-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmain.c
353 lines (325 loc) · 19.2 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
#include <stdint.h>
#include <stdbool.h>
// the order of these two is very important
#include <wireshark/config.h>
#include <epan/packet.h>
#include <wireshark/epan/dissectors/packet-tcp.h>
#include <gmodule.h>
G_MODULE_EXPORT gchar version[30] = "1.0";
static int proto_remoting = -1;
static const value_string msg_type_names[] = {
{ 0x00, "Greeting" },
{ 0x01, "Capabilities" },
{ 0x02, "Auth Request" },
{ 0x03, "Auth Challenge" },
{ 0x04, "Auth Response" },
{ 0x05, "Auth Complete" },
{ 0x06, "Auth Rejected" },
{ 0x07, "Start TLS" },
{ 0x08, "NAK" },
{ 0x10, "Channel Open Request" },
{ 0x11, "Channel Open Ack" },
{ 0x12, "Channel Open Service Not Found" },
{ 0x13, "Channel Open Service Error" },
{ 0x20, "Channel Shutdown Write" },
{ 0x21, "Channel Close" },
{ 0x30, "Message Data" },
{ 0x31, "Message Window Open" },
{ 0x32, "Message Async Close" },
{ 0xF0, "Connection Alive" },
{ 0xF1, "Connection Alive Ack" },
{ 0xFF, "Connection Close" },
{ 0, 0 }
};
static int hf_remoting_pkt_length = -1;
static int hf_remoting_pkt_type = -1;
static int hf_remoting_chanid = -1;
static int hf_remoting_msgid = -1;
static int hf_remoting_msg_flags = -1;
static int hf_remoting_msg_flag_new = -1;
static int hf_remoting_msg_flag_eof = -1;
static int hf_remoting_msg_flag_cancel = -1;
static int hf_remoting_msg_window = -1;
static int hf_remoting_svcparam = -1;
static int hf_remoting_svcparam_name = -1;
static int hf_remoting_svcparam_imws = -1;
static int hf_remoting_svcparam_omws = -1;
static int hf_remoting_svcparam_iml = -1;
static int hf_remoting_svcparam_oml = -1;
static int hf_remoting_svcparam_imms = -1;
static int hf_remoting_svcparam_omms = -1;
static int hf_remoting_svcparam_unk = -1;
static int hf_remoting_svcparam_unk_cont = -1;
static int hf_remoting_grt = -1;
static int hf_remoting_grt_server = -1;
static int hf_remoting_grt_unk = -1;
static int hf_remoting_grt_unk_cont = -1;
static int hf_remoting_cap = -1;
static int hf_remoting_cap_version = -1;
static int hf_remoting_cap_saslmech = -1;
static int hf_remoting_cap_starttls = -1;
static int hf_remoting_cap_endpoint_name = -1;
static int hf_remoting_cap_msgclose = -1;
static int hf_remoting_cap_vstr = -1;
static int hf_remoting_cap_chan_in = -1;
static int hf_remoting_cap_chan_out = -1;
static int hf_remoting_cap_unk = -1;
static int hf_remoting_cap_unk_cont = -1;
static int ht_remoting_auth_mech = -1;
static int hf_remoting_content = -1;
static int hf_remoting_content_len = -1;
static int hf_remoting_content_data = -1;
static gint ett_remoting = -1;
static gint ett_svcparam = -1;
static gint ett_svcparam_unk = -1;
static gint ett_grt = -1;
static gint ett_grt_unk = -1;
static gint ett_cap = -1;
static gint ett_cap_unk = -1;
static gint ett_remoting_content = -1;
static void dissect_remoting_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Remoting");
// clear info column
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
proto_item *ti = proto_tree_add_item(tree, proto_remoting, tvb, 0, -1, ENC_NA);
proto_tree *remoting_tree = proto_item_add_subtree(ti, ett_remoting);
proto_tree_add_item(remoting_tree, hf_remoting_pkt_length, tvb, 0, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(remoting_tree, hf_remoting_pkt_type, tvb, 4, 1, ENC_BIG_ENDIAN);
uint8_t pkt_type = (uint8_t) tvb_get_guint8(tvb, 4);
col_add_fstr(pinfo->cinfo, COL_INFO, "%s", val_to_str(pkt_type, msg_type_names, "Unknown (0x%02x)"));
if (pkt_type == 0x00) {
// greeting
proto_item *params_item = proto_tree_add_item(remoting_tree, hf_remoting_grt, tvb, 5, -1, ENC_NA);
proto_tree *params_tree = proto_item_add_subtree(params_item, ett_grt);
gint p = 5;
while (p < tvb_captured_length(tvb)) {
guint pid, plen;
pid = tvb_get_guint8(tvb, p++);
plen = tvb_get_guint8(tvb, p++);
switch (pid) {
case 0: {
proto_tree_add_item(params_tree, hf_remoting_grt_server, tvb, p, plen, ENC_UTF_8);
char text[plen + 1];
tvb_memcpy(tvb, text, p, plen);
text[plen] = 0;
col_append_fstr(pinfo->cinfo, COL_INFO, " (\"%s\")", text);
break;
}
default: {
proto_item *unk_item = proto_tree_add_item(params_tree, hf_remoting_grt_unk, tvb, p - 2, 1, ENC_BIG_ENDIAN);
proto_tree *unk_tree = proto_item_add_subtree(unk_item, ett_grt_unk);
proto_tree_add_item(unk_tree, hf_remoting_grt_unk_cont, tvb, p, plen, ENC_NA);
break;
}
}
p += plen;
}
} else if (pkt_type == 0x01) {
// capabilities
proto_item *params_item = proto_tree_add_item(remoting_tree, hf_remoting_cap, tvb, 5, -1, ENC_NA);
proto_tree *params_tree = proto_item_add_subtree(params_item, ett_cap);
gint p = 5;
while (p < tvb_captured_length(tvb)) {
guint pid, plen;
pid = tvb_get_guint8(tvb, p++);
plen = tvb_get_guint8(tvb, p++);
switch (pid) {
case 0: {
proto_tree_add_item(params_tree, hf_remoting_cap_version, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 1: {
proto_tree_add_item(params_tree, hf_remoting_cap_saslmech, tvb, p, plen, ENC_UTF_8);
break;
}
case 2: {
proto_tree_add_item(params_tree, hf_remoting_cap_starttls, tvb, p, plen, ENC_NA);
break;
}
case 3: {
proto_tree_add_item(params_tree, hf_remoting_cap_endpoint_name, tvb, p, plen, ENC_UTF_8);
break;
}
case 4: {
proto_tree_add_item(params_tree, hf_remoting_cap_msgclose, tvb, p, plen, ENC_NA);
break;
}
case 5: {
proto_tree_add_item(params_tree, hf_remoting_cap_vstr, tvb, p, plen, ENC_UTF_8);
break;
}
case 6: {
proto_tree_add_item(params_tree, hf_remoting_cap_chan_in, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 7: {
proto_tree_add_item(params_tree, hf_remoting_cap_chan_out, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
default: {
proto_item *unk_item = proto_tree_add_item(params_tree, hf_remoting_cap_unk, tvb, p - 2, 1, ENC_BIG_ENDIAN);
proto_tree *unk_tree = proto_item_add_subtree(unk_item, ett_cap_unk);
proto_tree_add_item(unk_tree, hf_remoting_cap_unk_cont, tvb, p, plen, ENC_NA);
break;
}
}
p += plen;
}
} else if (pkt_type >= 0x02 && pkt_type <= 0x05) {
gint p = 5;
if (pkt_type == 0x02) {
guint plen = tvb_get_guint8(tvb, p++);
char text[plen + 1];
tvb_memcpy(tvb, text, p, plen);
text[plen] = 0;
proto_tree_add_item(remoting_tree, ht_remoting_auth_mech, tvb, p, plen, ENC_UTF_8);
p += plen;
col_append_fstr(pinfo->cinfo, COL_INFO, " (\"%s\")", text);
}
guint rem = tvb_captured_length(tvb) - p;
if (rem > 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, " (len=%d)", rem);
proto_item *cont_item = proto_tree_add_item(remoting_tree, hf_remoting_content, tvb, p, rem, ENC_BIG_ENDIAN);
proto_tree *cont_tree = proto_item_add_subtree(cont_item, ett_remoting_content);
proto_tree_add_item(cont_tree, hf_remoting_content_data, tvb, p, rem, ENC_BIG_ENDIAN);
proto_tree_add_uint(cont_tree, hf_remoting_content_len, tvb, p, rem, rem);
} else {
col_append_str(pinfo->cinfo, COL_INFO, " (empty)");
}
} else if (pkt_type >= 0x10 && pkt_type <= 0x3F) {
proto_tree_add_item(remoting_tree, hf_remoting_chanid, tvb, 5, 4, ENC_BIG_ENDIAN);
if (pkt_type == 0x10 || pkt_type == 0x11) {
proto_item *params_item = proto_tree_add_item(remoting_tree, hf_remoting_svcparam, tvb, 9, -1, ENC_NA);
proto_tree *params_tree = proto_item_add_subtree(params_item, ett_svcparam);
gint p = 9;
for (;;) {
guint pid, plen;
pid = tvb_get_guint8(tvb, p++);
if (pid == 0) return;
plen = tvb_get_guint8(tvb, p++);
switch (pid) {
case 1: {
char text[plen + 1];
tvb_memcpy(tvb, text, p, plen);
text[plen] = 0;
col_append_fstr(pinfo->cinfo, COL_INFO, " (\"%s\")", text);
proto_tree_add_item(params_tree, hf_remoting_svcparam_name, tvb, p, plen, ENC_UTF_8);
break;
}
case 0x80: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_imws, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 0x81: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_iml, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 0x82: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_omws, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 0x83: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_oml, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 0x84: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_imms, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
case 0x85: {
proto_tree_add_item(params_tree, hf_remoting_svcparam_omms, tvb, p, plen, ENC_BIG_ENDIAN);
break;
}
default: {
proto_item *unk_item = proto_tree_add_item(params_tree, hf_remoting_svcparam_unk, tvb, p - 2, 1, ENC_BIG_ENDIAN);
proto_tree *unk_tree = proto_item_add_subtree(unk_item, ett_svcparam_unk);
proto_tree_add_item(unk_tree, hf_remoting_svcparam_unk_cont, tvb, p, plen, ENC_NA);
break;
}
}
p += plen;
}
} else if (pkt_type >= 0x30) {
proto_tree_add_item(remoting_tree, hf_remoting_msgid, tvb, 9, 2, ENC_BIG_ENDIAN);
if (pkt_type == 0x30) {
proto_tree_add_item(remoting_tree, hf_remoting_msg_flags, tvb, 11, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(remoting_tree, hf_remoting_msg_flag_eof, tvb, 11, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(remoting_tree, hf_remoting_msg_flag_new, tvb, 11, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(remoting_tree, hf_remoting_msg_flag_cancel, tvb, 11, 1, ENC_BIG_ENDIAN);
guint rem = tvb_captured_length(tvb) - 12;
if (rem > 0) {
proto_item *cont_item = proto_tree_add_item(remoting_tree, hf_remoting_content, tvb, 12, rem, ENC_BIG_ENDIAN);
proto_tree *cont_tree = proto_item_add_subtree(cont_item, ett_remoting_content);
proto_tree_add_uint(cont_tree, hf_remoting_content_len, tvb, 12, rem, rem);
proto_tree_add_item(cont_tree, hf_remoting_content_data, tvb, 12, rem, ENC_BIG_ENDIAN);
col_append_fstr(pinfo->cinfo, COL_INFO, " (len=%d)", rem);
} else {
col_append_str(pinfo->cinfo, COL_INFO, " (empty)");
}
} else if (pkt_type == 0x31) {
proto_tree_add_item(remoting_tree, hf_remoting_msg_window, tvb, 11, 4, ENC_BIG_ENDIAN);
}
}
}
}
}
static guint get_remoting_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset, void *data _U_) {
return (guint) tvb_get_ntohl(tvb, offset) + 4;
}
static void dissect_remoting(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) {
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_remoting_message_len, dissect_remoting_msg, data);
}
void plugin_register(void) {
// packet framing info
static hf_register_info hf[] = {
{ &hf_remoting_pkt_length, { "Remoting Length", "remoting.length", FT_UINT32, BASE_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_pkt_type, { "Remoting Type", "remoting.type", FT_UINT8, BASE_HEX, VALS(msg_type_names), 0x0, 0, HFILL }},
{ &hf_remoting_chanid, { "Remoting Channel ID", "remoting.chanid", FT_UINT32, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_msgid, { "Remoting Message ID", "remoting.msgid", FT_UINT16, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_msg_flags, { "Remoting Message Flags", "remoting.msgflags", FT_UINT8, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_msg_flag_cancel, { "Cancelled", "remoting.msgflags.cancel", FT_BOOLEAN, 8, 0, 0x4, 0, HFILL }},
{ &hf_remoting_msg_flag_new, { "New Message", "remoting.msgflags.new", FT_BOOLEAN, 8, 0, 0x2, 0, HFILL }},
{ &hf_remoting_msg_flag_eof, { "End of Message", "remoting.msgflags.eom", FT_BOOLEAN, 8, 0, 0x1, 0, HFILL }},
{ &hf_remoting_msg_window, { "Remoting Window Adjustment", "remoting.msgwindow", FT_UINT32, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam, { "Service Parameters", "remoting.svcparam", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_name, { "Service Name", "remoting.svcparam.name", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_imws, { "Inbound Msg Window Size", "remoting.svcparam.imws", FT_UINT32, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_omws, { "Outbound Msg Window Size", "remoting.svcparam.omws", FT_UINT32, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_iml, { "Inbound Msg Limit", "remoting.svcparam.iml", FT_UINT16, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_oml, { "Outbound Msg Limit", "remoting.svcparam.oml", FT_UINT16, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_imms, { "Inbound Msg Max Size", "remoting.svcparam.imms", FT_UINT64, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_omms, { "Outbound Msg Max Size", "remoting.svcparam.omms", FT_UINT64, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_unk, { "Unknown", "remoting.svcparam.unk", FT_UINT8, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_svcparam_unk_cont, { "Content", "remoting.svcparam.unk.cont", FT_BYTES, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_grt, { "Greeting Parameters", "remoting.grt", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_grt_server, { "Server Name", "remoting.grt.server", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_grt_unk, { "Unknown", "remoting.grt.unk", FT_UINT8, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_grt_unk_cont, { "Content", "remoting.grt.unk.cont", FT_BYTES, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap, { "Capability Parameters", "remoting.cap", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_version, { "Protocol Version", "remoting.cap.version", FT_UINT8, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_saslmech, { "SASL Mechanism", "remoting.cap.saslmech", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_starttls, { "STARTTLS Supported", "remoting.cap.starttls", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_endpoint_name, { "Endpoint Name", "remoting.cap.endpoint", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_msgclose, { "Supports Msg Close Protocol", "remoting.cap.msgclose", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_vstr, { "Impl Version", "remoting.cap.vstr", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_chan_in, { "Inbound Channel Limit", "remoting.cap.chanin", FT_UINT16, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_chan_out, { "Outbound Channel Limit", "remoting.cap.chanout", FT_UINT16, BASE_HEX_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_unk, { "Unknown", "remoting.cap.unk", FT_UINT8, BASE_HEX, 0, 0x0, 0, HFILL }},
{ &hf_remoting_cap_unk_cont, { "Content", "remoting.cap.unk.cont", FT_BYTES, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &ht_remoting_auth_mech, { "SASL Mechanism", "remoting.mech", FT_STRING, BASE_NONE, 0, 0x0, 0, HFILL }},
{ &hf_remoting_content, { "Content", "remoting.cont", FT_NONE, 0, 0, 0x0, 0, HFILL }},
{ &hf_remoting_content_len, { "Length", "remoting.cont.len", FT_UINT32, BASE_DEC, 0, 0x0, 0, HFILL }},
{ &hf_remoting_content_data, { "Data", "remoting.cont.data", FT_BYTES, BASE_NONE, 0, 0x0, 0, HFILL }},
};
// protocol subtree
static gint *ett[] = { &ett_remoting, &ett_svcparam, &ett_svcparam_unk, &ett_grt, &ett_grt_unk, &ett_cap, &ett_cap_unk, &ett_remoting_content };
proto_remoting = proto_register_protocol("JBoss Remoting", "Remoting", "remoting");
proto_register_field_array(proto_remoting, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void plugin_reg_handoff(void) {
static dissector_handle_t remoting_handle;
remoting_handle = create_dissector_handle(dissect_remoting, proto_remoting);
dissector_add_uint("tcp.port", 9999, remoting_handle);
}