static void dissect_gwtb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { gwtb_entry_t *data_ptr = dissect_gwtb_get_data(pinfo); gwtb_info_t *info_ptr = (gwtb_info_t*) p_get_proto_data(pinfo->fd, proto_gwtb, 0); if (!info_ptr) { info_ptr = (gwtb_info_t*) se_alloc(sizeof(gwtb_info_t)); info_ptr->length = 0; info_ptr->auth = FALSE; info_ptr->data = NULL; p_add_proto_data(pinfo->fd, proto_gwtb, 0, info_ptr); } if (pinfo->match_port == pinfo->destport || TCP_PORT_GWTB == pinfo->destport) { if ((!data_ptr->request_rc4 || info_ptr->auth) && (!info_ptr->data)) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_REQUEST_LEN, get_gwtb_request_len, dissect_gwtb_request); } else if (!info_ptr->auth) { info_ptr->rc4 = data_ptr->request_rc4; tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_gwtb_message_len, dissect_gwtb_message); } } else { if ((!data_ptr->response_rc4 || info_ptr->auth) && (!info_ptr->data)) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_RESPONSE_LEN, get_gwtb_response_len, dissect_gwtb_response); } else if (!info_ptr->auth) { info_ptr->rc4 = data_ptr->response_rc4; tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_gwtb_message_len, dissect_gwtb_message); } } }
static gboolean dissect_wow(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { gint8 size_field_offset = -1; guint8 cmd; cmd = tvb_get_guint8(tvb, 0); if(WOW_SERVER_TO_CLIENT && cmd == REALM_LIST) size_field_offset = 1; if(WOW_CLIENT_TO_SERVER && cmd == AUTH_LOGON_CHALLENGE) size_field_offset = 2; if(size_field_offset > -1) { tcp_dissect_pdus(tvb, pinfo, tree, wow_preference_desegment, size_field_offset+2, get_wow_pdu_len, dissect_wow_pdu); } else { /* Doesn't have a size field, so it cannot span multiple segments. Therefore, dissect this packet normally. */ dissect_wow_pdu(tvb, pinfo, tree); } return TRUE; }
static gboolean dissect_paltalk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint32 src32, dst32; /* Detect if this TCP session is a Paltalk one */ /* TODO: Optimize detection logic if possible */ if ((pinfo->net_src.type != AT_IPv4) || (pinfo->net_dst.type != AT_IPv4) || (pinfo->net_src.len != 4) || (pinfo->net_dst.len != 4) || !pinfo->net_src.data || !pinfo->net_dst.data) return FALSE; memcpy((guint8 *)&src32, pinfo->net_src.data, 4); /* *Network* order */ memcpy((guint8 *)&dst32, pinfo->net_dst.data, 4); /* *Network* order */ if ( ((src32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS) && ((dst32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS)) return FALSE; /* Dissect result of desegmented TCP data */ tcp_dissect_pdus(tvb, pinfo, tree, TRUE, PALTALK_HEADER_LENGTH , dissect_paltalk_get_len, dissect_paltalk_desegmented); return TRUE; }
static gboolean dissect_ymsg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { if (tvb_memeql(tvb, 0, "YMSG", 4) == -1) { /* Not a Yahoo Messenger packet. */ return FALSE; } tcp_dissect_pdus(tvb, pinfo, tree, ymsg_desegment, 8, get_ymsg_pdu_len, dissect_ymsg_pdu); return TRUE; }
static void dissect_remoting(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_remoting_message_len, dissect_remoting_msg); }
// Reassemble tcp payload and call generic dissection static void dissect_t2sf_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, T2_SF_LENGTH_NUM_BYTES, get_t2sf_pdu_len, dissect_t2sf); }
/* Code to actually dissect the packets */ static void dissect_RRAC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_rrac_pdu_len, dissect_RRAC_pdu); }