diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2005-12-19 06:48:07 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2005-12-19 06:48:07 +0000 |
| commit | 185cfdefd42a955d9aded83714ebd6164293e910 (patch) | |
| tree | b9731740ac5d7eb4165f2f89c00c968f53166c3a /epan | |
| parent | 5222a20c1cb3bf83fb6be643c482cf11a6c320d8 (diff) | |
| download | wireshark-185cfdefd42a955d9aded83714ebd6164293e910.tar.gz wireshark-185cfdefd42a955d9aded83714ebd6164293e910.tar.bz2 wireshark-185cfdefd42a955d9aded83714ebd6164293e910.zip | |
From John Sullivan:
Three patches here:
eth-ed-2.diff
-------------
1) The handling of HashSet Answer messages was wrong
2) Add dissection of some more eMule extension packets to do with
error recovery
eth-bt-1.diff
-------------
New versions of the Azureus BitTorrent client implement a new extension to the protocol, which is effectively a text based encapsulation of the binary BitTorrent protocol, embedded within the BitTorrent protocol. Who knows why they thought that was a good idea, but this patch can pick apart their new headers.
eth-bt-2.diff
-------------
By registering a normal dissector as well as the heuristic one, BitTorrent shows up on the Decode As... list so you can manually override its mistake.
svn path=/trunk/; revision=16856
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-bittorrent.c | 483 | ||||
| -rw-r--r-- | epan/dissectors/packet-edonkey.c | 291 | ||||
| -rw-r--r-- | epan/dissectors/packet-edonkey.h | 6 |
3 files changed, 750 insertions, 30 deletions
diff --git a/epan/dissectors/packet-bittorrent.c b/epan/dissectors/packet-bittorrent.c index 4783833cfa..1be80b59db 100644 --- a/epan/dissectors/packet-bittorrent.c +++ b/epan/dissectors/packet-bittorrent.c @@ -60,6 +60,20 @@ #define BITTORRENT_HEADER_LENGTH 4 +/* + * Azureus messages are specified by name so these are made up numbers + * for internal identification only. + * + * Standard BT message types are a single byte, so these won't clash + */ +#define AZUREUS_MESSAGE_HANDSHAKE 256 +#define AZUREUS_MESSAGE_KEEP_ALIVE 257 +#define AZUREUS_MESSAGE_BT_HANDSHAKE 258 +#define AZUREUS_MESSAGE_PEER_EXCHANGE 259 +#define AZUREUS_MESSAGE_JPC_HELLO 260 +#define AZUREUS_MESSAGE_JPC_REPLY 261 + + static const value_string bittorrent_messages[] = { { BITTORRENT_MESSAGE_CHOKE, "Choke" }, { BITTORRENT_MESSAGE_UNCHOKE, "Unchoke" }, @@ -70,9 +84,47 @@ static const value_string bittorrent_messages[] = { { BITTORRENT_MESSAGE_REQUEST, "Request" }, { BITTORRENT_MESSAGE_PIECE, "Piece" }, { BITTORRENT_MESSAGE_CANCEL, "Cancel" }, + { AZUREUS_MESSAGE_KEEP_ALIVE, "Keepalive" }, + { AZUREUS_MESSAGE_HANDSHAKE, "Azureus Handshake" }, + { AZUREUS_MESSAGE_BT_HANDSHAKE, "Azureus BitTorrent Handshake" }, + { AZUREUS_MESSAGE_PEER_EXCHANGE, "Azureus Peer Exchange" }, + { AZUREUS_MESSAGE_JPC_HELLO, "Azureus PeerCache Hello" }, + { AZUREUS_MESSAGE_JPC_REPLY, "Azureus PeerCache Reply" }, { 0, NULL } }; +static const value_string azureus_priorities[] = { + { 0, "Low" }, + { 1, "Normal" }, + { 2, "High" }, + { 0, NULL } +}; + + +struct amp_message { + char *name; + guint32 value; +}; + +static const struct amp_message amp_messages[] = { + { "BT_KEEP_ALIVE", AZUREUS_MESSAGE_KEEP_ALIVE }, + { "BT_CHOKE", BITTORRENT_MESSAGE_CHOKE }, + { "BT_UNCHOKE", BITTORRENT_MESSAGE_UNCHOKE }, + { "BT_INTERESTED", BITTORRENT_MESSAGE_INTERESTED }, + { "BT_UNINTERESTED", BITTORRENT_MESSAGE_NOT_INTERESTED }, + { "BT_HAVE", BITTORRENT_MESSAGE_HAVE }, + { "BT_BITFIELD", BITTORRENT_MESSAGE_BITFIELD }, + { "BT_REQUEST", BITTORRENT_MESSAGE_REQUEST }, + { "BT_PIECE", BITTORRENT_MESSAGE_PIECE }, + { "BT_CANCEL", BITTORRENT_MESSAGE_CANCEL }, + { "AZ_HANDSHAKE", AZUREUS_MESSAGE_HANDSHAKE }, + { "BT_HANDSHAKE", AZUREUS_MESSAGE_BT_HANDSHAKE }, + { "AZ_PEER_EXCHANGE", AZUREUS_MESSAGE_PEER_EXCHANGE }, + { "JPC_HELLO", AZUREUS_MESSAGE_JPC_HELLO }, + { "JPC_REPLY", AZUREUS_MESSAGE_JPC_REPLY }, + { NULL, 0 } +}; + static dissector_handle_t dissector_handle; static int proto_bittorrent = -1; @@ -85,15 +137,32 @@ static gint hf_bittorrent_peer_id = -1; static gint hf_bittorrent_msg = -1; static gint hf_bittorrent_msg_len = -1; static gint hf_bittorrent_msg_type = -1; +static gint hf_azureus_msg = -1; +static gint hf_azureus_msg_type_len = -1; +static gint hf_azureus_msg_type = -1; +static gint hf_azureus_msg_prio = -1; static gint hf_bittorrent_bitfield_data = -1; static gint hf_bittorrent_piece_index = -1; static gint hf_bittorrent_piece_begin = -1; static gint hf_bittorrent_piece_length = -1; static gint hf_bittorrent_piece_data = -1; +static gint hf_bittorrent_bstr_length = -1; +static gint hf_bittorrent_bstr = -1; +static gint hf_bittorrent_bint = -1; +static gint hf_bittorrent_bdict = -1; +static gint hf_bittorrent_bdict_entry = -1; +static gint hf_bittorrent_blist = -1; +static gint hf_azureus_jpc_addrlen = -1; +static gint hf_azureus_jpc_addr = -1; +static gint hf_azureus_jpc_port = -1; +static gint hf_azureus_jpc_session = -1; static gint ett_bittorrent = -1; static gint ett_bittorrent_msg = -1; static gint ett_peer_id = -1; +static gint ett_bittorrent_bdict = -1; +static gint ett_bittorrent_bdict_entry = -1; +static gint ett_bittorrent_blist = -1; static gboolean bittorrent_desegment = TRUE; static gboolean decode_client_information = FALSE; @@ -146,7 +215,7 @@ static guint get_bittorrent_pdu_length(tvbuff_t *tvb, int offset) /* Do some sanity checking of the message, if we have the ID byte */ if(tvb_offset_exists(tvb, offset + BITTORRENT_HEADER_LENGTH)) { type = tvb_get_guint8(tvb, offset + BITTORRENT_HEADER_LENGTH); - if(type <= BITTORRENT_MESSAGE_CANCEL) { + if(type <= BITTORRENT_MESSAGE_CANCEL && length<0x1000000) { /* This seems to be a valid BitTorrent header with a known type identifier */ return BITTORRENT_HEADER_LENGTH + length; @@ -170,20 +239,324 @@ static guint get_bittorrent_pdu_length(tvbuff_t *tvb, int offset) } } +static int dissect_bencoding_str(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, int length, proto_tree *tree, proto_item *ti, int treeadd) +{ + guint8 ch; + int stringlen = 0, nextstringlen; + int used; + int izero = 0; + + if (length<2) { + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Decode Aborted: Invalid String"); + } + return -1; + } + + used = 0; + + while (length>=1) { + ch = tvb_get_guint8(tvb, offset+used); + length--; + used++; + + if (ch==':' && used>1) { + if (stringlen>length || stringlen<0) { + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Decode Aborted: Invalid String Length"); + } + return -1; + } + if (tree) { + proto_tree_add_uint(tree, hf_bittorrent_bstr_length, tvb, offset, used, stringlen); + proto_tree_add_item(tree, hf_bittorrent_bstr, tvb, offset+used, stringlen, FALSE); + + if (treeadd==1) { + proto_item_append_text(ti, " Key: %s", format_text(ep_tvb_memdup(tvb, offset+used, stringlen), stringlen)); + } + if (treeadd==2) { + proto_item_append_text(ti, " Value: %s", format_text(ep_tvb_memdup(tvb, offset+used, stringlen), stringlen)); + } + } + return used+stringlen; + } + + if (!izero && ch>='0' && ch<='9') { + if (ch=='0' && used==1) { + izero = 1; + } + + nextstringlen = (stringlen * 10) + (ch - '0'); + if (nextstringlen>=stringlen) { + stringlen = nextstringlen; + continue; + } + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Decode Aborted: Invalid String"); + } + return -1; + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Truncated Data"); + } + return -1; +} + +static int dissect_bencoding_int(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, int length, proto_tree *tree, proto_item *ti, int treeadd) +{ + gint32 ival=0; + int neg = 0; + int izero = 0; + int used; + guint8 ch; + + if (length<3) { + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Decode Aborted: Invalid Integer"); + } + return -1; + } + + length--; + used = 1; + + while (length>=1) { + ch = tvb_get_guint8(tvb, offset+used); + length--; + used++; + + switch (ch) { + case 'e': + if (tree) { + if (neg) ival = -ival; + proto_tree_add_int(tree, hf_bittorrent_bint, tvb, offset, used, ival); + if (treeadd==2) { + proto_item_append_text(ti, " Value: %d", ival); + } + } + return used; + + case '-': + if (used==2) { + neg = 1; + break; + } + /* Fall through */ + + default: + if (!(ch=='0' && used==3 && neg)) { /* -0 is invalid */ + if (ch=='0' && used==2) { /* as is 0[0-9]+ */ + izero = 1; + break; + } + if (!izero && ch>='0' && ch<='9') { + ival = (ival * 10) + (ch - '0'); + break; + } + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Decode Aborted: Invalid Integer"); + } + return -1; + } + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, length, "Truncated Data"); + } + return -1; +} + +static int dissect_bencoding_rec(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, int length, proto_tree *tree, int level, proto_item *treei, int treeadd) +{ + guint8 op; + int oplen = 0, op1len, op2len; + int used; + + proto_item *ti = NULL, *td = NULL; + proto_tree *itree = NULL, *dtree = NULL; + + if (level>10) { + proto_tree_add_text(tree, tvb, offset, -1, "Decode Aborted: Nested Too Deep"); + return -1; + } + if (length<1) { + proto_tree_add_text(tree, tvb, offset, -1, "Truncated Data"); + return length; + } + + op = tvb_get_guint8(tvb, offset); + if (tree) { + oplen = dissect_bencoding_rec(tvb, pinfo, offset, length, NULL, level, NULL, 0); + if (oplen<0) oplen = length; + } + + switch (op) { + case 'd': + if (tree) { + td = proto_tree_add_item(tree, hf_bittorrent_bdict, tvb, offset, oplen, FALSE); + dtree = proto_item_add_subtree(td, ett_bittorrent_bdict); + } + + used = 1; + length--; + + while (length>=1) { + op = tvb_get_guint8(tvb, offset+used); + + if (op=='e') { + return used+1; + } + + op1len = dissect_bencoding_str(tvb, pinfo, offset+used, length, NULL, NULL, 0); + if (op1len<0) { + if (dtree) { + proto_tree_add_text(dtree, tvb, offset+used, -1, "Decode Aborted: Invalid Dictionary Key"); + } + return op1len; + } + + op2len = -1; + if (length-op1len>2) + op2len = dissect_bencoding_rec(tvb, pinfo, offset+used+op1len, length-op1len, NULL, level+1, NULL, 0); + if (op2len<0) { + if (dtree) { + proto_tree_add_text(dtree, tvb, offset+used+op1len, -1, "Decode Aborted: Invalid Dictionary Value"); + } + return op2len; + } + + if (dtree) { + ti = proto_tree_add_item(dtree, hf_bittorrent_bdict_entry, tvb, offset+used, op1len+op2len, FALSE); + itree = proto_item_add_subtree(ti, ett_bittorrent_bdict_entry); + + dissect_bencoding_str(tvb, pinfo, offset+used, length, itree, ti, 1); + dissect_bencoding_rec(tvb, pinfo, offset+used+op1len, length-op1len, itree, level+1, ti, 2); + } + + used += op1len+op2len; + length -= op1len+op2len; + } + if (dtree) { + proto_tree_add_text(dtree, tvb, offset+used, -1, "Truncated Data"); + } + return -1; + + case 'l': + if (tree) { + ti = proto_tree_add_item(tree, hf_bittorrent_blist, tvb, offset, oplen, FALSE); + itree = proto_item_add_subtree(ti, ett_bittorrent_blist); + } + + used = 1; + length--; + + while (length>=1) { + op = tvb_get_guint8(tvb, offset+used); + + if (op=='e') { + return used+1; + } + + oplen = dissect_bencoding_rec(tvb, pinfo, offset+used, length, itree, level+1, ti, 0); + if (oplen<1) return oplen; + + used += oplen; + length -= oplen; + } + if (itree) { + proto_tree_add_text(itree, tvb, offset+used, -1, "Truncated Data"); + } + return -1; + + case 'i': + return dissect_bencoding_int(tvb, pinfo, offset, length, tree, treei, treeadd); + + default: + if (op>='1' && op<='9') { + return dissect_bencoding_str(tvb, pinfo, offset, length, tree, treei, treeadd); + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, -1, "Decode Aborted: Invalid Bencoding"); + } + return -1; + } + + if (tree) { + proto_tree_add_text(tree, tvb, offset, -1, "Decode Aborted: Internal Error"); + } + return -1; +} + +static void dissect_bencoding(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, int length, proto_tree *tree) +{ + dissect_bencoding_rec(tvb, pinfo, offset, length, tree, 0, NULL, 0); +} + static void dissect_bittorrent_message (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 0; + int i; + int doffset = BITTORRENT_HEADER_LENGTH; + int isamp = 0; proto_tree *mtree; - guint8 type = 0; + guint16 type = 0; + guint32 typelen = 0; + guint8 prio = 0; guint32 length; const char *msgtype = NULL; proto_item *ti; guint32 piece_index, piece_begin, piece_length; + guint32 stringlen; if (tvb_bytes_exist(tvb, offset + BITTORRENT_HEADER_LENGTH, 1)) { /* Check for data from the middle of a message. */ + length = tvb_get_ntohl(tvb, offset); type = tvb_get_guint8(tvb, offset + BITTORRENT_HEADER_LENGTH); + + if (type==BITTORRENT_MESSAGE_CHOKE && length>4) { + /* + * Choke messages have no payload, so this is likely an Azureus + * Messaging Protocol packet + */ + if (!tvb_bytes_exist(tvb, offset + BITTORRENT_HEADER_LENGTH, 4)) + return; + + typelen = tvb_get_ntohl(tvb, offset + BITTORRENT_HEADER_LENGTH); + if (4+typelen+1<=length) { + if (!tvb_bytes_exist(tvb, offset + BITTORRENT_HEADER_LENGTH + 4, typelen+1)) + return; + + for ( i=0 ; amp_messages[i].name ; i++ ) { + if (strlen(amp_messages[i].name)==typelen && + tvb_memeql(tvb, offset + BITTORRENT_HEADER_LENGTH + 4, + amp_messages[i].name, strlen(amp_messages[i].name))==0) { + + prio = tvb_get_guint8(tvb, offset + BITTORRENT_HEADER_LENGTH + 4 + typelen); + if (prio==0 || prio==1 || prio==2) { + type = amp_messages[i].value; + doffset = BITTORRENT_HEADER_LENGTH + 4 + typelen + 1; + isamp = 1; + } + break; + } + } + } + } + msgtype = match_strval(type, bittorrent_messages); + /* if (msgtype == NULL && isamp) { + msgtype = match_strval(type, azureus_messages); + } */ if (msgtype == NULL) { proto_tree_add_text(tree, tvb, offset, -1, "Continuation data"); if (check_col(pinfo->cinfo, COL_INFO)) { @@ -196,8 +569,11 @@ static void dissect_bittorrent_message (tvbuff_t *tvb, packet_info *pinfo, proto return; } - length = tvb_get_ntohl(tvb, offset); - ti = proto_tree_add_item(tree, hf_bittorrent_msg, tvb, offset, length + BITTORRENT_HEADER_LENGTH, FALSE); + if (isamp) { + ti = proto_tree_add_item(tree, hf_azureus_msg, tvb, offset, length + BITTORRENT_HEADER_LENGTH, FALSE); + } else { + ti = proto_tree_add_item(tree, hf_bittorrent_msg, tvb, offset, length + BITTORRENT_HEADER_LENGTH, FALSE); + } mtree = proto_item_add_subtree(ti, ett_bittorrent_msg); /* Keepalive message */ @@ -214,13 +590,22 @@ static void dissect_bittorrent_message (tvbuff_t *tvb, packet_info *pinfo, proto /* If the tvb_bytes_exist() call above returned FALSE, this will throw an exception, so we won't use msgtype or type. */ - proto_tree_add_item(mtree, hf_bittorrent_msg_type, tvb, offset, 1, FALSE); - proto_item_append_text(ti, ": Len:%u, %s", length, msgtype); + if (isamp) { + proto_tree_add_item(mtree, hf_azureus_msg_type_len, tvb, offset, 4, FALSE); + proto_tree_add_item(mtree, hf_azureus_msg_type, tvb, offset+4, typelen, FALSE); + proto_item_append_text(ti, ": Len %u, %s", length, msgtype); + proto_tree_add_item(mtree, hf_azureus_msg_prio, tvb, offset+4+typelen, 1, FALSE); + offset += 4+typelen+1; + length -= 4+typelen+1; + } else { + proto_tree_add_item(mtree, hf_bittorrent_msg_type, tvb, offset, 1, FALSE); + proto_item_append_text(ti, ": Len:%u, %s", length, msgtype); + offset += 1; + length -= 1; + } if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, msgtype); } - offset += 1; - length -= 1; switch (type) { case BITTORRENT_MESSAGE_CHOKE: @@ -277,6 +662,23 @@ static void dissect_bittorrent_message (tvbuff_t *tvb, packet_info *pinfo, proto } break; + case AZUREUS_MESSAGE_HANDSHAKE: + case AZUREUS_MESSAGE_PEER_EXCHANGE: + dissect_bencoding(tvb, pinfo, offset, length, mtree); + break; + + case AZUREUS_MESSAGE_JPC_HELLO: + stringlen = tvb_get_ntohl(tvb, offset); + proto_tree_add_item(mtree, hf_azureus_jpc_addrlen, tvb, offset, 4, FALSE); + proto_tree_add_item(mtree, hf_azureus_jpc_addr, tvb, offset+4, stringlen, FALSE); + proto_tree_add_item(mtree, hf_azureus_jpc_port, tvb, offset+4+stringlen, 4, FALSE); + proto_tree_add_item(mtree, hf_azureus_jpc_session, tvb, offset+4+stringlen+4, 4, FALSE); + break; + + case AZUREUS_MESSAGE_JPC_REPLY: + proto_tree_add_item(mtree, hf_azureus_jpc_session, tvb, offset, 4, FALSE); + break; + default: break; } @@ -405,8 +807,20 @@ proto_register_bittorrent(void) { &hf_bittorrent_msg_type, { "Message Type", "bittorrent.msg.type", FT_UINT8, BASE_DEC, VALS(bittorrent_messages), 0x0, "", HFILL } }, + { &hf_azureus_msg, + { "Azureus Message", "bittorrent.azureus_msg", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_msg_type_len, + { "Message Type Length", "bittorrent.msg.typelen", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_msg_type, + { "Message Type", "bittorrent.msg.aztype", FT_STRING, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_msg_prio, + { "Message Priority", "bittorrent.msg.prio", FT_UINT8, BASE_DEC, VALS(azureus_priorities), 0x0, "", HFILL } + }, { &hf_bittorrent_bitfield_data, - { "Bitfield data", "bittorrent.msg.bitfield", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL } + { "Bitfield data", "bittorrent.msg.bitfield", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL } }, { &hf_bittorrent_piece_index, { "Piece index", "bittorrent.piece.index", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL } @@ -419,13 +833,46 @@ proto_register_bittorrent(void) }, { &hf_bittorrent_piece_length, { "Piece Length", "bittorrent.piece.length", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_bstr_length, + { "String Length", "bittorrent.bstr.length", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_bstr, + { "String", "bittorrent.bstr", FT_STRING, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_bint, + { "Integer", "bittorrent.bint", FT_INT32, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_bdict, + { "Dictionary", "bittorrent.bdict", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_bdict_entry, + { "Entry", "bittorrent.bdict.entry", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL } + }, + { &hf_bittorrent_blist, + { "List", "bittorrent.blist", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_jpc_addrlen, + { "Cache Address Length", "bittorrent.jpc.addr.length", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_jpc_addr, + { "Cache Address", "bittorrent.jpc.addr", FT_STRING, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_jpc_port, + { "Port", "bittorrent.jpc.port", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL } + }, + { &hf_azureus_jpc_session, + { "Session ID", "bittorrent.jpc.session", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL } } }; static gint *ett[] = { &ett_bittorrent, &ett_bittorrent_msg, - &ett_peer_id + &ett_peer_id, + &ett_bittorrent_bdict, + &ett_bittorrent_bdict_entry, + &ett_bittorrent_blist }; module_t *bittorrent_module; @@ -434,6 +881,8 @@ proto_register_bittorrent(void) proto_register_field_array(proto_bittorrent, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + register_dissector("bittorrent.tcp", dissect_bittorrent, proto_bittorrent); + bittorrent_module = prefs_register_protocol(proto_bittorrent, NULL); prefs_register_bool_preference(bittorrent_module, "desegment", "Reassemble BitTorrent messages spanning multiple TCP segments", @@ -450,6 +899,18 @@ proto_register_bittorrent(void) void proto_reg_handoff_bittorrent(void) { - dissector_handle = create_dissector_handle(dissect_bittorrent, proto_bittorrent); +/* dissector_handle = create_dissector_handle(dissect_bittorrent, proto_bittorrent); */ + dissector_handle = find_dissector("bittorrent.tcp"); +#if 0 + dissector_add("tcp.port", 6881, dissector_handle); + dissector_add("tcp.port", 6882, dissector_handle); + dissector_add("tcp.port", 6883, dissector_handle); + dissector_add("tcp.port", 6884, dissector_handle); + dissector_add("tcp.port", 6885, dissector_handle); + dissector_add("tcp.port", 6886, dissector_handle); + dissector_add("tcp.port", 6887, dissector_handle); + dissector_add("tcp.port", 6888, dissector_handle); + dissector_add("tcp.port", 6889, dissector_handle); +#endif heur_dissector_add("tcp", test_bittorrent_packet, proto_bittorrent); } diff --git a/epan/dissectors/packet-edonkey.c b/epan/dissectors/packet-edonkey.c index 9a2457589a..3f07dfc949 100644 --- a/epan/dissectors/packet-edonkey.c +++ b/epan/dissectors/packet-edonkey.c @@ -60,12 +60,22 @@ static int hf_edonkey_search = -1; static int hf_edonkey_ip = -1; static int hf_edonkey_port = -1; static int hf_edonkey_hash = -1; +static int hf_edonkey_part_count = -1; +static int hf_edonkey_file_status = -1; static int hf_edonkey_directory = -1; static int hf_edonkey_string = -1; static int hf_edonkey_string_length = -1; static int hf_edonkey_fileinfo = -1; static int hf_edonkey_clientinfo = -1; static int hf_edonkey_serverinfo = -1; +static int hf_emule_aich_partnum = -1; +static int hf_emule_aich_root_hash = -1; +static int hf_emule_aich_hash_entry = -1; +static int hf_emule_aich_hash_id = -1; +static int hf_emule_aich_hash = -1; +static int hf_emule_multipacket_entry = -1; +static int hf_emule_multipacket_opcode = -1; +static int hf_emule_source_count = -1; static int hf_overnet_peer = -1; static gint ett_edonkey = -1; @@ -75,6 +85,8 @@ static gint ett_edonkey_search = -1; static gint ett_edonkey_fileinfo = -1; static gint ett_edonkey_serverinfo = -1; static gint ett_edonkey_clientinfo = -1; +static gint ett_emule_aichhash = -1; +static gint ett_emule_multipacket = -1; static gint ett_overnet_peer = -1; /* desegmentation of eDonkey over TCP */ @@ -142,6 +154,12 @@ static const value_string emule_tcp_msgs[] = { { EMULE_MSG_QUEUE_RANKING, "Queue Ranking" }, { EMULE_MSG_SOURCES_REQUEST, "Sources Request" }, { EMULE_MSG_SOURCES_ANSWER, "Sources Answer" }, + { EMULE_MSG_MULTIPACKET, "MultiPacket" }, + { EMULE_MSG_MULTIPACKET_ANSWER, "MultiPacket Answer" }, + { EMULE_MSG_AICH_REQUEST, "AICH Hashset Request" }, + { EMULE_MSG_AICH_ANSWER, "AICH Hashset Answer" }, + { EMULE_MSG_AICHFILEHASH_ANSWER, "AICH Master Hash Request" }, + { EMULE_MSG_AICHFILEHASH_REQUEST, "AICH Master Hash Answer" }, { 0, NULL } }; @@ -541,14 +559,6 @@ static int dissect_edonkey_address_list(tvbuff_t *tvb, packet_info *pinfo _U_, return dissect_edonkey_list(tvb, pinfo, offset, tree, 1, "Address", dissect_edonkey_address); } -/* Dissects the eMule address list */ -static int dissect_emule_address_list(tvbuff_t *tvb, packet_info *pinfo _U_, - int offset, proto_tree *tree) -{ - /* <Address List> ::= <List Size (guint16)> <Address>* */ - return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Address", dissect_edonkey_address); -} - /* Dissects the eDonkey hash */ static int dissect_edonkey_hash(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, proto_tree *tree) @@ -558,12 +568,21 @@ static int dissect_edonkey_hash(tvbuff_t *tvb, packet_info *pinfo _U_, return offset+16; } +/* Dissects the eDonkey file hash */ +static int dissect_edonkey_file_hash(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + /* <File hash> ::= HASH (16 word MD4 digest) */ + proto_tree_add_item(tree, hf_edonkey_file_hash, tvb, offset, 16, FALSE); + return offset+16; +} /* Dissects the eDonkey hash list */ static int dissect_edonkey_hash_list(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, proto_tree *tree) { - /* <Hash List> ::= <List Size (guint16)> <Hash>* */ + /* <Hash List> ::= <File Hash> <List Size (guint16)> <Hash>* */ + offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Hash", dissect_edonkey_hash); } @@ -605,6 +624,24 @@ static int dissect_edonkey_file_name(tvbuff_t *tvb, packet_info *pinfo _U_, return dissect_edonkey_string(tvb, pinfo, offset, tree); } +/* Dissects the eDonkey File Status */ +static int dissect_edonkey_file_status(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + guint16 partcount, arrlen; + + /* <File Status> ::= <Part Count> <Part Status> */ + partcount = tvb_get_letohs(tvb, offset); + arrlen = (partcount+7)/8; + + proto_tree_add_uint(tree, hf_edonkey_part_count, tvb, offset, 2, partcount); + if (partcount>0) { + proto_tree_add_item(tree, hf_edonkey_file_status, tvb, offset+2, arrlen, FALSE); + } + return offset+2+arrlen; +} + + /* Dissects the eDonkey directory list */ static int dissect_edonkey_directory_list(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, proto_tree *tree) @@ -613,15 +650,6 @@ static int dissect_edonkey_directory_list(tvbuff_t *tvb, packet_info *pinfo _U_, return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "Directory", dissect_edonkey_directory); } -/* Dissects the eDonkey file hash */ -static int dissect_edonkey_file_hash(tvbuff_t *tvb, packet_info *pinfo _U_, - int offset, proto_tree *tree) -{ - /* <File hash> ::= HASH (16 word MD4 digest) */ - proto_tree_add_item(tree, hf_edonkey_file_hash, tvb, offset, 16, FALSE); - return offset+16; -} - /* Dissects the eDonkey server hash */ static int dissect_edonkey_server_hash(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, proto_tree *tree) @@ -746,6 +774,172 @@ static int dissect_edonkey_file_info_list(tvbuff_t *tvb, packet_info *pinfo _U_, return dissect_edonkey_list(tvb, pinfo, offset, tree, 4, "File Info", dissect_edonkey_file_info); } +/* Dissects the eMule address list */ +static int dissect_emule_address_list(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + /* <Address List> ::= <List Size (guint16)> <Address>* */ + return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "Address", dissect_edonkey_address); +} + +static int dissect_emule_aich_root_hash(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + /* <AICH Root Hash> ::= HASH (20 byte SHA1 digest) */ + proto_tree_add_item(tree, hf_emule_aich_root_hash, tvb, offset, 20, FALSE); + return offset + 20; +} + +static int dissect_emule_aich_hash_list_entry(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + guint16 hashid; + proto_item *ti; + proto_tree *aichhash_tree; + /* <AICH Hash List Entry> ::= <AICH Hash ID> <AICH Hash> */ + ti = proto_tree_add_item(tree, hf_emule_aich_hash_entry, tvb, offset, 22, FALSE); + aichhash_tree = proto_item_add_subtree(ti, ett_emule_aichhash); + + hashid = tvb_get_letohs(tvb, offset); + proto_tree_add_uint(aichhash_tree, hf_emule_aich_hash_id, tvb, offset, 2, hashid); + proto_tree_add_item(aichhash_tree, hf_emule_aich_hash, tvb, offset+2, 20, FALSE); + return offset + 22; +} + +static int dissect_emule_aich_hash_list(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, proto_tree *tree) +{ + /* <AICH Hash List> ::= <List Size (guint16)> < <AICH Hash ID> <AICH Hash> >* */ + return dissect_edonkey_list(tvb, pinfo, offset, tree, 2, "AICH Hash", dissect_emule_aich_hash_list_entry); +} + +static int dissect_emule_multipacket(tvbuff_t *tvb, packet_info *pinfo _U_, + int offset, int eoffset, proto_tree *tree) +{ + guint8 opcode, nextop; + guint16 namelen, partcount, arrlen, oplen; + guint32 sourcecount; + proto_item *ti; + proto_tree *mp_tree; + + /* <MultiPacket> ::= <File Hash> <Opcodes>* */ + offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); + + while (offset<eoffset) { + opcode = tvb_get_guint8(tvb, offset); + + switch (opcode) { + case EDONKEY_MSG_FILE_STATUS_REQUEST: + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "File Status Request (0x%02x)", opcode); + offset += 1; + break; + case EDONKEY_MSG_FILE_REQUEST: + partcount = 443; /* Invalid */ + sourcecount = 65536; /* Out of range */ + arrlen = 0; + oplen = 1; + + if (offset+2<eoffset) { + nextop = tvb_get_guint8(tvb, offset+1); + if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST && + nextop!=EMULE_MSG_SOURCES_REQUEST && + nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) { + + partcount = tvb_get_letohs(tvb, offset+1); + if (partcount<=442) { + arrlen = (partcount+7)/8; + oplen += 2+arrlen; + + if (offset+2+arrlen+2<eoffset) { + nextop = tvb_get_guint8(tvb, offset+2+arrlen+1); + if (nextop!=EDONKEY_MSG_FILE_STATUS_REQUEST && + nextop!=EMULE_MSG_SOURCES_REQUEST && + nextop!=EMULE_MSG_AICHFILEHASH_REQUEST) { + + sourcecount = tvb_get_letohs(tvb, offset+2+arrlen+1); + oplen += 2; + } + } + } + } + } + + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, oplen, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "File Name Request (0x%02x)", opcode); + if (partcount<=442) { + dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree); + if (sourcecount<65536) { + proto_tree_add_uint(mp_tree, hf_emule_source_count, tvb, offset+3+arrlen, 2, sourcecount); + } + } + offset += oplen; + break; + case EMULE_MSG_SOURCES_REQUEST: + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "Sources Request (0x%02x)", opcode); + offset += 1; + break; + case EMULE_MSG_AICHFILEHASH_REQUEST: + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 1, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "AICH Root Hash Request (0x%02x)", opcode); + offset += 1; + break; + + case EDONKEY_MSG_FILE_STATUS: + partcount = tvb_get_letohs(tvb, offset+1); + arrlen = (partcount+7)/8; + + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+arrlen, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "File Status (0x%02x)", opcode); + offset = dissect_edonkey_file_status(tvb, pinfo, offset+1, mp_tree); + break; + case EDONKEY_MSG_FILE_REQUEST_ANSWER: + namelen = tvb_get_letohs(tvb, offset+1); + + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 3+namelen, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "File Name (0x%02x)", opcode); + offset = dissect_edonkey_file_name(tvb, pinfo, offset+1, mp_tree); + break; + case EMULE_MSG_AICHFILEHASH_ANSWER: + ti = proto_tree_add_item(tree, hf_emule_multipacket_entry, tvb, offset, 21, FALSE); + mp_tree = proto_item_add_subtree(ti, ett_emule_multipacket); + + proto_tree_add_uint_format(mp_tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "AICH Root Hash (0x%02x)", opcode); + proto_tree_add_item(mp_tree, hf_emule_aich_root_hash, tvb, offset+1, 20, FALSE); + offset += 21; + break; + + default: + /* Unknown opcode means we can't continue parsing the stream */ + proto_tree_add_uint_format(tree, hf_emule_multipacket_opcode, tvb, offset, 1, + opcode, "Unknown MultiPacket opcode (0x%02x)", opcode); + return offset+1; + } + } + + return offset; +} + /* Dissects the Overnet peer type */ static int dissect_overnet_peertype(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, proto_tree *tree) @@ -982,6 +1176,11 @@ static void dissect_edonkey_tcp_message(guint8 msg_type, proto_tree_add_text(tree, tvb, offset+4, 4, "Number of Files: %u", nfiles); break; + case EDONKEY_MSG_FILE_STATUS: /* File Status: <File hash> <Part Count> <Part Status>? */ + offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); + offset = dissect_edonkey_file_status(tvb, pinfo, offset, tree); + break; + case EDONKEY_MSG_FILE_REQUEST_ANSWER: /* File Request Answer: <File hash> <File name> */ offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); offset = dissect_edonkey_file_name(tvb, pinfo, offset, tree); @@ -1042,7 +1241,7 @@ static void dissect_emule_tcp_message(guint8 msg_type, { int msg_start, msg_end, bytes_remaining; guint32 packed_length; - guint16 version, rank; + guint16 version, rank, partnum; if (tree == NULL) return; @@ -1088,6 +1287,28 @@ static void dissect_emule_tcp_message(guint8 msg_type, } break; + case EMULE_MSG_AICH_REQUEST: /* AICH Request: <File Hash> <PartNum> <AICH Hash> */ + offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); + partnum = tvb_get_letohs(tvb, offset); + proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum); + offset += 2; + offset = dissect_emule_aich_root_hash(tvb, pinfo, offset, tree); + break; + + case EMULE_MSG_AICH_ANSWER: /* AICH Answer: <File Hash> <PartNum> <AICH Hash> <AICH Hash List> */ + offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree); + partnum = tvb_get_letohs(tvb, offset); + proto_tree_add_uint(tree, hf_emule_aich_partnum, tvb, offset, 2, partnum); + offset += 2; + offset = dissect_emule_aich_root_hash(tvb, pinfo, offset, tree); + offset = dissect_emule_aich_hash_list(tvb, pinfo, offset, tree); + break; + + case EMULE_MSG_MULTIPACKET: /* MultiPacket: <Hash> <Opcodes> */ + case EMULE_MSG_MULTIPACKET_ANSWER: + offset = dissect_emule_multipacket(tvb, pinfo, offset, offset+length, tree); + break; + default: dissect_edonkey_tcp_message(msg_type, tvb, pinfo, offset, length, tree); break; @@ -1515,6 +1736,12 @@ void proto_register_edonkey(void) { { &hf_edonkey_string_length, { "String Length", "edonkey.string_length", FT_UINT16, BASE_DEC, NULL, 0, "eDonkey String Length", HFILL } }, + { &hf_edonkey_part_count, + { "Part Count", "edonkey.part_count", + FT_UINT16, BASE_DEC, NULL, 0, "eDonkey Part Count", HFILL } }, + { &hf_edonkey_file_status, + { "File Status", "edonkey.file_status", + FT_BYTES, BASE_HEX, NULL, 0, "eDonkey File Status", HFILL } }, { &hf_edonkey_directory, { "Directory", "edonkey.directory", FT_STRING, BASE_NONE, NULL, 0, "eDonkey Directory", HFILL } }, @@ -1527,6 +1754,30 @@ void proto_register_edonkey(void) { { &hf_edonkey_clientinfo, { "eDonkey Client Info", "edonkey.clientinfo", FT_NONE, BASE_NONE, NULL, 0, "eDonkey Client Info", HFILL } }, + { &hf_emule_aich_partnum, + { "Part Number", "emule.aich_partnum", + FT_UINT16, BASE_DEC, NULL, 0, "eMule AICH Part Number", HFILL } }, + { &hf_emule_aich_root_hash, + { "AICH Root Hash", "emule.aich_root_hash", + FT_BYTES, BASE_HEX, NULL, 0, "eMule AICH Root Hash", HFILL } }, + { &hf_emule_aich_hash_entry, + { "AICH Hash Entry", "emule_aich_hash_entry", + FT_NONE, BASE_NONE, NULL, 0, "eMule AICH Hash Entry", HFILL } }, + { &hf_emule_aich_hash_id, + { "AICH Hash ID", "emule.aich_hash_id", + FT_UINT16, BASE_HEX, NULL, 0, "eMule AICH Hash ID", HFILL } }, + { &hf_emule_aich_hash, + { "AICH Hash", "emule.aich_hash", + FT_BYTES, BASE_HEX, NULL, 0, "eMule AICH Hash", HFILL } }, + { &hf_emule_multipacket_entry, + { "eMule MultiPacket Entry", "emule.multipacket_entry", + FT_NONE, BASE_NONE, NULL, 0, "eMule MultiPacket Entry", HFILL } }, + { &hf_emule_multipacket_opcode, + { "MultiPacket Opcode", "emule.multipacket_opcode", + FT_UINT8, BASE_HEX, NULL, 0, "eMule MultiPacket Opcode", HFILL } }, + { &hf_emule_source_count, + { "Compeleted Sources Count", "emule.source_count", + FT_UINT16, BASE_DEC, NULL, 0, "eMule Completed Sources Count", HFILL } }, { &hf_overnet_peer, { "Overnet Peer", "overnet.peer", FT_NONE, BASE_NONE, NULL, 0, "Overnet Peer", HFILL } }, @@ -1540,6 +1791,8 @@ void proto_register_edonkey(void) { &ett_edonkey_fileinfo, &ett_edonkey_serverinfo, &ett_edonkey_clientinfo, + &ett_emule_aichhash, + &ett_emule_multipacket, &ett_overnet_peer }; module_t *edonkey_module; diff --git a/epan/dissectors/packet-edonkey.h b/epan/dissectors/packet-edonkey.h index 55cc022aad..d2fe4b442c 100644 --- a/epan/dissectors/packet-edonkey.h +++ b/epan/dissectors/packet-edonkey.h @@ -103,6 +103,12 @@ void proto_register_edonkey(void); #define EMULE_MSG_QUEUE_RANKING 0x60 #define EMULE_MSG_SOURCES_REQUEST 0x81 #define EMULE_MSG_SOURCES_ANSWER 0x82 +#define EMULE_MSG_MULTIPACKET 0x92 +#define EMULE_MSG_MULTIPACKET_ANSWER 0x93 +#define EMULE_MSG_AICH_REQUEST 0x9b +#define EMULE_MSG_AICH_ANSWER 0x9c +#define EMULE_MSG_AICHFILEHASH_ANSWER 0x9d +#define EMULE_MSG_AICHFILEHASH_REQUEST 0x9e /* EDONKEY UDP MESSAGES */ #define EDONKEY_MSG_UDP_SERVER_STATUS_REQUEST 0x96 |