = (tvb_get_guint8(tvb, offset) == 0x10 && tvb_get_guint8(tvb, offset + 6) == 0x0E && tvb_get_guint8(tvb, offset + 15) == 0x6F);
1779 if (helloClient) {
1780 proto_tree_add_uint(tree, hf_edonkey_user_hash_length, tvb, offset, 1, 16);
1781 offset += 1;
1782 }
1783 offset = dissect_edonkey_client_info(tvb, pinfo, offset, tree);
1784 if (helloClient) /* User's server ip is sent only to clients. */
1785 offset = dissect_edonkey_address(tvb, pinfo, offset, tree);
1786 break;
1787
1788 case EDONKEY_MSG_HELLO_ANSWER: /* Hello Answer: <Client Info> <Server address> */
1789 offset = dissect_edonkey_client_info(tvb, pinfo, offset, tree);
1790 offset = dissect_edonkey_address(tvb, pinfo, offset, tree);
1791 break;
1792
1793 case EDONKEY_MSG_SERVER_CB_REQ: /* Server Callback Request: <Client address> */
1794 offset = dissect_edonkey_address(tvb, pinfo, offset, tree);
1795 break;
1796
1797 case EDONKEY_MSG_SERVER_INFO_DATA: /* Server Info Data: <Server Info> */
1798 offset = dissect_edonkey_server_info(tvb, pinfo, offset, tree);
1799 break;
1800
1801 case EDONKEY_MSG_SERVER_LIST: /* Server List: <Address List> */
1802 offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree);
1803 break;
1804
1805 case EDONKEY_MSG_OFFER_FILES: /* Offer Files: <File info List> */
1806 case EDONKEY_MSG_VIEW_FILES_ANSWER: /* View Files Answer: <File info list> */
1807 offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree);
1808 break;
1809
1810 case EDONKEY_MSG_SEARCH_FILE_RESULTS: /* Search File Results: <File Info list> <More> */
1811 offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree);
1812 proto_tree_add_item(tree, hf_edonkey_more_search_file_results, tvb, offset, 1, ENC_NA);
1813 break;
1814
1815 case EDONKEY_MSG_SEARCH_FILES: /* Search File: <Search query> */
1816 case EDONKEY_MSG_SEARCH_USER: /* Search User: <Search query> */
1817 offset = dissect_edonkey_search_query(tvb, pinfo, offset, tree);
1818 break;
1819
1820 case EDONKEY_MSG_GET_SOURCES: /* Get Sources: <File Hash> <Size> <Size 64> */
1821 case EDONKEY_MSG_GET_SOURCES_OBFU: /* Get Sources: <File Hash> <Size> <Size 64> */
1822 {
1823 guint32 fileSize;
1824 proto_item* ti;
1825 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1826 fileSize = tvb_get_letohl(tvb, offset);
1827 ti = proto_tree_add_uint(tree, hf_edonkey_file_size, tvb, offset, 4, fileSize);
1828 offset += 4;
1829 /* if fileSize = 0 then 64bit file size comes next */
1830 if (fileSize == 0) {
1831 proto_item_append_text(ti, " (64bit file size used)");
1832 proto_tree_add_item(tree, hf_edonkey_large_file_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1833 }
1834 }
1835 break;
1836
1837 case EDONKEY_MSG_NO_SUCH_FILE: /* No Such File: <File Hash> */
1838 case EDONKEY_MSG_END_OF_DOWNLOAD: /* End of Download: <File Hash> */
1839 case EDONKEY_MSG_FILE_STATUS_REQUEST: /* File Status Request: <File Hash> */
1840 case EDONKEY_MSG_HASHSET_REQUEST: /* Hashset Request: <File Hash> */
1841 case EDONKEY_MSG_SLOT_REQUEST: /* Slot Request: <File Hash> */
1842 case EDONKEY_MSG_FILE_REQUEST: /* File Request: <File Hash> */
1843 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1844 break;
1845
1846 case EDONKEY_MSG_FOUND_SOURCES_OBFU: /* Found Sources: <File Hash> <SourceOBFU List> */
1847 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1848 offset = dissect_emule_sourceOBFU_list(tvb, pinfo, offset, tree);
1849 break;
1850
1851 case EDONKEY_MSG_FOUND_SOURCES: /* Found Sources: <File Hash> <Address List> */
1852 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1853 offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree);
1854 break;
1855
1856 case EDONKEY_MSG_CLIENT_CB_REQ: /* Client Callback Request: <Client ID> */
1857 case EDONKEY_MSG_CALLBACK_FAIL: /* Callback Fail: <Client ID> */
1858 case EDONKEY_MSG_ID_CHANGE: /* ID Change: <Client ID> */
1859 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
1860 break;
1861
1862 case EDONKEY_MSG_NEW_CLIENT_ID: /* New Client ID: <Client ID> <Client ID> */
1863 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
1864 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
1865 break;
1866
1867 case EDONKEY_MSG_SERVER_MESSAGE: /* Server Message: <String> */
1868 case EDONKEY_MSG_CLIENT_MESSAGE: /* Client Message: <String> */
1869 offset = dissect_edonkey_string(tvb, pinfo, offset, tree);
1870 break;
1871
1872 case EDONKEY_MSG_SERVER_STATUS: /* Server Status: <Nusers> <Nfiles> */
1873 proto_tree_add_item(tree, hf_edonkey_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1874 proto_tree_add_item(tree, hf_edonkey_number_of_files, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
1875 break;
1876
1877 case EDONKEY_MSG_FILE_STATUS: /* File Status: <File hash> <Part Count> <Part Status>? */
1878 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1879 offset = dissect_edonkey_file_status(tvb, pinfo, offset, tree);
1880 break;
1881
1882 case EDONKEY_MSG_FILE_REQUEST_ANSWER: /* File Request Answer: <File hash> <File name> */
1883 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1884 offset = dissect_edonkey_file_name(tvb, pinfo, offset, tree);
1885 break;
1886
1887 case EDONKEY_MSG_REQUEST_PARTS: /* Request Parts: <File hash> <Start offset>(3) <End offset>(3) */
1888 {
1889 int pairs, count;
1890 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1891 pairs = (msg_end - offset) / 8;
1892
1893 for (count=0; count < pairs; count++)
1894 {
1895 offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree);
1896 }
1897 for (count=0; count < pairs; count++)
1898 {
1899 offset = dissect_edonkey_end_offset(tvb, pinfo, offset, tree);
1900 }
1901 }
1902 break;
1903
1904 case EDONKEY_MSG_SENDING_PART: /* Sending Part: <File hash> <Start offset> <End offset> DATA */
1905 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1906 offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree);
1907 offset = dissect_edonkey_end_offset(tvb, pinfo, offset, tree);
1908 if (msg_end > offset) {
1909 bytes_remaining = msg_end - offset;
1910 proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, bytes_remaining, ENC_NA);
1911 }
1912 break;
1913
1914
1915 case EDONKEY_MSG_SEARCH_USER_RESULTS: /* Search User Results: <Client info list> */
1916 offset = dissect_edonkey_client_info_list(tvb, pinfo, offset, tree);
1917 break;
1918
1919 case EDONKEY_MSG_GET_SHARED_FILES: /* Get Shared Files: <Directory> */
1920 offset = dissect_edonkey_directory(tvb, pinfo, offset, tree);
1921 break;
1922
1923 case EDONKEY_MSG_SHARED_DIRS: /* Shared Dirs: <Directory List> */
1924 offset = dissect_edonkey_directory_list(tvb, pinfo, offset, tree);
1925 break;
1926
1927 case EDONKEY_MSG_SHARED_FILES: /* Shared Files: <Directory> <File info list> */
1928 offset = dissect_edonkey_directory(tvb, pinfo, offset, tree);
1929 offset = dissect_edonkey_file_info_list(tvb, pinfo, offset, tree);
1930 break;
1931
1932 case EDONKEY_MSG_HASHSET_ANSWER: /* Hashset Answer: <Hash List> */
1933 offset = dissect_edonkey_hash_list(tvb, pinfo, offset, tree);
1934 break;
1935
1936 default:
1937 proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, length, ENC_NA);
1938 break;
1939 }
1940
1941 if (offset < msg_end) {
1942 int extra_bytes = msg_end - offset;
1943 /* trailing garbage or broken packet */
1944 proto_tree_add_uint_format(tree, hf_edonkey_unparsed_data_length, tvb, offset, extra_bytes, extra_bytes,
1945 "Trailing/Undecoded data: %d bytes", extra_bytes );
1946 }
1947 return;
1948 }
1949
dissect_emule_tcp_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)1950 static void dissect_emule_tcp_message(guint8 msg_type,
1951 tvbuff_t *tvb, packet_info *pinfo,
1952 int offset, int length, proto_tree *tree)
1953 {
1954 int msg_end, bytes_remaining;
1955 guint16 partnum;
1956
1957 bytes_remaining = tvb_reported_length_remaining(tvb, offset);
1958 if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining;
1959 if (length <= 0) return;
1960
1961 msg_end = offset + length;
1962
1963 switch (msg_type) {
1964 case EMULE_MSG_HELLO: /* eMule Info: <eMule Version> <Meta tag list> */
1965 case EMULE_MSG_HELLO_ANSWER: /* eMule Info Answer: <eMule Version> <Meta tag list> */
1966 proto_tree_add_item(tree, hf_edonkey_emule_version, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1967 dissect_edonkey_metatag_list(tvb, pinfo, offset+2, tree);
1968 break;
1969
1970 case EMULE_MSG_QUEUE_RANKING: /* eMule Queue Ranking: <eMule Rank (guint16)> */
1971 proto_tree_add_item(tree, hf_edonkey_emule_queue_ranking, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1972 break;
1973
1974 case EMULE_MSG_SOURCES_REQUEST: /* Sources Request: <File Hash> */
1975 dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1976 break;
1977
1978 case EMULE_MSG_SOURCES_ANSWER: /* Sources Answer: <File Hash> <Address List> */
1979 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
1980 dissect_emule_address_list(tvb, pinfo, offset, tree);
1981 break;
1982
1983 case EMULE_MSG_SEC_IDENT_STATE:
1984 proto_tree_add_item(tree, hf_edonkey_emule_ident_state, tvb, offset, 1, ENC_NA);
1985 offset++;
1986 proto_tree_add_item(tree, hf_edonkey_emule_rndchallenge, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1987 break;
1988
1989 case EMULE_MSG_PUBLIC_KEY: /* Public Key: <1byte : len> <len bytes: pubkey> */
1990 /* offset =*/ dissect_edonkey_public_key(tvb, pinfo, offset, tree);
1991 /* offset = dissect_emule_publickey(tvb, pinfo, offset, tree); */
1992 break;
1993
1994 case EMULE_MSG_SIGNATURE:
1995 offset = dissect_edonkey_signature(tvb, pinfo, offset, tree);
1996 if (msg_end != offset) {
1997 proto_tree_add_item(tree, hf_edonkey_emule_sig_ip_used, tvb, offset, 1, ENC_NA);
1998 }
1999 break;
2000
2001
2002 /* case EMULE_MSG_SIGNATURE: Public Key: <1byte : len> <len bytes: pubkey> */
2003 /* offset = dissect_emule_publickey(tvb, pinfo, offset, tree); */
2004 /* break; */
2005
2006 /* case EMULE_MSG_SECIDENTSTATE: Public Key: <1byte : len> <len bytes: pubkey> */
2007 /* offset = dissect_emule_secstate(tvb, pinfo, offset, tree); */
2008 /* offset = dissect_emule_challenge(tvb, pinfo, offset, tree); */
2009 /* break; */
2010
2011 case EMULE_MSG_DATA_COMPRESSED: /* Data Compressed: <File Hash> <Start Offset> <Length (guint32)> <DATA> */
2012 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2013 offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree);
2014 proto_tree_add_item(tree, hf_edonkey_packed_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2015 offset += 4;
2016 if (msg_end > offset) {
2017 bytes_remaining = msg_end - offset;
2018 proto_tree_add_item(tree, hf_edonkey_compressed_message_data, tvb, offset, bytes_remaining, ENC_NA);
2019 }
2020 break;
2021
2022 case EMULE_MSG_DATA_COMPRESSED_64: /* Data Compressed: <File Hash> <Start Offset (guint64)> <Length (guint32)> <DATA> */
2023 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2024 offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree);
2025 proto_tree_add_item(tree, hf_edonkey_packed_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2026 offset += 4;
2027 if (msg_end > offset) {
2028 bytes_remaining = msg_end - offset;
2029 proto_tree_add_item(tree, hf_edonkey_compressed_message_data, tvb, offset, bytes_remaining, ENC_NA);
2030 }
2031 break;
2032
2033 case EMULE_MSG_REQUEST_PARTS_64: /* Request Parts: <File hash> <Start offset>(3) <End offset>(3) */
2034 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2035 offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree);
2036 offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree);
2037 offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree);
2038 offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree);
2039 offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree);
2040 dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree);
2041 break;
2042
2043 case EMULE_MSG_SENDING_PART_64: /* Sending Part: <File hash> <Start offset> <End offset> DATA */
2044 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2045 offset = dissect_edonkey_start_offset_64(tvb, pinfo, offset, tree);
2046 offset = dissect_edonkey_end_offset_64(tvb, pinfo, offset, tree);
2047 if (msg_end > offset) {
2048 bytes_remaining = msg_end - offset;
2049 proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, bytes_remaining, ENC_NA);
2050 }
2051 break;
2052
2053 case EMULE_MSG_CALLBACK: /* Callback: < hash ><hash> <uint16> */
2054 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2055 /*offset = */dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2056 /* offset = dissect_edonkey_generic_uint16(tvb, pinfo, offset, tree, "uint16" ); */
2057 break;
2058
2059 case EMULE_MSG_AICH_REQUEST: /* AICH Request: <File Hash> <PartNum> <AICH Hash> */
2060 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2061 partnum = tvb_get_letohs(tvb, offset);
2062 proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum);
2063 offset += 2;
2064 dissect_emule_aich_root_hash(tvb, pinfo, offset, tree);
2065 break;
2066
2067 case EMULE_MSG_AICH_ANSWER: /* AICH Answer: <File Hash> <PartNum> <AICH Hash> <AICH Hash List> */
2068 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2069 partnum = tvb_get_letohs(tvb, offset);
2070 proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum);
2071 offset += 2;
2072 offset = dissect_emule_aich_root_hash(tvb, pinfo, offset, tree);
2073 dissect_emule_aich_hash_list(tvb, pinfo, offset, tree);
2074 break;
2075
2076 case EMULE_MSG_MULTIPACKET: /* MultiPacket: <Hash> <Opcodes> */
2077 case EMULE_MSG_MULTIPACKET_ANSWER:
2078 case EMULE_MSG_MULTIPACKET_EXT: /* MultiPacketExt: <Hash> <FileLength> <Opcodes> */
2079 dissect_emule_multipacket(tvb, pinfo, offset, offset+length, tree, msg_type==EMULE_MSG_MULTIPACKET_EXT);
2080 break;
2081
2082 default:
2083 dissect_edonkey_tcp_message(msg_type, tvb, pinfo, offset, length, tree);
2084 break;
2085 }
2086 return;
2087 }
2088
dissect_edonkey_udp_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)2089 static int dissect_edonkey_udp_message(guint8 msg_type,
2090 tvbuff_t *tvb, packet_info *pinfo,
2091 int offset, int length, proto_tree *tree)
2092 {
2093 int msg_end, bytes_remaining;
2094 guint16 ischal;
2095
2096 bytes_remaining = tvb_reported_length_remaining(tvb, offset);
2097 if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining;
2098 if (length <= 0) return offset;
2099
2100 msg_end = offset + length;
2101
2102 switch (msg_type) {
2103 /* EDonkey UDP Messages */
2104 case EDONKEY_MSG_UDP_CALLBACK_REQUEST: /* Callback Request: <Address> <Client ID> */
2105 offset = dissect_edonkey_address(tvb, pinfo, offset, tree);
2106 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
2107 break;
2108
2109 case EDONKEY_MSG_UDP_CALLBACK_FAIL: /* Callback Fail: <Client ID> */
2110 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
2111 break;
2112
2113 case EDONKEY_MSG_UDP_GET_SERVER_INFO: /* Get Server Info: <Challenge> */
2114 if (length>=2) {
2115 ischal = tvb_get_letohs(tvb, offset);
2116 if (ischal==0xf0ff) {
2117 proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2118 offset += 4;
2119 }
2120 }
2121 break;
2122
2123 case EDONKEY_MSG_UDP_SERVER_INFO: /* Server Info: <String> <String>*/
2124 ischal = tvb_get_letohs(tvb, offset);
2125 if (ischal==0xf0ff) {
2126 proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2127 offset = dissect_edonkey_metatag_list(tvb, pinfo, offset+4, tree);
2128 } else {
2129 offset = dissect_edonkey_string(tvb, pinfo, offset, tree);
2130 offset = dissect_edonkey_string(tvb, pinfo, offset, tree);
2131 }
2132 break;
2133
2134 case EDONKEY_MSG_UDP_SERVER_LIST: /* Server List: <Address List> */
2135 offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree);
2136 break;
2137
2138 case EDONKEY_MSG_UDP_SEARCH_FILE_RESULTS: /* Search File Result: <File Info> */
2139 offset = dissect_edonkey_file_info(tvb, pinfo, offset, tree);
2140 break;
2141
2142 case EDONKEY_MSG_UDP_SEARCH_FILE: /* Search File: <Search query> */
2143 offset = dissect_edonkey_search_query(tvb, pinfo, offset, tree);
2144 break;
2145
2146 case EDONKEY_MSG_UDP_GET_SOURCES: /* Get Sources: <File Hash> */
2147 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2148 break;
2149
2150 case EDONKEY_MSG_UDP_FOUND_SOURCES: /* Found Sources: <File Hash> <Address List> */
2151 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2152 offset = dissect_edonkey_address_list(tvb, pinfo, offset, tree);
2153 break;
2154
2155 case EDONKEY_MSG_UDP_SERVER_STATUS_REQUEST: /* Server Status Request: <guint32> */
2156 proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2157 offset += 4;
2158 break;
2159
2160 case EDONKEY_MSG_UDP_SERVER_STATUS: /* Server Status: <guint32> <Nusers> <Nfiles> <Nusersmax> */
2161 proto_tree_add_item(tree, hf_edonkey_challenge, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2162 offset += 4;
2163 proto_tree_add_item(tree, hf_edonkey_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2164 proto_tree_add_item(tree, hf_edonkey_number_of_files, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
2165 offset += 8;
2166 if (offset < msg_end) {
2167 proto_tree_add_item(tree, hf_edonkey_max_number_of_users, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2168 offset += 4;
2169 }
2170 break;
2171
2172 /* Overnet UDP Messages */
2173 case OVERNET_MSG_UDP_CONNECT: /* Connect: <Peer (sender) > */
2174 case OVERNET_MSG_UDP_PUBLICIZE: /* Publicize: <Peer (sender) > */
2175 offset = dissect_overnet_peer(tvb, pinfo, offset, tree);
2176 break;
2177
2178 case OVERNET_MSG_UDP_CONNECT_REPLY: /* Connect Reply: <guint16 Peer List> */
2179 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Overnet Peer", dissect_overnet_peer);
2180 break;
2181
2182 case OVERNET_MSG_UDP_SEARCH: /* Search: <search type (guint8)> <Hash> */
2183 proto_tree_add_item(tree, hf_edonkey_search_type, tvb, offset, 1, ENC_NA);
2184 offset = dissect_edonkey_hash(tvb, pinfo, offset+1, tree);
2185 break;
2186
2187 case OVERNET_MSG_UDP_SEARCH_INFO:
2188 /* Search Info: <Hash> <search type (guint8)> <min (guint16)> <max (guint16)>*/
2189 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2190 proto_tree_add_item(tree, hf_edonkey_search_type, tvb, offset, 1, ENC_NA);
2191 proto_tree_add_item(tree, hf_edonkey_search_range_min, tvb, offset+1, 2, ENC_LITTLE_ENDIAN);
2192 proto_tree_add_item(tree, hf_edonkey_search_range_max, tvb, offset+3, 2, ENC_LITTLE_ENDIAN);
2193 break;
2194
2195 case OVERNET_MSG_UDP_SEARCH_NEXT: /* Search Next: <Hash> <guint8 Peer List> */
2196 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2197 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Overnet Peer", dissect_overnet_peer);
2198 break;
2199
2200 case OVERNET_MSG_UDP_SEARCH_RESULT: /* Search Result: <Hash> <Hash> <Meta tag List> */
2201 case OVERNET_MSG_UDP_PUBLISH: /* Publish: <Hash> <Hash> <Meta tag List> */
2202 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2203 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2204 offset = dissect_edonkey_metatag_list(tvb, pinfo, offset, tree);
2205 break;
2206
2207 case OVERNET_MSG_UDP_SEARCH_END: /* Search End: <Hash> */
2208 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2209 break;
2210
2211 case OVERNET_MSG_UDP_PUBLISH_ACK: /* Publish ACK: <File Hash> */
2212 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2213 break;
2214
2215 case OVERNET_MSG_UDP_IP_QUERY: /* IP Query: <TCP Port> */
2216 proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2217 break;
2218
2219 case OVERNET_MSG_UDP_IP_QUERY_ANSWER: /* IP Query Answer: <IP> */
2220 offset = dissect_edonkey_client_id(tvb, pinfo, offset, tree, FALSE);
2221 break;
2222
2223 case OVERNET_MSG_UDP_IDENTIFY_REPLY: /* Identify Reply: <Contact (sender)> */
2224 /* <Contact> ::= <Hash> <Address> */
2225 offset = dissect_edonkey_hash(tvb, pinfo, offset, tree);
2226 offset = dissect_edonkey_address(tvb, pinfo, offset, tree);
2227 break;
2228
2229 case OVERNET_MSG_UDP_IDENTIFY_ACK: /* Identify Reply: <TCP Port (sender)> */
2230 proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2231 break;
2232
2233 case OVERNET_MSG_UDP_FIREWALL_CONNECTION: /* Firewall Connnection Ack: <Hash> <TCP Port> */
2234 offset = dissect_edonkey_client_hash(tvb, pinfo, offset, tree);
2235 proto_tree_add_item(tree, hf_edonkey_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2236 break;
2237
2238 case OVERNET_MSG_UDP_FIREWALL_CONNECTION_ACK: /* Firewall Connnection Ack: <Hash> */
2239 case OVERNET_MSG_UDP_FIREWALL_CONNECTION_NACK: /* Firewall Connnection NAck: <Hash> */
2240 offset = dissect_edonkey_client_hash(tvb, pinfo, offset, tree);
2241 break;
2242
2243 default:
2244 proto_tree_add_item(tree, hf_edonkey_message_data, tvb, offset, length, ENC_NA);
2245 offset+=length;
2246 break;
2247 }
2248
2249 return offset;
2250 }
2251
dissect_emule_udp_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)2252 static int dissect_emule_udp_message(guint8 msg_type,
2253 tvbuff_t *tvb, packet_info *pinfo,
2254 int offset, int length, proto_tree *tree)
2255 {
2256 int msg_end, bytes_remaining;
2257
2258 bytes_remaining = tvb_reported_length_remaining(tvb, offset);
2259 if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining;
2260 if (length <= 0) return offset;
2261
2262 msg_end = offset + length;
2263
2264 switch (msg_type) {
2265 case EMULE_MSG_UDP_REASKFILEPING: /* Reask File Ping: <File Hash> */
2266 offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
2267 if ( offset + 2 < msg_end ) {
2268 /* Udp version > 3 */
2269 offset = dissect_edonkey_file_status( tvb, pinfo, offset, tree );
2270 }
2271
2272 if ( msg_end == offset + 2 ) {
2273 /* Udp version > 2 */
2274 proto_tree_add_item( tree, hf_emule_source_count, tvb, offset, 2, ENC_LITTLE_ENDIAN );
2275 offset += 2;
2276 }
2277 break;
2278
2279 case EMULE_MSG_UDP_REASKACK: /* Reask ACK: <eMule Rank> */
2280 if ( offset + 2 < msg_end ) {
2281 /* Udp version > 3 */
2282 offset = dissect_edonkey_file_status( tvb, pinfo, offset, tree );
2283 }
2284
2285 proto_tree_add_item(tree, hf_edonkey_emule_queue_ranking, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2286 offset += 2;
2287 break;
2288
2289 default:
2290 offset = dissect_edonkey_udp_message(msg_type, tvb, pinfo, offset, length,tree);
2291 break;
2292 }
2293 return offset;
2294 }
2295
dissect_kademlia_peer_list_2byte(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2296 static int dissect_kademlia_peer_list_2byte(tvbuff_t *tvb, packet_info *pinfo,
2297 int offset, proto_tree *tree)
2298 {
2299 return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Peer", dissect_kademlia_peer );
2300 }
2301
2302
dissect_kademlia_peer_list_1byte(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2303 static int dissect_kademlia_peer_list_1byte(tvbuff_t *tvb, packet_info *pinfo,
2304 int offset, proto_tree *tree)
2305 {
2306 return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Peer", dissect_kademlia_peer );
2307 }
2308
dissect_kademlia2_peer_list_2byte(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2309 static int dissect_kademlia2_peer_list_2byte(tvbuff_t *tvb, packet_info *pinfo,
2310 int offset, proto_tree *tree)
2311 {
2312 return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Peer", dissect_kademlia2_peer );
2313 }
2314
dissect_kademlia2_peer_list_1byte(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2315 static int dissect_kademlia2_peer_list_1byte(tvbuff_t *tvb, packet_info *pinfo,
2316 int offset, proto_tree *tree)
2317 {
2318 return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Peer", dissect_kademlia2_peer );
2319 }
2320
dissect_kademlia_tag(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2321 static int dissect_kademlia_tag(tvbuff_t *tvb, packet_info *pinfo,
2322 int offset, proto_tree *tree)
2323 {
2324 guint8 type;
2325 guint8 tag_type;
2326 const gchar *str_type;
2327 proto_item *ti;
2328 proto_item* tag_node;
2329 proto_tree *subtree;
2330 int item_start_offset;
2331 proto_item * ti_tagtype;
2332
2333 item_start_offset = offset;
2334 /* tag_node length is adjusted at the end of this function */
2335 subtree = proto_tree_add_subtree( tree, tvb, offset, 1, ett_kademlia_tag, &tag_node, "Tag " );
2336
2337 type = tvb_get_guint8( tvb, offset );
2338 str_type = val_to_str_const(type, kademlia_tag_types, "Unknown" );
2339
2340 ti_tagtype = proto_tree_add_item( subtree, hf_kademlia_tag_type, tvb, offset, 1, ENC_LITTLE_ENDIAN );
2341 offset += 1;
2342
2343 {
2344 const gchar *tagname_string;
2345 const gchar *tagname_extended_string;
2346
2347 /* Read tagname */
2348 tag_type = tvb_get_guint8( tvb, offset+2 );
2349 offset = dissect_kademlia_tagname( tvb, pinfo, offset, subtree, &tagname_string, &tagname_extended_string );
2350 if ( strlen( tagname_string ) == 1 ) {
2351 const guint8 tagname_guint = *(const guint8*)tagname_string;
2352
2353 proto_item_append_text( tag_node, " 0x%02X [%s] = ", tagname_guint, tagname_extended_string );
2354 }
2355 else
2356 proto_item_append_text( tag_node, " \"%s\" [%s] = ", tagname_string, tagname_extended_string );
2357 }
2358
2359 /* Switch on type */
2360 switch( type )
2361 {
2362 case KADEMLIA_TAGTYPE_HASH:
2363 proto_item_append_text( tag_node, "%s", tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, 16 ));
2364 offset = dissect_kademlia_tag_hash( tvb, pinfo, offset, subtree );
2365 break;
2366 case KADEMLIA_TAGTYPE_STRING:
2367 {
2368 const guint8* value;
2369 offset = dissect_kademlia_tag_string( tvb, pinfo, offset, subtree, &value );
2370
2371 proto_item_append_text( tag_node, "\"%s\"", value );
2372 }
2373 break;
2374 case KADEMLIA_TAGTYPE_UINT8:
2375 {
2376 guint8 value;
2377 ti = proto_tree_add_item( subtree, hf_kademlia_tag_uint8, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2378
2379 value = tvb_get_guint8( tvb, offset );
2380 proto_item_append_text( tag_node, "%u (0x%02X)", value, value );
2381 switch (tag_type) {
2382 case KADEMLIA_TAG_SOURCETYPE:
2383 {
2384 proto_item_append_text(ti," (%s)", val_to_str_const(value, kademlia_tag_sourcetype, "Unknown"));
2385 }
2386 break;
2387 case KADEMLIA_TAG_ENCRYPTION:
2388 proto_item_append_text(ti, " (%s)", val_to_str_const(value, kademlia_tag_encryption, "Unknown"));
2389 break;
2390 }
2391 offset += 1;
2392 }
2393 break;
2394 case KADEMLIA_TAGTYPE_UINT16:
2395 {
2396 guint16 value;
2397 proto_tree_add_item( subtree, hf_kademlia_tag_uint16, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2398
2399 value = tvb_get_letohs( tvb, offset );
2400 proto_item_append_text( tag_node, "%u (0x%04X)", value, value );
2401
2402 offset += 2;
2403 }
2404 break;
2405 case KADEMLIA_TAGTYPE_UINT64:
2406 {
2407 guint64 value;
2408 proto_tree_add_item( subtree, hf_kademlia_tag_uint64, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2409
2410 value = tvb_get_letoh64( tvb, offset );
2411 proto_item_append_text( tag_node, "%" G_GINT64_MODIFIER "u (0x%08" G_GINT64_MODIFIER "X)", value, value );
2412
2413 offset += 8;
2414 }
2415 break;
2416 case KADEMLIA_TAGTYPE_UINT32:
2417 {
2418 guint32 value;
2419 /* show ip as dotted decimal */
2420 switch( tag_type) {
2421 case KADEMLIA_TAG_SERVERIP:
2422 case KADEMLIA_TAG_SOURCEIP:
2423 {
2424 int ipa = 0, ipb = 0, ipc = 0, ipd = 0;
2425 proto_tree_add_item( subtree, hf_kademlia_tag_ipv4, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2426 value = tvb_get_letohl( tvb, offset );
2427 ipa = (value / (256*256*256)) % 256;
2428 ipb = (value / (256*256)) % 256;
2429 ipc = (value / 256) % 256;
2430 ipd = value % 256;
2431 proto_item_append_text( tag_node, "%u.%u.%u.%u (0x%02X) ", ipa, ipb, ipc, ipd, value );
2432 }
2433 break;
2434 default:
2435 proto_tree_add_item( subtree, hf_kademlia_tag_uint32, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2436 value = tvb_get_letohl( tvb, offset );
2437 proto_item_append_text( tag_node, "%u (0x%02X) ", value, value );
2438 }
2439
2440 offset += 4;
2441 }
2442 break;
2443 case KADEMLIA_TAGTYPE_FLOAT32:
2444 {
2445 float value;
2446 proto_tree_add_item( subtree, hf_kademlia_tag_float, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2447
2448 value = tvb_get_letohieee_float( tvb, offset );
2449 proto_item_append_text( tag_node, "%f", value );
2450
2451 offset += 4;
2452 }
2453 break;
2454 case KADEMLIA_TAGTYPE_BSOB:
2455 {
2456 const gchar* value;
2457 offset = dissect_kademlia_tag_bsob( tvb, pinfo, offset, subtree, &value );
2458 proto_item_append_text( tag_node, "%s", value );
2459 }
2460 break;
2461 default:
2462 expert_add_info_format(pinfo, ti_tagtype, &ei_kademlia_tag_type, "Tag value not decoded for type: 0x%02X", type );
2463 }
2464
2465 proto_item_append_text( tag_node, " (Type: %s)", str_type );
2466
2467 proto_item_set_len( tag_node, offset - item_start_offset );
2468
2469 return offset;
2470 }
2471
dissect_kademlia_taglist(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2472 static int dissect_kademlia_taglist(tvbuff_t *tvb, packet_info *pinfo,
2473 int offset, proto_tree *tree)
2474 {
2475 return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Tag", dissect_kademlia_tag );
2476 }
2477
2478
dissect_kademlia_publish_req_entry_file(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2479 static int dissect_kademlia_publish_req_entry_file(tvbuff_t *tvb, packet_info *pinfo,
2480 int offset, proto_tree *tree)
2481 {
2482 /* Get the hash */
2483 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id);
2484 /* Read all the kad tags */
2485 return dissect_kademlia_taglist( tvb, pinfo, offset, tree );
2486 }
2487
dissect_kademlia_publish_req_entry_peer(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2488 static int dissect_kademlia_publish_req_entry_peer(tvbuff_t *tvb, packet_info *pinfo,
2489 int offset, proto_tree *tree)
2490 {
2491 /* Get the hash */
2492 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id);
2493 /* Read all the kad tags */
2494 return dissect_kademlia_taglist( tvb, pinfo, offset, tree );
2495 }
2496
2497
dissect_kademlia_search_result(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2498 static int dissect_kademlia_search_result(tvbuff_t *tvb, packet_info *pinfo,
2499 int offset, proto_tree *tree)
2500 {
2501 /* Get the hash */
2502 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash);
2503 /* Read all the kad tags */
2504 return dissect_kademlia_taglist( tvb, pinfo, offset, tree );
2505 }
2506
dissect_kademlia_search_expression_tree(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2507 static int dissect_kademlia_search_expression_tree(tvbuff_t *tvb, packet_info *pinfo,
2508 int offset, proto_tree *tree)
2509 {
2510 int op, item_start_offset;
2511 proto_item* ti;
2512
2513 item_start_offset = offset;
2514 op = tvb_get_guint8(tvb, offset);
2515 ti = proto_tree_add_uint(tree, hf_kademlia_search_expression_type, tvb, offset, 1, op);
2516 tree = proto_item_add_subtree( ti, ett_kademlia_search_expression );
2517 ++offset;
2518 switch( op ) {
2519 case 0: /* Bool op */
2520 proto_tree_add_item(tree, hf_kademlia_search_bool_op, tvb, offset, 1, ENC_NA );
2521 ++offset;
2522
2523 /* Left */
2524 offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree );
2525 /* Right */
2526 offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree );
2527 break;
2528
2529 case 1: /* String */
2530 offset = dissect_kademlia_string( tvb, pinfo, offset, tree );
2531 break;
2532 case 2: /* Meta Tag */
2533 /* tag value */
2534 offset = dissect_edonkey_string( tvb, pinfo, offset, tree );
2535 /* tag name */
2536 offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL );
2537 break;
2538 case 3: /* Min/Max - 32bit! */
2539 offset = dissect_kademlia_search_condition_argument_uint32( tvb, pinfo, offset, tree );
2540 offset = dissect_kademlia_search_condition( tvb, pinfo, offset, tree );
2541 /* tag name */
2542 offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL );
2543 break;
2544 case 8: /* Min/Max - 64bit! */
2545 offset = dissect_kademlia_search_condition_argument_uint64( tvb, pinfo, offset, tree );
2546 offset = dissect_kademlia_search_condition( tvb, pinfo, offset, tree );
2547 /* tag name */
2548 offset = dissect_kademlia_tagname( tvb, pinfo, offset, tree, NULL, NULL );
2549 break;
2550 default:
2551 expert_add_info_format(pinfo, ti, &ei_kademlia_search_expression_type, "NOT DECODED op %x", op );
2552 }
2553 proto_item_set_len( ti, offset - item_start_offset );
2554 return offset;
2555 }
2556
dissect_kademlia2_prolog(tvbuff_t * tvb,packet_info * pinfo,int offset,proto_tree * tree)2557 static int dissect_kademlia2_prolog( tvbuff_t *tvb, packet_info *pinfo,
2558 int offset, proto_tree *tree)
2559 {
2560 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id);
2561 offset = dissect_kademlia_tcp_port(tvb, pinfo, offset, tree);
2562
2563 proto_tree_add_item(tree, hf_kademlia_version, tvb, offset, 1, ENC_BIG_ENDIAN);
2564 offset++;
2565
2566 return offset;
2567 }
2568
dissect_kademlia_uload(tvbuff_t * tvb,packet_info * pinfo _U_,int offset,proto_tree * tree)2569 static int dissect_kademlia_uload( tvbuff_t *tvb, packet_info *pinfo _U_,
2570 int offset, proto_tree *tree)
2571 {
2572 proto_tree_add_item(tree, hf_edonkey_kademlia_uload, tvb, offset, 1, ENC_NA);
2573 return offset +1;
2574
2575 }
dissect_kademlia_udp_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)2576 static int dissect_kademlia_udp_message(guint8 msg_type,
2577 tvbuff_t *tvb, packet_info *pinfo,
2578 int offset, int length, proto_tree *tree)
2579 {
2580 int msg_end, bytes_remaining;
2581 proto_item *hidden_item;
2582
2583 bytes_remaining = tvb_reported_length_remaining(tvb, offset);
2584 if ((length < 0) || (length > bytes_remaining)) length = bytes_remaining;
2585 if (length <= 0) return offset;
2586
2587 hidden_item = proto_tree_add_item(tree, hf_kademlia, tvb, offset, 1, ENC_BIG_ENDIAN);
2588 proto_item_set_hidden(hidden_item);
2589
2590 msg_end = offset + length;
2591
2592 switch (msg_type) {
2593 case KADEMLIA_BOOTSTRAP_REQ:/* <PEER [25]> */
2594 case KADEMLIA_HELLO_REQ:
2595 case KADEMLIA_HELLO_RES:
2596 offset = dissect_kademlia_peer(tvb, pinfo, offset, tree);
2597 break;
2598 case KADEMLIA2_BOOTSTRAP_REQ:
2599 offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree );
2600 break;
2601
2602 case KADEMLIA2_HELLO_REQ:
2603 case KADEMLIA2_HELLO_RES:
2604 offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree );
2605 offset = dissect_kademlia_taglist( tvb, pinfo, offset, tree );
2606 break;
2607 case KADEMLIA_BOOTSTRAP_RES: /* <CNT [2]> <PEER [25]>*(CNT) */
2608 offset = dissect_kademlia_peer_list_2byte( tvb, pinfo, offset, tree );
2609 break;
2610 case KADEMLIA2_BOOTSTRAP_RES:
2611 offset = dissect_kademlia2_prolog( tvb, pinfo, offset, tree );
2612 offset = dissect_kademlia2_peer_list_2byte( tvb, pinfo, offset, tree );
2613 break;
2614
2615 case KADEMLIA2_SEARCH_SOURCE_REQ:
2616 {
2617 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2618 /* start pos */
2619 proto_tree_add_item(tree, hf_edonkey_kademlia_start_position, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2620 offset +=2;
2621 /* filesize */
2622 proto_tree_add_item(tree, hf_edonkey_kademlia_filesize, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2623 offset +=8;
2624 }
2625 break;
2626
2627 case KADEMLIA_SEARCH_NOTES_REQ: /* <HASH (key) [16]> */
2628 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash);
2629 break;
2630
2631 case KADEMLIA2_SEARCH_KEY_REQ:
2632 {
2633 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2634 /* start pos */
2635 proto_tree_add_item(tree, hf_edonkey_kademlia_start_position, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2636 offset += 2;
2637 }
2638 break;
2639 case KADEMLIA2_SEARCH_NOTES_REQ:
2640
2641 case KADEMLIA_PUBLISH_RES:
2642 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2643 if (offset<msg_end) {
2644 offset = dissect_kademlia_uload( tvb, pinfo, offset, tree );
2645 }
2646 break;
2647 case KADEMLIA2_PUBLISH_RES:
2648 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2649 offset = dissect_kademlia_uload( tvb, pinfo, offset, tree );
2650 break;
2651
2652 case KADEMLIA_REQ: /* <TYPE [1]> <HASH (target) [16]> <HASH (receiver) 16> */
2653 case KADEMLIA2_REQ:
2654 {
2655 int type;
2656 guint8 target_id[16];
2657 guint8 recipients_id[16];
2658 proto_item *ti;
2659 int i, j, k, l;
2660 char binarray[129];
2661
2662 type = tvb_get_guint8(tvb, offset);
2663 ti = proto_tree_add_uint_format_value(tree, hf_kademlia_request_type, tvb, offset, 1, type, "0x%02x", type );
2664 proto_item_append_text(ti, "%s", val_to_str_const(type, kademlia_parameter, " Unknown"));
2665 offset +=1;
2666
2667 /* get target id */
2668 for (i=0; i<4; i++) {
2669 for (j=3; j>=0; j--) {
2670 l = (j+4*i);
2671 target_id[l] = tvb_get_guint8(tvb, offset + abs(8*i-(l-3)));
2672 }
2673 }
2674
2675 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2676
2677 /* get recipient's id */
2678 for (i=0; i<4; i++) {
2679 for (j=3; j>=0; j--) {
2680 l = (j+4*i);
2681 recipients_id[l] = tvb_get_guint8(tvb, offset + abs(8*i-(l-3)));
2682 }
2683 }
2684
2685 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_recipients_id);
2686
2687 /* target_id XOR recipients_id */
2688 for (i=0; i<16; i++) {
2689 k = 128;
2690 l = target_id[i]^recipients_id[i];
2691 for(j=8*i; j<8*i+8; j++) {
2692 if (l >= k) {
2693 binarray[j] = '1';
2694 l = l-k;
2695 }
2696 else
2697 binarray[j] = '0';
2698 k = k/2;
2699 }
2700 }
2701 binarray[128] = '\0';
2702 proto_tree_add_string(tree, hf_kademlia_distance, tvb, offset, 0, binarray);
2703 }
2704 break;
2705
2706 case KADEMLIA_RES: /* <HASH (target) [16]> <CNT> <PEER [25]>*(CNT) */
2707 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2708 offset = dissect_kademlia_peer_list_1byte( tvb, pinfo, offset, tree );
2709 break;
2710 case KADEMLIA2_RES:
2711 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2712 offset = dissect_kademlia2_peer_list_1byte( tvb, pinfo, offset, tree );
2713 break;
2714
2715 case KADEMLIA_FIREWALLED_RES: /* <IP (sender) [4]> */
2716 offset = dissect_kademlia_ip_address( tvb, pinfo, offset, tree );
2717 break;
2718
2719 case KADEMLIA_FIREWALLED_REQ: /* <TCPPORT (sender) [2]> */
2720 offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree );
2721 break;
2722 case KADEMLIA_CALLBACK_REQ:
2723 case KADEMLIA_FINDBUDDY_REQ:
2724 case KADEMLIA_FINDBUDDY_RES:
2725 /* buddy id */
2726 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash);
2727 /* userid */
2728 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_hash);
2729 offset = dissect_kademlia_tcp_port( tvb, pinfo, offset, tree );
2730 break;
2731 case KADEMLIA2_PUBLISH_SOURCE_REQ:
2732 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id);
2733 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_peer_id);
2734 offset = dissect_kademlia_taglist( tvb, pinfo, offset, tree );
2735 break;
2736 case KADEMLIA_SEARCH_REQ:
2737 {
2738 int restrictive;
2739 /* Target (16bytes) */
2740 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2741 /* Restrictive (1 byte) 0/1 */
2742 restrictive = tvb_get_guint8(tvb, offset);
2743 proto_tree_add_item(tree, hf_edonkey_kademlia_restrictive, tvb, offset, 1, ENC_NA);
2744 offset +=1;
2745
2746 if ( offset < msg_end && restrictive )
2747 offset = dissect_kademlia_search_expression_tree( tvb, pinfo, offset, tree );
2748 }
2749 break;
2750 case KADEMLIA_SEARCH_RES:
2751 /* Target */
2752 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2753 /* Results list */
2754 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Result", dissect_kademlia_search_result );
2755 break;
2756 case KADEMLIA2_SEARCH_RES:
2757 /* Sender */
2758 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_sender_id);
2759 /* Target */
2760 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_target_id);
2761 /* Results list */
2762 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Result", dissect_kademlia_search_result );
2763 break;
2764 case KADEMLIA2_PUBLISH_KEY_REQ:
2765 {
2766 /* Keyword Hash */
2767 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_keyword_hash);
2768 /* Results list */
2769 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_file );
2770 break;
2771 }
2772 case KADEMLIA_PUBLISH_REQ: /* 0x40 // <HASH (key) [16]> <CNT1 [2]> (<HASH (target) [16]> <CNT2 [2]> <META>*(CNT2))*(CNT1) */
2773 {
2774 guint8 tagname_value=0, taglist_size, type;
2775 int i=1, j=34;
2776
2777 /* check if TAG_SOURCETYPE is set */
2778 taglist_size = tvb_get_guint8(tvb, offset + j);
2779 j++;
2780
2781 while(i <= taglist_size) {
2782 type = tvb_get_guint8(tvb, offset + j);
2783 j +=3;
2784 tagname_value = tvb_get_guint8(tvb, offset + j);
2785 if (tagname_value == 0xff)
2786 i = taglist_size;
2787 j++;
2788 switch(type) {
2789 case KADEMLIA_TAGTYPE_HASH:
2790 j += 16;
2791 break;
2792 case KADEMLIA_TAGTYPE_STRING:
2793 {
2794 guint16 string_length = tvb_get_letohs(tvb, offset+j);
2795 j += 2 + string_length;
2796 break;
2797 }
2798 case KADEMLIA_TAGTYPE_UINT8:
2799 j += 1;
2800 break;
2801 case KADEMLIA_TAGTYPE_UINT16:
2802 j += 2;
2803 break;
2804 case KADEMLIA_TAGTYPE_UINT32:
2805 case KADEMLIA_TAGTYPE_FLOAT32:
2806 j += 4;
2807 break;
2808 case KADEMLIA_TAGTYPE_UINT64:
2809 j += 8;
2810 break;
2811 case KADEMLIA_TAGTYPE_BSOB:
2812 {
2813 guint16 bsob_length = tvb_get_guint8(tvb, offset);
2814 j += 1 + bsob_length;
2815 break;
2816 }
2817 }
2818 i++;
2819 }
2820
2821 switch (tagname_value) {
2822 case KADEMLIA_TAG_SOURCETYPE:
2823 {
2824 /* Target */
2825 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_file_id);
2826 /* Results list */
2827 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_peer);
2828 }
2829 break;
2830 default:
2831 {
2832 /* Target */
2833 offset = dissect_kademlia_hash(tvb, pinfo, offset, tree, &hf_kademlia_keyword_hash);
2834 /* Results list */
2835 offset = dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "StuffToPublish", dissect_kademlia_publish_req_entry_file);
2836 }
2837 }
2838 }
2839 }
2840
2841 return offset;
2842 }
2843
dissect_kademlia_udp_compressed_message(guint8 msg_type,tvbuff_t * tvb,packet_info * pinfo,int offset,int length,proto_tree * tree)2844 static int dissect_kademlia_udp_compressed_message(guint8 msg_type,
2845 tvbuff_t *tvb, packet_info *pinfo,
2846 int offset, int length, proto_tree *tree)
2847 {
2848 tvbuff_t *tvbraw = NULL;
2849
2850
2851 tvbraw = tvb_child_uncompress(tvb, tvb, offset, length);
2852
2853 if (tvbraw) {
2854 guint32 raw_length;
2855
2856 raw_length = tvb_captured_length( tvbraw );
2857 add_new_data_source(pinfo, tvbraw, "Decompressed Data");
2858
2859 dissect_kademlia_udp_message( msg_type, tvbraw, pinfo, 0, raw_length, tree );
2860 offset += length;
2861 } else {
2862 proto_tree_add_item(tree, hf_edonkey_broken_compressed_data, tvb, offset, length, ENC_NA);
2863 }
2864 return offset;
2865 }
2866
2867
get_edonkey_tcp_pdu_len(packet_info * pinfo _U_,tvbuff_t * tvb,int offset,void * data _U_)2868 static guint get_edonkey_tcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
2869 int offset, void *data _U_)
2870 {
2871 guint32 msg_len;
2872
2873 /*
2874 * Get the length of the eDonkey packet.
2875 */
2876 msg_len = tvb_get_letohl(tvb, offset+1);
2877
2878 /*
2879 * That length doesn't include the header; add that in.
2880 * XXX - what if it overflows?
2881 */
2882 return msg_len + EDONKEY_TCP_HEADER_LENGTH;
2883 }
2884
dissect_edonkey_tcp_pdu(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)2885 static int dissect_edonkey_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
2886 {
2887 proto_item *ti;
2888 proto_tree *edonkey_tree, *edonkey_msg_tree = NULL, *emule_zlib_tree = NULL;
2889 int offset;
2890 guint8 protocol, msg_type;
2891 guint32 msg_len;
2892 const gchar *protocol_name, *message_name;
2893 void (*dissector)(guint8, tvbuff_t*, packet_info*, int, int, proto_tree*);
2894 tvbuff_t *tvbraw = NULL;
2895
2896 col_set_str(pinfo->cinfo, COL_PROTOCOL, "eDonkey");
2897
2898 ti = proto_tree_add_item(tree, proto_edonkey, tvb, 0, -1, ENC_NA);
2899 edonkey_tree = proto_item_add_subtree(ti, ett_edonkey);
2900
2901 offset = 0;
2902 protocol = tvb_get_guint8(tvb, offset);
2903 msg_len = tvb_get_letohl(tvb, offset+1);
2904
2905 protocol_name = val_to_str_const(protocol, edonkey_protocols, "Unknown");
2906
2907 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "%s TCP", protocol_name);
2908
2909 /* Add edonkey message tree */
2910 if (edonkey_tree) {
2911 ti = proto_tree_add_item(edonkey_tree, hf_edonkey_message, tvb,
2912 offset, EDONKEY_TCP_HEADER_LENGTH + msg_len, ENC_NA);
2913 edonkey_msg_tree = proto_item_add_subtree(ti, ett_edonkey_message);
2914
2915 proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_protocol, tvb, offset, 1, protocol);
2916 proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_message_length, tvb, offset+1, 4, msg_len);
2917 }
2918
2919
2920 /* Skip past the EDONKEY Header */
2921 offset += EDONKEY_TCP_HEADER_LENGTH;
2922
2923 msg_type = tvb_get_guint8(tvb, offset);
2924 switch (protocol) {
2925 case EDONKEY_PROTO_EDONKEY:
2926 message_name = val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown");
2927 dissector = dissect_edonkey_tcp_message;
2928 break;
2929
2930 case EDONKEY_PROTO_EMULE_EXT:
2931 message_name = val_to_str_const(msg_type, emule_tcp_msgs,
2932 val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown"));
2933 dissector = dissect_emule_tcp_message;
2934 break;
2935
2936 case EDONKEY_PROTO_EMULE_COMP:
2937 /*
2938 * These ought to be exactly the same as standard eDonkey (0xe5) messages,
2939 * except that the payload (after the type byte) is a zlib compressed
2940 * stream.
2941 */
2942 message_name = val_to_str_const(msg_type, edonkey_tcp_msgs, "Unknown");
2943 tvbraw = tvb_child_uncompress(tvb, tvb, offset+1, msg_len-1);
2944 if (tvbraw) {
2945 dissector = dissect_edonkey_tcp_message;
2946 break;
2947 }
2948 /* FALL THROUGH */
2949 default:
2950 message_name = "Unknown";
2951 dissector = NULL;
2952 break;
2953 }
2954
2955 col_append_fstr(pinfo->cinfo, COL_INFO, ": %s", message_name);
2956
2957 if (edonkey_msg_tree) {
2958 proto_tree_add_uint_format_value(edonkey_msg_tree, hf_edonkey_message_type, tvb, offset, 1, msg_type,
2959 "%s (0x%02x)", message_name, msg_type);
2960 if (dissector && (msg_len > 1)) {
2961 if (!tvbraw) {
2962 (*dissector)(msg_type, tvb, pinfo, offset+1, msg_len-1, edonkey_msg_tree);
2963 } else {
2964 ti = proto_tree_add_item(edonkey_msg_tree, hf_emule_zlib, tvb,
2965 offset+1, msg_len-1, ENC_NA);
2966 emule_zlib_tree = proto_item_add_subtree(ti, ett_emule_zlib);
2967 add_new_data_source(pinfo, tvbraw, "Decompressed Data");
2968 (*dissector)(msg_type, tvbraw, pinfo, 0, tvb_captured_length(tvbraw), emule_zlib_tree);
2969 }
2970 }
2971 }
2972
2973 return tvb_captured_length(tvb);
2974 }
2975
dissect_edonkey_tcp(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data)2976 static int dissect_edonkey_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2977 {
2978 guint8 protocol;
2979
2980 /* An eDonkey TCP packet is at least 5 bytes long msg type + length */
2981 if (!tvb_bytes_exist(tvb, 0, EDONKEY_TCP_HEADER_LENGTH))
2982 return 0;
2983
2984 protocol = tvb_get_guint8(tvb, 0);
2985 if (try_val_to_str(protocol, edonkey_protocols) == NULL)
2986 return 0; /* Not a known protocol */
2987
2988 col_clear(pinfo->cinfo, COL_INFO);
2989
2990 tcp_dissect_pdus(tvb, pinfo, tree, edonkey_desegment,
2991 EDONKEY_TCP_HEADER_LENGTH, get_edonkey_tcp_pdu_len,
2992 dissect_edonkey_tcp_pdu, data);
2993 return tvb_reported_length(tvb);
2994 }
2995
dissect_edonkey_udp(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)2996 static int dissect_edonkey_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2997 {
2998 proto_item *ti;
2999 proto_tree *edonkey_tree = NULL, *edonkey_msg_tree = NULL;
3000 int offset = 0;
3001 guint8 protocol, msg_type;
3002 const gchar *protocol_name, *message_name;
3003
3004 /* An eDonkey UDP packet is at least 2 bytes long */
3005 if (!tvb_bytes_exist(tvb, 0, EDONKEY_UDP_HEADER_LENGTH))
3006 return 0;
3007
3008 protocol = tvb_get_guint8(tvb, offset);
3009 if (try_val_to_str(protocol, edonkey_protocols) == NULL)
3010 return 0; /* Not a known protocol */
3011
3012 col_set_str(pinfo->cinfo, COL_PROTOCOL, "eDonkey");
3013
3014 if (tree) {
3015 ti = proto_tree_add_item(tree, proto_edonkey, tvb, 0, -1, ENC_NA);
3016 edonkey_tree = proto_item_add_subtree(ti, ett_edonkey);
3017 }
3018
3019 offset = 0;
3020 /* eDonkey UDP message - Assume that there is one message per packet */
3021 msg_type = tvb_get_guint8(tvb, offset+1);
3022 protocol_name = val_to_str_const(protocol, edonkey_protocols, "Unknown");
3023
3024 if (protocol == EDONKEY_PROTO_KADEMLIA || protocol == EDONKEY_PROTO_KADEMLIA_COMP
3025 || protocol == EDONKEY_PROTO_ADU_KADEMLIA || protocol == EDONKEY_PROTO_ADU_KADEMLIA_COMP)
3026 message_name = val_to_str_const( msg_type, kademlia_msgs, "Unknown");
3027 else
3028 message_name = val_to_str_const(msg_type, edonkey_udp_msgs, "Unknown");
3029
3030 col_add_fstr(pinfo->cinfo, COL_INFO, "%s UDP: %s", protocol_name, message_name);
3031
3032 if (edonkey_tree) {
3033 int remainingLength, extraBytes;
3034
3035 ti = proto_tree_add_item(edonkey_tree, hf_edonkey_message, tvb, offset, -1, ENC_NA);
3036 edonkey_msg_tree = proto_item_add_subtree(ti, ett_edonkey_message);
3037
3038 proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_protocol, tvb, offset, 1, protocol);
3039 proto_tree_add_uint_format_value(edonkey_msg_tree, hf_edonkey_message_type, tvb, offset+1, 1, msg_type,
3040 "%s (0x%02x)", message_name, msg_type);
3041
3042 offset += EDONKEY_UDP_HEADER_LENGTH;
3043 remainingLength = tvb_captured_length_remaining( tvb, offset );
3044
3045 if (remainingLength > 0) {
3046 switch (protocol) {
3047 case EDONKEY_PROTO_EDONKEY:
3048 offset = dissect_edonkey_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree);
3049 break;
3050
3051 case EDONKEY_PROTO_EMULE_EXT:
3052 offset = dissect_emule_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree);
3053 break;
3054
3055 case EDONKEY_PROTO_ADU_KADEMLIA:
3056 case EDONKEY_PROTO_KADEMLIA:
3057 offset = dissect_kademlia_udp_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree);
3058 break;
3059
3060 case EDONKEY_PROTO_ADU_KADEMLIA_COMP:
3061 case EDONKEY_PROTO_KADEMLIA_COMP:
3062 offset = dissect_kademlia_udp_compressed_message(msg_type, tvb, pinfo, offset, remainingLength, edonkey_msg_tree);
3063 break;
3064
3065 default:
3066 break;
3067 }
3068 }
3069
3070 extraBytes = tvb_reported_length_remaining( tvb, offset );
3071
3072 if ( extraBytes > 0 ) {
3073 /* trailing garbage or broken packet */
3074 proto_tree_add_uint_format(tree, hf_edonkey_unparsed_data_length, tvb, offset, extraBytes, extraBytes,
3075 "Trailing/Undecoded data: %d bytes", extraBytes );
3076 }
3077 }
3078
3079 return tvb_reported_length(tvb);
3080 }
3081
3082 static void
edonkey_fmt_revision(gchar * result,guint32 revision)3083 edonkey_fmt_revision(gchar *result, guint32 revision )
3084 {
3085 g_snprintf( result, ITEM_LABEL_LENGTH, "%u.%u", (guint16)(revision & 0xFFFF), (guint16)(( revision & 0xFFFF0000 ) >> 16) );
3086 }
3087
proto_register_edonkey(void)3088 void proto_register_edonkey(void) {
3089
3090 static hf_register_info hf[] = {
3091 { &hf_edonkey_message,
3092 { "eDonkey Message", "edonkey.message",
3093 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3094 { &hf_edonkey_protocol,
3095 { "Protocol", "edonkey.protocol",
3096 FT_UINT8, BASE_HEX, VALS(edonkey_protocols), 0, "eDonkey Protocol", HFILL } },
3097 { &hf_edonkey_message_length,
3098 { "Message Length", "edonkey.message.length",
3099 FT_UINT32, BASE_DEC, NULL, 0, "eDonkey Message Length", HFILL } },
3100 { &hf_edonkey_message_type,
3101 { "Message Type", "edonkey.message.type",
3102 FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Message Type", HFILL } },
3103 { &hf_edonkey_client_hash,
3104 { "Client Hash", "edonkey.client_hash",
3105 FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Client Hash", HFILL } },
3106 { &hf_edonkey_server_hash,
3107 { "Server Hash", "edonkey.server_hash",
3108 FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Server Hash", HFILL } },
3109 { &hf_edonkey_file_hash,
3110 { "File Hash", "edonkey.file_hash",
3111 FT_BYTES, BASE_NONE, NULL, 0, "eDonkey File Hash", HFILL } },
3112 { &hf_edonkey_client_id,
3113 { "Client ID", "edonkey.clientid",
3114 FT_IPv4, BASE_NONE, NULL, 0, "eDonkey Client ID", HFILL } },
3115 { &hf_edonkey_ip,
3116 { "IP", "edonkey.ip",
3117 FT_IPv4, BASE_NONE, NULL, 0, "eDonkey IP", HFILL } },
3118 { &hf_edonkey_port,
3119 { "Port", "edonkey.port",
3120 FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Port", HFILL } },
3121 { &hf_edonkey_metatag,
3122 { "eDonkey Meta Tag", "edonkey.metatag",
3123 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3124 { &hf_edonkey_metatag_type,
3125 { "Meta Tag Type", "edonkey.metatag.type",
3126 FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Meta Tag Type", HFILL } },
3127 { &hf_edonkey_metatag_id,
3128 { "Meta Tag ID", "edonkey.metatag.id",
3129 FT_UINT8, BASE_HEX, NULL, 0, "eDonkey Meta Tag ID", HFILL } },
3130 { &hf_edonkey_metatag_name,
3131 { "Meta Tag Name", "edonkey.metatag.name",
3132 FT_STRING, STR_ASCII, NULL, 0, "eDonkey Meta Tag Name", HFILL } },
3133 { &hf_edonkey_metatag_namesize,
3134 { "Meta Tag Name Size", "edonkey.metatag.namesize",
3135 FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Meta Tag Name Size", HFILL } },
3136 { &hf_edonkey_hash,
3137 { "Hash", "edonkey.hash",
3138 FT_BYTES, BASE_NONE, NULL, 0, "eDonkey Hash", HFILL } },
3139 { &hf_edonkey_string,
3140 { "String", "edonkey.string",
3141 FT_STRING, STR_ASCII, NULL, 0, "eDonkey String", HFILL } },
3142 { &hf_edonkey_string_length,
3143 { "String Length", "edonkey.string_length",
3144 FT_UINT16, BASE_DEC, NULL, 0, "eDonkey String Length", HFILL } },
3145 { &hf_edonkey_part_count,
3146 { "Part Count", "edonkey.part_count",
3147 FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Part Count", HFILL } },
3148 { &hf_edonkey_file_status,
3149 { "File Status", "edonkey.file_status",
3150 FT_BYTES, BASE_NONE, NULL, 0, "eDonkey File Status", HFILL } },
3151 { &hf_edonkey_directory,
3152 { "Directory", "edonkey.directory",
3153 FT_STRING, STR_ASCII, NULL, 0, "eDonkey Directory", HFILL } },
3154 { &hf_edonkey_fileinfo,
3155 { "eDonkey File Info", "edonkey.fileinfo",
3156 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3157 { &hf_edonkey_serverinfo,
3158 { "eDonkey Server Info", "edonkey.serverinfo",
3159 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3160 { &hf_edonkey_clientinfo,
3161 { "eDonkey Client Info", "edonkey.clientinfo",
3162 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3163 { &hf_emule_public_key,
3164 { "Public Key", "edonkey.emule.public_key",
3165 FT_BYTES, BASE_NONE, NULL, 0, "eMule Public Key", HFILL } },
3166 { &hf_emule_signature,
3167 { "Signature", "edonkey.emule.signature",
3168 FT_BYTES, BASE_NONE, NULL, 0, "eMule Signature", HFILL } },
3169 { &hf_emule_aich_partnum,
3170 { "Part Number", "edonkey.emule.aich_partnum",
3171 FT_UINT16, BASE_DEC, NULL, 0, "eMule AICH Part Number", HFILL } },
3172 { &hf_emule_aich_root_hash,
3173 { "AICH Root Hash", "edonkey.emule.aich_root_hash",
3174 FT_BYTES, BASE_NONE, NULL, 0, "eMule AICH Root Hash", HFILL } },
3175 { &hf_emule_aich_hash_entry,
3176 { "AICH Hash Entry", "edonkey.emule.aich_hash_entry",
3177 FT_NONE, BASE_NONE, NULL, 0, "eMule AICH Hash Entry", HFILL } },
3178 { &hf_emule_aich_hash_id,
3179 { "AICH Hash ID", "edonkey.emule.aich_hash_id",
3180 FT_UINT16, BASE_HEX, NULL, 0, "eMule AICH Hash ID", HFILL } },
3181 { &hf_emule_aich_hash,
3182 { "AICH Hash", "edonkey.emule.aich_hash",
3183 FT_BYTES, BASE_NONE, NULL, 0, "eMule AICH Hash", HFILL } },
3184 { &hf_emule_multipacket_entry,
3185 { "eMule MultiPacket Entry", "edonkey.emule.multipacket_entry",
3186 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3187 { &hf_emule_multipacket_opcode,
3188 { "MultiPacket Opcode", "edonkey.emule.multipacket_opcode",
3189 FT_UINT8, BASE_HEX, NULL, 0, "eMule MultiPacket Opcode", HFILL } },
3190 { &hf_emule_sourceOBFU,
3191 {"Source", "edonkey.source",
3192 FT_NONE, BASE_NONE, NULL, 0, "eDonkey File Source", HFILL } },
3193 { &hf_emule_source_count,
3194 { "Completed Sources Count", "edonkey.emule.source_count",
3195 FT_UINT16, BASE_DEC, NULL, 0, "eMule Completed Sources Count", HFILL } },
3196 { &hf_emule_zlib,
3197 { "Compressed Data", "edonkey.emule.zlib",
3198 FT_NONE, BASE_NONE, NULL, 0, "eMule Compressed Data", HFILL } },
3199 { &hf_overnet_peer,
3200 { "Overnet Peer", "edonkey.overnet.peer",
3201 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3202 { &hf_kademlia,
3203 { "Kademlia Packet", "edonkey.kademlia",
3204 FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Packet Type", HFILL } },
3205 { &hf_kademlia_peertype,
3206 { "Peer Type", "edonkey.kademlia.peer.type",
3207 FT_UINT8, BASE_DEC_HEX, NULL, 0, "Kademlia Peer Type", HFILL } },
3208 { &hf_kademlia_peer,
3209 { "Kademlia Peer", "edonkey.kademlia.peer",
3210 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
3211 { &hf_kademlia_peer_id,
3212 { "Peer ID", "edonkey.kademlia.peer.id",
3213 FT_STRING, STR_ASCII, NULL, 0, "Kademlia Peer ID", HFILL } },
3214 { &hf_kademlia_hash,
3215 { "Kademlia Hash", "edonkey.kademlia.hash",
3216 FT_STRING, STR_ASCII, NULL, 0, NULL, HFILL } },
3217 { &hf_kademlia_file_id,
3218 { "File ID", "edonkey.kademlia.file.id",
3219 FT_STRING, STR_ASCII, NULL, 0, "Kademlia File ID", HFILL } },
3220 { &hf_kademlia_keyword_hash,
3221 { "Keyword Hash", "edonkey.kademlia.keyword.hash",
3222 FT_STRING, STR_ASCII, NULL, 0, "Kademlia Keyword Hash", HFILL } },
3223 { &hf_kademlia_recipients_id,
3224 { "Recipient's ID", "edonkey.kademlia.recipients.id",
3225 FT_STRING, STR_ASCII, NULL, 0, "Kademlia Recipient's ID", HFILL } },
3226 { &hf_kademlia_sender_id,
3227 { "Sender ID", "edonkey.kademlia.sender.id",
3228 FT_STRING, STR_ASCII, NULL, 0, "Kademlia Sender ID", HFILL } },
3229 { &hf_kademlia_target_id,
3230 { "Target ID", "edonkey.kademlia.target.id",
3231 FT_STRING, STR_ASCII, NULL, 0, "Kademlia Target ID", HFILL } },
3232 { &hf_kademlia_distance,
3233 { "XOR Distance", "edonkey.kademlia.distance",
3234 FT_STRING, STR_ASCII, NULL, 0, "Kademlia XOR Distance", HFILL } },
3235 { &hf_kademlia_version,
3236 { "Kad Version", "edonkey.kademlia.version",
3237 FT_UINT8, BASE_DEC_HEX, VALS(kademlia_versions), 0, NULL, HFILL } },
3238 { &hf_kademlia_tag_float,
3239 { "Tag Value (Float)", "edonkey.kademlia.tag.value.float",
3240 FT_FLOAT, BASE_NONE, NULL, 0, "Float Tag Value", HFILL } },
3241 { &hf_kademlia_tag_uint64,
3242 { "Tag Value (UINT64)", "edonkey.kademlia.tag.value.uint64",
3243 FT_UINT64, BASE_DEC_HEX, NULL, 0, "UINT64 Tag Value", HFILL } },
3244 { &hf_kademlia_tag_uint32,
3245 { "Tag Value (UINT32)", "edonkey.kademlia.tag.value.uint32",
3246 FT_UINT32, BASE_DEC_HEX, NULL, 0, "UINT32 Tag Value", HFILL } },
3247 { &hf_kademlia_tag_ipv4,
3248 { "Tag Value (IPv4)", "edonkey.kademlia.tag.value.ipv4",
3249 FT_IPv4, BASE_NONE, NULL, 0, "UINT32 Tag Value (IPv4)", HFILL } },
3250 { &hf_kademlia_tag_uint16,
3251 { "Tag Value (UINT16)", "edonkey.kademlia.tag.value.uint16",
3252 FT_UINT16, BASE_DEC_HEX, NULL, 0, "UINT16 Tag Value", HFILL } },
3253 { &hf_kademlia_tag_uint8,
3254 { "Tag Value (UINT8)", "edonkey.kademlia.tag.value.uint8",
3255 FT_UINT8, BASE_DEC_HEX, NULL, 0, "UINT8 Tag Value", HFILL } },
3256 { &hf_kademlia_tag_hash,
3257 { "Tag Value (HASH)", "edonkey.kademlia.tag.value.hash",
3258 FT_STRING, BASE_NONE, NULL, 0, "HASH Tag Value", HFILL } },
3259 { &hf_kademlia_tag_string,
3260 { "Tag Value (String)", "edonkey.kademlia.tag.value.string",
3261 FT_STRING, STR_ASCII, NULL, 0, "String Tag Value", HFILL } },
3262 { &hf_kademlia_tag_bsob,
3263 { "Tag Value (BSOB)", "edonkey.kademlia.tag.value.bsob",
3264 FT_BYTES, BASE_NONE, NULL, 0, "BSOB Tag Value", HFILL } },
3265 { &hf_kademlia_udp_port,
3266 { "UDP Port", "edonkey.kademlia.udp_port",
3267 FT_UINT16, BASE_DEC, NULL, 0, "Kademlia UDP Port", HFILL } },
3268 { &hf_kademlia_ip,
3269 { "IP", "edonkey.kademlia.ip",
3270 FT_IPv4, BASE_NONE, NULL, 0, "eDonkey IP", HFILL } },
3271 { &hf_kademlia_tcp_port,
3272 { "TCP Port", "edonkey.kademlia.tcp_port",
3273 FT_UINT16, BASE_DEC, NULL, 0, "Kademlia TCP Port", HFILL } },
3274 #if 0
3275 { &hf_kademlia_unparsed_data_length,
3276 { "Kademlia unparsed data length", "edonkey.kademlia.unparsed",
3277 FT_UINT16, BASE_DEC, NULL, 0, "Kademlia trailing data length", HFILL } },
3278 #endif
3279 { &hf_kademlia_tag_name,
3280 { "Tag Name", "edonkey.kademlia.tag.name",
3281 FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Tag Name String", HFILL } },
3282 { &hf_kademlia_tag_name_length,
3283 { "Tag Name Length", "edonkey.kademlia.tag.name.length",
3284 FT_UINT16, BASE_DEC, NULL, 0, "Kademlia Tag Name String Length", HFILL } },
3285 { &hf_kademlia_tag_type,
3286 { "Tag Type", "edonkey.kademlia.tag.type",
3287 FT_UINT8, BASE_HEX, VALS(kademlia_tag_types), 0, "Kademlia Tag Type", HFILL } },
3288 { &hf_kademlia_request_type,
3289 { "Request Type", "edonkey.kademlia.request.type",
3290 FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Request Type", HFILL } },
3291 { &hf_kademlia_search_expression_type,
3292 { "SearchExp Type", "edonkey.kademlia.search_expression.type",
3293 FT_UINT8, BASE_HEX, VALS(edonkey_search_ext_type_vals), 0, NULL, HFILL } },
3294 { &hf_kademlia_search_bool_op,
3295 { "Bool op", "edonkey.kademlia.search.bool_op",
3296 FT_UINT8, BASE_HEX, VALS(edonkey_search_ops), 0, NULL, HFILL } },
3297 { &hf_kademlia_search_condition,
3298 { "Search Condition", "edonkey.kademlia.search.condition",
3299 FT_UINT8, BASE_HEX, NULL, 0, "Kademlia Search Condition", HFILL } },
3300 { &hf_kademlia_search_condition_argument_uint32,
3301 { "32bit Argument", "edonkey.kademlia.search.condition.argument.uint32",
3302 FT_UINT32, BASE_DEC_HEX, NULL, 0, "Kademlia Search Condition Argument 32bit Value", HFILL } },
3303 { &hf_kademlia_search_condition_argument_uint64,
3304 { "64bit Argument", "edonkey.kademlia.search.condition.argument.uint64",
3305 FT_UINT64, BASE_DEC_HEX, NULL, 0, "Kademlia Search Condition Argument 64bit Value", HFILL } },
3306 { &hf_edonkey_unparsed_data_length,
3307 { "eDonkey unparsed data length", "edonkey.unparsed",
3308 FT_UINT32, BASE_DEC_HEX, NULL, 0, "eDonkey trailing or unparsed data length", HFILL } },
3309
3310 /* Generated from convert_proto_tree_add_text.pl */
3311 { &hf_edonkey_list_size, { "List Size", "edonkey.list_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3312 { &hf_edonkey_meta_tag_value_revision, { "Meta Tag Value", "edonkey.meta_tag_value.revision", FT_UINT32, BASE_CUSTOM, CF_FUNC(edonkey_fmt_revision), 0x0, NULL, HFILL }},
3313 { &hf_edonkey_meta_tag_value_uint, { "Meta Tag Value", "edonkey.meta_tag_value.uint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3314 { &hf_edonkey_boolean_array_length, { "Boolean Array Length", "edonkey.boolean_array_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3315 { &hf_edonkey_blob_length, { "BLOB Length", "edonkey.blob_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3316 { &hf_edonkey_kademlia_string, { "String", "edonkey.kademlia_string", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3317 { &hf_emule_public_key_length, { "Public key length", "edonkey.emule.public_key_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3318 { &hf_emule_signature_length, { "Signature length", "edonkey.emule.signature_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3319 { &hf_edonkey_obfuscation_settings, { "Obfuscation Settings", "edonkey.obfuscation_settings", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3320 { &hf_edonkey_start_offset, { "Start Offset", "edonkey.start_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3321 { &hf_edonkey_start_offset_64, { "Start Offset", "edonkey.start_offset64", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3322 { &hf_edonkey_end_offset, { "End Offset", "edonkey.end_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3323 { &hf_edonkey_end_offset_64, { "End Offset", "edonkey.end_offset64", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3324 { &hf_edonkey_emule_file_length, { "File Length", "edonkey.emule.file_length", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3325 { &hf_edonkey_overnet_peer_type, { "Peer Type", "edonkey.overnet_peer_type", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3326 { &hf_edonkey_more_search_file_results, { "More", "edonkey.more_search_file_results", FT_BOOLEAN, 8, TFS(&tfs_true_false), 0x0, NULL, HFILL }},
3327 { &hf_edonkey_file_size, { "File size", "edonkey.file_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3328 { &hf_edonkey_large_file_size, { "Large file size", "edonkey.large_file_size", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3329 { &hf_edonkey_number_of_users, { "Number of Users", "edonkey.number_of_users", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3330 { &hf_edonkey_number_of_files, { "Number of Files", "edonkey.number_of_files", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3331 { &hf_edonkey_message_data, { "Message Data", "edonkey.message_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3332 { &hf_edonkey_emule_version, { "Version", "edonkey.emule.version", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3333 { &hf_edonkey_emule_queue_ranking, { "Queue Ranking", "edonkey.emule.queue_ranking", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3334 { &hf_edonkey_emule_ident_state, { "State", "edonkey.emule.state", FT_UINT8, BASE_DEC|BASE_RANGE_STRING, RVALS(emule_ident_state_rvals), 0x0, NULL, HFILL }},
3335 { &hf_edonkey_emule_rndchallenge, { "Rndchallenge", "edonkey.emule.rndchallenge", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3336 { &hf_edonkey_emule_sig_ip_used, { "Sig IP Used", "edonkey.emule.sig_ip_used", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3337 { &hf_edonkey_packed_length, { "Packed Length", "edonkey.emule.packed_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3338 { &hf_edonkey_compressed_message_data, { "Compressed Message Data", "edonkey.emule.compressed_message_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3339 { &hf_edonkey_challenge, { "Challenge", "edonkey.challenge", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
3340 { &hf_edonkey_max_number_of_users, { "Max number of Users", "edonkey.max_number_of_users", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3341 { &hf_edonkey_search_type, { "Search Type", "edonkey.search_type", FT_UINT8, BASE_DEC, VALS(edonkey_search_type_vals), 0x0, NULL, HFILL }},
3342 { &hf_edonkey_search_range_min, { "Search Range Min", "edonkey.search_range.min", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3343 { &hf_edonkey_search_range_max, { "Search Range Max", "edonkey.search_range.max", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3344 { &hf_edonkey_kademlia_uload, { "uLoad", "edonkey.kademlia_uload", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3345 { &hf_edonkey_kademlia_start_position, { "Start position", "edonkey.kademlia_start_position", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3346 { &hf_edonkey_kademlia_filesize, { "Filesize", "edonkey.kademlia_filesize", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3347 { &hf_edonkey_kademlia_restrictive, { "Restrictive", "edonkey.kademlia_restrictive", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
3348 { &hf_edonkey_broken_compressed_data, { "Broken Compressed data", "edonkey.broken_compressed_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3349 { &hf_edonkey_search_limit, { "Search Limit", "edonkey.search_limit", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3350 { &hf_edonkey_search_limit_type, { "Limit Type", "edonkey.search_limit_type", FT_UINT8, BASE_DEC, VALS(edonkey_search_conds), 0x0, NULL, HFILL }},
3351 { &hf_edonkey_search_ops, { "Search Operator", "edonkey.search_ops", FT_UINT8, BASE_HEX, VALS(edonkey_search_ops), 0x0, NULL, HFILL }},
3352 { &hf_edonkey_user_hash_length, { "User hash length", "edonkey.user_hash_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3353 };
3354
3355 static gint *ett[] = {
3356 &ett_edonkey,
3357 &ett_edonkey_message,
3358 &ett_edonkey_metatag,
3359 &ett_edonkey_search,
3360 &ett_edonkey_fileinfo,
3361 &ett_edonkey_serverinfo,
3362 &ett_edonkey_clientinfo,
3363 &ett_emule_aichhash,
3364 &ett_emule_multipacket,
3365 &ett_emule_zlib,
3366 &ett_overnet_peer,
3367 &ett_emule_sourceOBFU,
3368 &ett_edonkey_listitem,
3369 &ett_kademlia_search_expression,
3370 &ett_kademlia_tag
3371 };
3372
3373 static ei_register_info ei[] = {
3374 { &ei_kademlia_tag_type, { "edonkey.kademlia.tag.type.undecoded", PI_PROTOCOL, PI_WARN, "Tag value not decoded", EXPFILL }},
3375 { &ei_kademlia_search_expression_type, { "edonkey.kademlia.search_expression.type.undecoded", PI_UNDECODED, PI_WARN, "NOT DECODED op", EXPFILL }},
3376 };
3377
3378 module_t *edonkey_module;
3379 expert_module_t* expert_edonkey;
3380
3381 proto_edonkey = proto_register_protocol("eDonkey Protocol", "EDONKEY", "edonkey");
3382
3383 proto_register_field_array(proto_edonkey, hf, array_length(hf));
3384 proto_register_subtree_array(ett, array_length(ett));
3385 expert_edonkey = expert_register_protocol(proto_edonkey);
3386 expert_register_field_array(expert_edonkey, ei, array_length(ei));
3387
3388 edonkey_module = prefs_register_protocol(proto_edonkey, NULL);
3389 prefs_register_bool_preference(edonkey_module, "desegment",
3390 "Reassemble eDonkey messages spanning multiple TCP segments",
3391 "Whether the eDonkey dissector should reassemble messages spanning multiple TCP segments."
3392 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3393 &edonkey_desegment);
3394 }
3395
proto_reg_handoff_edonkey(void)3396 void proto_reg_handoff_edonkey(void) {
3397
3398 dissector_handle_t edonkey_tcp_handle;
3399 dissector_handle_t edonkey_udp_handle;
3400
3401 edonkey_tcp_handle = create_dissector_handle(dissect_edonkey_tcp, proto_edonkey);
3402 edonkey_udp_handle = create_dissector_handle(dissect_edonkey_udp, proto_edonkey);
3403
3404 dissector_add_uint_range_with_preference("tcp.port", EDONKEY_TCP_PORT_RANGE, edonkey_tcp_handle);
3405 dissector_add_uint_range_with_preference("udp.port", EDONKEY_UDP_PORT_RANGE, edonkey_udp_handle);
3406 }
3407
3408 /*
3409 * Editor modelines - https://www.wireshark.org/tools/modelines.html
3410 *
3411 * Local variables:
3412 * c-basic-offset: 4
3413 * tab-width: 8
3414 * indent-tabs-mode: nil
3415 * End:
3416 *
3417 * vi: set shiftwidth=4 tabstop=8 expandtab:
3418 * :indentSize=4:tabSize=8:noTabs=true:
3419 */
3420