void proto_reg_handoff_adb(void) { adb_service_handle = find_dissector_add_dependency("adb_service", proto_adb); dissector_add_for_decode_as_with_preference("tcp.port", adb_handle); dissector_add_for_decode_as("usb.device", adb_handle); dissector_add_for_decode_as("usb.product", adb_handle); dissector_add_for_decode_as("usb.protocol", adb_handle); proto_tcp = proto_get_id_by_filter_name("tcp"); proto_usb = proto_get_id_by_filter_name("usb"); }
void proto_reg_handoff_adb(void) { adb_service_handle = find_dissector("adb_service"); dissector_add_handle("tcp.port", adb_handle); dissector_add_handle("usb.device", adb_handle); dissector_add_handle("usb.product", adb_handle); dissector_add_handle("usb.protocol", adb_handle); proto_tcp = proto_get_id_by_filter_name("tcp"); proto_usb = proto_get_id_by_filter_name("usb"); }
/* * Disable protocols as per the stored configuration */ void set_disabled_protos_list(void) { gint i; GList *fl_ent; protocol_def *prot; /* * assume all protocols are enabled by default */ if (disabled_protos == NULL) goto skip; fl_ent = g_list_first(disabled_protos); while (fl_ent != NULL) { prot = (protocol_def *) fl_ent->data; i = proto_get_id_by_filter_name(prot->name); if (i == -1) { /* XXX - complain here? */ } else { if (proto_can_toggle_protocol(i)) proto_set_decoding(i, FALSE); } fl_ent = fl_ent->next; } skip: if (global_disabled_protos == NULL) return; fl_ent = g_list_first(global_disabled_protos); while (fl_ent != NULL) { prot = (protocol_def *) fl_ent->data; i = proto_get_id_by_filter_name(prot->name); if (i == -1) { /* XXX - complain here? */ } else { if (proto_can_toggle_protocol(i)) { proto_set_decoding(i, FALSE); proto_set_cant_toggle(i); } } fl_ent = fl_ent->next; } }
void expert_packet_init(void) { static hf_register_info hf[] = { { &hf_expert_msg, { "Message", "_ws.expert.message", FT_STRING, BASE_NONE, NULL, 0, "Wireshark expert information", HFILL } }, { &hf_expert_group, { "Group", "_ws.expert.group", FT_UINT32, BASE_HEX, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL } }, { &hf_expert_severity, { "Severity level", "_ws.expert.severity", FT_UINT32, BASE_HEX, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL } } }; static gint *ett[] = { &ett_expert, &ett_subexpert }; if (expert_tap == -1) { expert_tap = register_tap("expert"); } if (proto_expert == -1) { proto_expert = proto_register_protocol("Expert Info", "Expert", "_ws.expert"); proto_register_field_array(proto_expert, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); proto_set_cant_toggle(proto_expert); } highest_severity = 0; proto_malformed = proto_get_id_by_filter_name("_ws.malformed"); }
void ProtocolPreferencesMenu::setModule(const char *module_name) { QAction *action; int proto_id = -1; if (module_name) { proto_id = proto_get_id_by_filter_name(module_name); } clear(); module_name_.clear(); module_ = NULL; protocol_ = find_protocol_by_id(proto_id); const QString long_name = proto_get_protocol_long_name(protocol_); const QString short_name = proto_get_protocol_short_name(protocol_); if (!module_name || proto_id < 0 || !protocol_) { action = addAction(tr("No protocol preferences available")); action->setDisabled(true); return; } QAction *disable_action = new QAction(tr("Disable %1" UTF8_HORIZONTAL_ELLIPSIS).arg(short_name), this); connect(disable_action, SIGNAL(triggered(bool)), this, SLOT(disableProtocolTriggered())); module_ = prefs_find_module(module_name); if (!module_ || !prefs_is_registered_protocol(module_name)) { action = addAction(tr("%1 has no preferences").arg(long_name)); action->setDisabled(true); addSeparator(); addAction(disable_action); return; } module_name_ = module_name; action = addAction(tr("Open %1 preferences" UTF8_HORIZONTAL_ELLIPSIS).arg(long_name)); action->setData(QString(module_name)); connect(action, SIGNAL(triggered(bool)), this, SLOT(modulePreferencesTriggered())); addSeparator(); prefs_pref_foreach(module_, add_prefs_menu_item, this); if (!actions().last()->isSeparator()) { addSeparator(); } addAction(disable_action); }
void proto_disable_proto_by_name(const char *name) { protocol_t *protocol; int proto_id; proto_id = proto_get_id_by_filter_name(name); if (proto_id >= 0 ) { protocol = find_protocol_by_id(proto_id); if (proto_is_protocol_enabled(protocol) == TRUE) { if (proto_can_toggle_protocol(proto_id) == TRUE) { proto_set_decoding(proto_id, FALSE); } } } }
gboolean epan_dissect_packet_contains_field(epan_dissect_t* edt, const char *field_name) { GPtrArray* array; int field_id; gboolean contains_field; if (!edt || !edt->tree) return FALSE; field_id = proto_get_id_by_filter_name(field_name); if (field_id < 0) return FALSE; array = proto_find_finfo(edt->tree, field_id); contains_field = (array->len > 0) ? TRUE : FALSE; g_ptr_array_free(array, TRUE); return contains_field; }
static proto_tree* expert_create_tree(proto_item *pi, int group, int severity, const char *msg) { proto_tree *tree; proto_item *ti; tree = proto_item_add_subtree(pi, ett_expert); ti = proto_tree_add_protocol_format(tree, proto_expert, NULL, 0, 0, "Expert Info (%s/%s): %s", val_to_str(severity, expert_severity_vals, "Unknown (%u)"), val_to_str(group, expert_group_vals, "Unknown (%u)"), msg); PROTO_ITEM_SET_GENERATED(ti); if (group == PI_MALFORMED) { /* Add hidden malformed protocol filter */ gint proto_malformed = proto_get_id_by_filter_name("malformed"); proto_item *malformed_ti = proto_tree_add_item(tree, proto_malformed, NULL, 0, 0, ENC_NA); PROTO_ITEM_SET_HIDDEN(malformed_ti); } return proto_item_add_subtree(ti, ett_subexpert); }
static void dissect_rtp_events( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) { proto_item *ti = NULL; proto_tree *rtp_events_tree = NULL; unsigned int offset = 0; struct _rtp_conversation_info *p_conv_data = NULL; guint8 rtp_evt; guint8 octet; col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTP EVENT"); col_clear(pinfo->cinfo, COL_INFO); /* Get event fields */ rtp_evt = tvb_get_guint8(tvb, offset ); /* get tap info */ rtp_event_info.info_rtp_evt = rtp_evt; p_conv_data = (struct _rtp_conversation_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_get_id_by_filter_name("rtp"), 0); if (p_conv_data) rtp_event_info.info_setup_frame_num = p_conv_data->frame_number; else rtp_event_info.info_setup_frame_num = 0; col_add_fstr( pinfo->cinfo, COL_INFO, "Payload type=RTP Event, %s", val_to_str( rtp_evt, rtp_event_type_values, "Unknown (%u)" )); ti = proto_tree_add_item( tree, proto_rtp_events, tvb, offset, -1, ENC_NA ); rtp_events_tree = proto_item_add_subtree( ti, ett_rtp_events ); proto_tree_add_uint ( rtp_events_tree, hf_rtp_events_event, tvb, offset, 1, rtp_evt); offset++; octet = tvb_get_guint8(tvb, offset); proto_tree_add_boolean (rtp_events_tree, hf_rtp_events_end, tvb, offset, 1, octet); proto_tree_add_boolean (rtp_events_tree, hf_rtp_events_reserved, tvb, offset, 1, octet); proto_tree_add_uint ( rtp_events_tree, hf_rtp_events_volume, tvb, offset, 1, octet); offset++; /* The duration field indicates the duration of the event or segment * being reported, in timestamp units. */ rtp_event_info.info_duration = tvb_get_ntohs(tvb, offset); proto_tree_add_item ( rtp_events_tree, hf_rtp_events_duration, tvb, offset, 2, ENC_BIG_ENDIAN); /* set the end info for the tap */ if (octet & 0x80) { rtp_event_info.info_end = TRUE; } else { rtp_event_info.info_end = FALSE; } /* Make end-of-event packets obvious in the info column */ if ((octet & 0x80)) { col_append_str(pinfo->cinfo, COL_INFO, " (end)"); } tap_queue_packet(rtp_event_tap, pinfo, &rtp_event_info); }
/*FUNCTION:------------------------------------------------------ * NAME * dissect_zbee_secure * DESCRIPTION * Dissects and decrypts secured ZigBee frames. * * Will return a valid tvbuff only if security processing was * successful. If processing fails, then this function will * handle internally and return NULL. * PARAMETERS * tvbuff_t *tvb - pointer to buffer containing raw packet. * packet_info *pinfo - pointer to packet information fields * proto_tree *tree - pointer to data tree Wireshark uses to display packet. * guint offset - pointer to the start of the auxilliary security header. * guint64 src64 - extended source address, or 0 if unknown. * RETURNS * tvbuff_t * *--------------------------------------------------------------- */ tvbuff_t * dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint offset) { proto_tree *sec_tree = NULL; proto_item *sec_root; proto_tree *field_tree; proto_item *ti; zbee_security_packet packet; guint mic_len; gint payload_len; tvbuff_t *payload_tvb; #ifdef HAVE_LIBGCRYPT guint8 *enc_buffer; guint8 *dec_buffer; gboolean decrypted; GSList **nwk_keyring; GSList *GSList_i; key_record_t *key_rec = NULL; #endif zbee_nwk_hints_t *nwk_hints; ieee802154_hints_t *ieee_hints; ieee802154_map_rec *map_rec = NULL; /* Init */ memset(&packet, 0, sizeof(zbee_security_packet)); /* Get pointers to any useful frame data from lower layers */ nwk_hints = (zbee_nwk_hints_t *)p_get_proto_data(pinfo->fd, proto_get_id_by_filter_name(ZBEE_PROTOABBREV_NWK)); ieee_hints = (ieee802154_hints_t *)p_get_proto_data(pinfo->fd, proto_get_id_by_filter_name(IEEE802154_PROTOABBREV_WPAN)); /* Create a subtree for the security information. */ if (tree) { sec_root = proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "ZigBee Security Header"); sec_tree = proto_item_add_subtree(sec_root, ett_zbee_sec); } /* Get and display the Security control field */ packet.control = tvb_get_guint8(tvb, offset); /* Patch the security level. */ packet.control &= ~ZBEE_SEC_CONTROL_LEVEL; packet.control |= (ZBEE_SEC_CONTROL_LEVEL & gPREF_zbee_sec_level); /* * Eww, I think I just threw up a little... ZigBee requires this field * to be patched before computing the MIC, but we don't have write-access * to the tvbuff. So we need to allocate a copy of the whole thing just * so we can fix these 3 bits. Memory allocated by ep_tvb_memdup() is * automatically freed before the next packet is processed. */ #ifdef HAVE_LIBGCRYPT enc_buffer = (guint8 *)ep_tvb_memdup(tvb, 0, tvb_length(tvb)); /* * Override the const qualifiers and patch the security level field, we * know it is safe to overide the const qualifiers because we just * allocated this memory via ep_tvb_memdup(). */ enc_buffer[offset] = packet.control; #endif /* HAVE_LIBGCRYPT */ packet.level = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_LEVEL); packet.key_id = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_KEY); packet.nonce = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_NONCE); if (tree) { ti = proto_tree_add_text(sec_tree, tvb, offset, 1, "Security Control Field"); field_tree = proto_item_add_subtree(ti, ett_zbee_sec_control); proto_tree_add_uint(field_tree, hf_zbee_sec_key_id, tvb, offset, 1, packet.control & ZBEE_SEC_CONTROL_KEY); proto_tree_add_boolean(field_tree, hf_zbee_sec_nonce, tvb, offset, 1, packet.control & ZBEE_SEC_CONTROL_NONCE); } offset += 1; /* Get and display the frame counter field. */ packet.counter = tvb_get_letohl(tvb, offset); if (tree) { proto_tree_add_uint(sec_tree, hf_zbee_sec_counter, tvb, offset, 4, packet.counter); } offset += 4; if (packet.nonce) { /* Get and display the source address of the device that secured this payload. */ packet.src64 = tvb_get_letoh64(tvb, offset); if (tree) { proto_tree_add_item(sec_tree, hf_zbee_sec_src64, tvb, offset, 8, ENC_LITTLE_ENDIAN); } #if 1 if (!pinfo->fd->flags.visited) { switch ( packet.key_id ) { case ZBEE_SEC_KEY_LINK: if (nwk_hints) { /* Map this long address with the nwk layer short address. */ nwk_hints->map_rec = ieee802154_addr_update(&zbee_nwk_map, nwk_hints->src, ieee_hints->src_pan, packet.src64, pinfo->current_proto, pinfo->fd->num); } break; case ZBEE_SEC_KEY_NWK: if (ieee_hints) { /* Map this long address with the ieee short address. */ ieee_hints->map_rec = ieee802154_addr_update(&zbee_nwk_map, ieee_hints->src16, ieee_hints->src_pan, packet.src64, pinfo->current_proto, pinfo->fd->num); } break; /* We ignore the extended source addresses used to encrypt payloads with these * types of keys, because they can emerge from APS tunnels created by nodes whose * short address is not recorded in the packet. */ case ZBEE_SEC_KEY_TRANSPORT: case ZBEE_SEC_KEY_LOAD: break; } } #endif offset += 8; } else { /* Look for a source address in hints */ switch ( packet.key_id ) { case ZBEE_SEC_KEY_NWK: /* use the ieee extended source address for NWK decryption */ if ( ieee_hints && (map_rec = ieee_hints->map_rec) ) packet.src64 = map_rec->addr64; else if (tree) proto_tree_add_text(sec_tree, tvb, 0, 0, "[Extended Source: Unknown]"); break; default: /* use the nwk extended source address for APS decryption */ if ( nwk_hints && (map_rec = nwk_hints->map_rec) ) packet.src64 = map_rec->addr64; else if (tree) proto_tree_add_text(sec_tree, tvb, 0, 0, "[Extended Source: Unknown]"); break; } } if (packet.key_id == ZBEE_SEC_KEY_NWK) { /* Get and display the key sequence number. */ packet.key_seqno = tvb_get_guint8(tvb, offset); if (tree) { proto_tree_add_uint(sec_tree, hf_zbee_sec_key_seqno, tvb, offset, 1, packet.key_seqno); } offset += 1; } /* Determine the length of the MIC. */ switch (packet.level) { case ZBEE_SEC_ENC: case ZBEE_SEC_NONE: default: mic_len=0; break; case ZBEE_SEC_ENC_MIC32: case ZBEE_SEC_MIC32: mic_len=4; break; case ZBEE_SEC_ENC_MIC64: case ZBEE_SEC_MIC64: mic_len=8; break; case ZBEE_SEC_ENC_MIC128: case ZBEE_SEC_MIC128: mic_len=16; break; } /* switch */ /* Get and display the MIC. */ if (mic_len) { /* Display the MIC. */ if (tree) { proto_tree_add_item(sec_tree, hf_zbee_sec_mic, tvb, (gint)(tvb_length(tvb)-mic_len), mic_len, ENC_NA); } } /* Check for null payload. */ if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) { return NULL; } else if ( payload_len < 0 ) { THROW(ReportedBoundsError); } /********************************************** * Perform Security Operations on the Frame * ********************************************** */ if ((packet.level == ZBEE_SEC_NONE) || (packet.level == ZBEE_SEC_MIC32) || (packet.level == ZBEE_SEC_MIC64) || (packet.level == ZBEE_SEC_MIC128)) { /* Payload is only integrity protected. Just return the sub-tvbuff. */ return tvb_new_subset(tvb, offset, payload_len, payload_len); } #ifdef HAVE_LIBGCRYPT /* Allocate memory to decrypt the payload into. */ dec_buffer = (guint8 *)g_malloc(payload_len); decrypted = FALSE; if ( packet.src64 ) { if (pinfo->fd->flags.visited) { if ( nwk_hints ) { /* Use previously found key */ switch ( packet.key_id ) { case ZBEE_SEC_KEY_NWK: if ( (key_rec = nwk_hints->nwk) ) { decrypted = zbee_sec_decrypt_payload( &packet, enc_buffer, offset, dec_buffer, payload_len, mic_len, nwk_hints->nwk->key); } break; default: if ( (key_rec = nwk_hints->link) ) { decrypted = zbee_sec_decrypt_payload( &packet, enc_buffer, offset, dec_buffer, payload_len, mic_len, nwk_hints->link->key); } break; } } } /* ( !pinfo->fd->flags.visited ) */ else { /* We only search for sniffed keys in the first pass, * to save time, and because decrypting with keys * transported in future packets is cheating */ /* Lookup NWK and link key in hash for this pan. */ /* This overkill approach is a placeholder for a hash that looks up * a key ring for a link key associated with a pair of devices. */ if ( nwk_hints ) { nwk_keyring = (GSList **)g_hash_table_lookup(zbee_table_nwk_keyring, &nwk_hints->src_pan); if ( nwk_keyring ) { GSList_i = *nwk_keyring; while ( GSList_i && !decrypted ) { decrypted = zbee_sec_decrypt_payload( &packet, enc_buffer, offset, dec_buffer, payload_len, mic_len, ((key_record_t *)(GSList_i->data))->key); if (decrypted) { /* save pointer to the successful key record */ switch (packet.key_id) { case ZBEE_SEC_KEY_NWK: key_rec = nwk_hints->nwk = (key_record_t *)(GSList_i->data); break; default: key_rec = nwk_hints->link = (key_record_t *)(GSList_i->data); break; } } else { GSList_i = g_slist_next(GSList_i); } } } /* Loop through user's password table for preconfigured keys, our last resort */ GSList_i = zbee_pc_keyring; while ( GSList_i && !decrypted ) { decrypted = zbee_sec_decrypt_payload( &packet, enc_buffer, offset, dec_buffer, payload_len, mic_len, ((key_record_t *)(GSList_i->data))->key); if (decrypted) { /* save pointer to the successful key record */ switch (packet.key_id) { case ZBEE_SEC_KEY_NWK: key_rec = nwk_hints->nwk = (key_record_t *)(GSList_i->data); break; default: key_rec = nwk_hints->link = (key_record_t *)(GSList_i->data); break; } } else { GSList_i = g_slist_next(GSList_i); } } } } /* ( ! pinfo->fd->flags.visited ) */ } /* ( packet.src64 ) */ if ( decrypted ) { if ( tree && key_rec ) { if ( key_rec->frame_num == ZBEE_SEC_PC_KEY ) { ti = proto_tree_add_text(sec_tree, tvb, 0, 0, "Decryption Key: %s", key_rec->label); } else { ti = proto_tree_add_uint(sec_tree, hf_zbee_sec_key_origin, tvb, 0, 0, key_rec->frame_num); } PROTO_ITEM_SET_GENERATED(ti); } /* Found a key that worked, setup the new tvbuff_t and return */ payload_tvb = tvb_new_child_real_data(tvb, dec_buffer, payload_len, payload_len); tvb_set_free_cb(payload_tvb, g_free); /* set up callback to free dec_buffer */ add_new_data_source(pinfo, payload_tvb, "Decrypted ZigBee Payload"); /* Done! */ return payload_tvb; } g_free(dec_buffer); #endif /* HAVE_LIBGCRYPT */ /* Add expert info. */ expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN, "Encrypted Payload"); /* Create a buffer for the undecrypted payload. */ payload_tvb = tvb_new_subset(tvb, offset, payload_len, -1); /* Dump the payload to the data dissector. */ call_dissector(data_handle, payload_tvb, pinfo, tree); /* Couldn't decrypt, so return NULL. */ return NULL; } /* dissect_zbee_secure */
void expert_packet_init(void) { module_t *module_expert; uat_t *expert_uat; static hf_register_info hf[] = { { &hf_expert_msg, { "Message", "_ws.expert.message", FT_STRING, BASE_NONE, NULL, 0, "Wireshark expert information", HFILL } }, { &hf_expert_group, { "Group", "_ws.expert.group", FT_UINT32, BASE_HEX, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL } }, { &hf_expert_severity, { "Severity level", "_ws.expert.severity", FT_UINT32, BASE_HEX, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL } } }; static gint *ett[] = { &ett_expert, &ett_subexpert }; /* UAT for overriding severity levels */ static uat_field_t custom_expert_fields[] = { UAT_FLD_CSTRING(uat_expert_entries, field, "Field name", "Expert Info filter name"), UAT_FLD_VS(uat_expert_entries, severity, "Severity", expert_severity_vals, "Custom severity level"), UAT_END_FIELDS }; if (expert_tap == -1) { expert_tap = register_tap("expert"); } if (proto_expert == -1) { proto_expert = proto_register_protocol("Expert Info", "Expert", "_ws.expert"); proto_register_field_array(proto_expert, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); proto_set_cant_toggle(proto_expert); module_expert = prefs_register_protocol(proto_expert, NULL); expert_uat = uat_new("Expert Info Severity Level Configuration", sizeof(expert_level_entry_t), "expert_severity", TRUE, (void **)&uat_expert_entries, &expert_level_entry_count, UAT_AFFECTS_DISSECTION, NULL, uat_expert_copy_cb, uat_expert_update_cb, uat_expert_free_cb, uat_expert_post_update_cb, custom_expert_fields); prefs_register_uat_preference(module_expert, "expert_severity_levels", "Severity Level Configuration", "A table that overrides Expert Info field severity levels to user configured levels", expert_uat); } highest_severity = 0; proto_malformed = proto_get_id_by_filter_name("_ws.malformed"); }
&hf_rtp_events_volume, NULL }; col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTP EVENT"); col_clear(pinfo->cinfo, COL_INFO); /* Get event fields */ rtp_evt = tvb_get_guint8(tvb, offset ); /* get tap info */ rtp_event_info.info_rtp_evt = rtp_evt; p_conv_data = (struct _rtp_conversation_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_get_id_by_filter_name("rtp"), 0); if (p_conv_data) rtp_event_info.info_setup_frame_num = p_conv_data->frame_number; else rtp_event_info.info_setup_frame_num = 0; col_add_fstr( pinfo->cinfo, COL_INFO, "Payload type=RTP Event, %s", val_to_str_ext( rtp_evt, &rtp_event_type_values_ext, "Unknown (%u)" )); ti = proto_tree_add_item( tree, proto_rtp_events, tvb, offset, -1, ENC_NA ); rtp_events_tree = proto_item_add_subtree( ti, ett_rtp_events ); proto_tree_add_uint ( rtp_events_tree, hf_rtp_events_event, tvb, offset, 1, rtp_evt); offset++;