static void
dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
struct pop_proto_data *frame_data_p;
gboolean is_request;
gboolean is_continuation;
proto_tree *pop_tree, *reqresp_tree;
proto_item *ti;
gint offset = 0;
const guchar *line;
gint next_offset;
int linelen;
int tokenlen;
const guchar *next_token;
fragment_data *frag_msg = NULL;
tvbuff_t *next_tvb = NULL;
conversation_t *conversation = NULL;
struct pop_data_val *data_val = NULL;
gint length_remaining;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "POP");
/*
* Find the end of the first line.
*
* Note that "tvb_find_line_end()" will return a value that is
* not longer than what's in the buffer, so the "tvb_get_ptr()"
* call won't throw an exception.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
line = tvb_get_ptr(tvb, offset, linelen);
if (pinfo->match_port == pinfo->destport) {
is_request = TRUE;
is_continuation = FALSE;
} else {
is_request = FALSE;
is_continuation = response_is_continuation(line);
}
frame_data_p = p_get_proto_data(pinfo->fd, proto_pop);
if (!frame_data_p) {
conversation = find_conversation(pinfo->fd->num,
&pinfo->src, &pinfo->dst,
pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
if (conversation == NULL) { /* No conversation, create one */
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
}
data_val = conversation_get_proto_data(conversation, proto_pop);
if (!data_val) {
/*
* No - create one and attach it.
*/
data_val = se_alloc0(sizeof(struct pop_data_val));
conversation_add_proto_data(conversation, proto_pop, data_val);
}
}
if (check_col(pinfo->cinfo, COL_INFO)) {
/*
* Put the first line from the buffer into the summary
* if it's a POP request or reply (but leave out the
* line terminator).
* Otherwise, just call it a continuation.
*/
if (is_continuation) {
length_remaining = tvb_length_remaining(tvb, offset);
col_add_fstr(pinfo->cinfo, COL_INFO, "S: DATA fragment, %d byte%s",
length_remaining, plurality (length_remaining, "", "s"));
}
else
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s", is_request ? "C" : "S",
format_text(line, linelen));
}
ti = proto_tree_add_item(tree, proto_pop, tvb, offset, -1, FALSE);
pop_tree = proto_item_add_subtree(ti, ett_pop);
if (is_continuation) {
if (pop_data_desegment) {
if (!frame_data_p) {
data_val->msg_read_len += tvb_length(tvb);
frame_data_p = se_alloc(sizeof(struct pop_proto_data));
frame_data_p->conversation_id = conversation->index;
frame_data_p->more_frags = data_val->msg_read_len < data_val->msg_tot_len;
p_add_proto_data(pinfo->fd, proto_pop, frame_data_p);
}
frag_msg = fragment_add_seq_next(tvb, 0, pinfo,
frame_data_p->conversation_id,
pop_data_segment_table,
pop_data_reassembled_table,
tvb_length(tvb),
frame_data_p->more_frags);
next_tvb = process_reassembled_data(tvb, offset, pinfo,
"Reassembled DATA",
frag_msg, &pop_data_frag_items,
NULL, pop_tree);
if (next_tvb) {
if (imf_handle)
call_dissector(imf_handle, next_tvb, pinfo, tree);
if (data_val) {
/* we have read everything - reset */
data_val->msg_read_len = 0;
data_val->msg_tot_len = 0;
}
pinfo->fragmented = FALSE;
} else {
pinfo->fragmented = TRUE;
}
} else {
/*
* Put the whole packet into the tree as data.
*/
call_dissector(data_handle,tvb, pinfo, pop_tree);
}
return;
}
/*
* Put the line into the protocol tree.
*/
ti = proto_tree_add_string_format(pop_tree,
(is_request) ?
hf_pop_request :
hf_pop_response,
tvb, offset,
next_offset - offset,
"", "%s",
tvb_format_text(tvb, offset, next_offset - offset));
reqresp_tree = proto_item_add_subtree(ti, ett_pop_reqresp);
/*
* Extract the first token, and, if there is a first
* token, add it as the request or reply code.
*/
tokenlen = get_token_len(line, line + linelen, &next_token);
if (tokenlen != 0) {
proto_tree_add_item(reqresp_tree,
(is_request) ?
hf_pop_request_command :
hf_pop_response_indicator,
tvb, offset, tokenlen, FALSE);
if (data_val) {
if (is_request) {
/* see if this is RETR or TOP command */
if (g_ascii_strncasecmp(line, "RETR", 4) == 0 ||
g_ascii_strncasecmp(line, "TOP", 3) == 0)
/* the next response will tell us how many bytes */
data_val->msg_request = TRUE;
} else {
if (data_val->msg_request) {
/* this is a response to a RETR or TOP command */
if (g_ascii_strncasecmp(line, "+OK ", 4) == 0) {
/* the message will be sent - work out how many bytes */
data_val->msg_read_len = 0;
data_val->msg_tot_len = atoi(line + 4);
}
data_val->msg_request = FALSE;
}
}
}
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
}
if (tree) {
/*
* Add the rest of the first line as request or
* reply param/description.
*/
if (linelen != 0) {
proto_tree_add_item(reqresp_tree,
(is_request) ?
hf_pop_request_parameter :
hf_pop_response_description,
tvb, offset, linelen, FALSE);
}
offset = next_offset;
/*
* Show the rest of the request or response as text,
* a line at a time.
*/
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
/*
* Put this line.
*/
proto_tree_add_string_format(pop_tree,
(is_request) ?
hf_pop_request_data :
hf_pop_response_data,
tvb, offset,
next_offset - offset,
"", "%s",
tvb_format_text(tvb, offset, next_offset - offset));
offset = next_offset;
}
}
}
static gboolean
dissect_kismet(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
gboolean is_request;
gboolean is_continuation;
proto_tree *kismet_tree=NULL, *reqresp_tree=NULL;
proto_item *ti;
proto_item *tmp_item;
gint offset = 0;
const guchar *line;
gint next_offset;
int linelen;
int tokenlen;
int i;
const guchar *next_token;
/*
* Find the end of the first line.
*
* Note that "tvb_find_line_end()" will return a value that is
* not longer than what's in the buffer, so the "tvb_get_ptr()"
* call won't throw an exception.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
line = tvb_get_ptr(tvb, offset, linelen);
/*
* Check if it is an ASCII based protocol with reasonable length
* packets, if not return, and try annother dissector.
*/
if (linelen < 8) {
/*
* Packet is too short
*/
return FALSE;
} else {
for (i = 0; i < 8; ++i) {
/*
* Packet contains non-ASCII data
*/
if (line[i] < 32 || line[i] > 128)
return FALSE;
}
}
/*
* If it is Kismet traffic set COL_PROTOCOL.
*/
col_set_str(pinfo->cinfo, COL_PROTOCOL, "kismet");
/*
* Check if it is request, reply or continuation.
*/
if (pinfo->match_port == pinfo->destport) {
is_request = TRUE;
is_continuation = FALSE;
} else {
is_request = FALSE;
is_continuation = response_is_continuation (line);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
/*
* Put the first line from the buffer into the summary
* if it's a kismet request or reply (but leave out the
* line terminator).
* Otherwise, just call it a continuation.
*/
if (is_continuation)
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
else
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s",
is_request ? "Request" : "Response",
format_text(line, linelen));
}
if (tree) {
ti = proto_tree_add_item(tree, proto_kismet, tvb, offset, -1, FALSE);
kismet_tree = proto_item_add_subtree(ti, ett_kismet);
}
if (is_continuation) {
/*
* Put the whole packet into the tree as data.
*/
call_dissector(data_handle, tvb, pinfo, kismet_tree);
return TRUE;
}
if (is_request) {
tmp_item = proto_tree_add_boolean(kismet_tree,
hf_kismet_request, tvb, 0, 0, TRUE);
} else {
tmp_item = proto_tree_add_boolean(kismet_tree,
hf_kismet_response, tvb, 0, 0, TRUE);
}
PROTO_ITEM_SET_GENERATED (tmp_item);
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
if (linelen) {
/*
* Put this line.
*/
ti = proto_tree_add_text(kismet_tree, tvb, offset,
next_offset - offset, "%s",
tvb_format_text(tvb, offset,
next_offset - offset - 1));
reqresp_tree = proto_item_add_subtree(ti, ett_kismet_reqresp);
tokenlen = get_token_len(line, line + linelen, &next_token);
if (tokenlen != 0) {
guint8 *reqresp;
reqresp = tvb_get_ephemeral_string(tvb, offset, tokenlen);
if (is_request) {
/*
* No request dissection
*/
} else {
/*
* *KISMET: {Version} {Start time} \001{Server name}\001 {Build Revision}
* two fields left undocumented: {???} {?ExtendedVersion?}
*/
if (!strncmp(reqresp, "*KISMET", 7)) {
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Kismet version: %s",
format_text(line, tokenlen));
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Start time: %s",
format_text(line, tokenlen));
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Server name: %s",
format_text(line + 1, tokenlen - 2));
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Build revision: %s",
format_text(line, tokenlen));
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Unknown field: %s",
format_text(line, tokenlen));
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen,
"Extended version string: %s",
format_text(line, tokenlen));
}
/*
* *TIME: {Time}
*/
if (!strncmp(reqresp, "*TIME", 5)) {
time_t t;
char *ptr;
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
tokenlen = get_token_len(line, line + linelen, &next_token);
/*
* Convert form ascii to time_t
*/
t = atoi(format_text (line, tokenlen));
/*
* Format ascii representaion of time
*/
ptr = abs_time_secs_to_str(t, ABSOLUTE_TIME_LOCAL, TRUE);
proto_tree_add_text(reqresp_tree, tvb, offset,
tokenlen, "Time: %s", ptr);
}
}
offset += (gint) (next_token - line);
linelen -= (int) (next_token - line);
line = next_token;
}
}
offset = next_offset;
}
return TRUE;
}
