static void dissect_gwtb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gwtb_entry_t *data_ptr = dissect_gwtb_get_data(pinfo);
gwtb_info_t *info_ptr = (gwtb_info_t*) p_get_proto_data(pinfo->fd, proto_gwtb, 0);
if (!info_ptr) {
info_ptr = (gwtb_info_t*) se_alloc(sizeof(gwtb_info_t));
info_ptr->length = 0;
info_ptr->auth = FALSE;
info_ptr->data = NULL;
p_add_proto_data(pinfo->fd, proto_gwtb, 0, info_ptr);
}
if (pinfo->match_port == pinfo->destport || TCP_PORT_GWTB == pinfo->destport) {
if ((!data_ptr->request_rc4 || info_ptr->auth) && (!info_ptr->data)) {
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_REQUEST_LEN, get_gwtb_request_len, dissect_gwtb_request);
} else if (!info_ptr->auth) {
info_ptr->rc4 = data_ptr->request_rc4;
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_gwtb_message_len, dissect_gwtb_message);
}
} else {
if ((!data_ptr->response_rc4 || info_ptr->auth) && (!info_ptr->data)) {
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_RESPONSE_LEN, get_gwtb_response_len, dissect_gwtb_response);
} else if (!info_ptr->auth) {
info_ptr->rc4 = data_ptr->response_rc4;
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_gwtb_message_len, dissect_gwtb_message);
}
}
}
static gboolean
dissect_wow(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gint8 size_field_offset = -1;
guint8 cmd;
cmd = tvb_get_guint8(tvb, 0);
if(WOW_SERVER_TO_CLIENT && cmd == REALM_LIST)
size_field_offset = 1;
if(WOW_CLIENT_TO_SERVER && cmd == AUTH_LOGON_CHALLENGE)
size_field_offset = 2;
if(size_field_offset > -1) {
tcp_dissect_pdus(tvb, pinfo, tree, wow_preference_desegment,
size_field_offset+2, get_wow_pdu_len,
dissect_wow_pdu);
} else {
/* Doesn't have a size field, so it cannot span multiple
segments. Therefore, dissect this packet normally. */
dissect_wow_pdu(tvb, pinfo, tree);
}
return TRUE;
}
static gboolean
dissect_paltalk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint32 src32, dst32;
/* Detect if this TCP session is a Paltalk one */
/* TODO: Optimize detection logic if possible */
if ((pinfo->net_src.type != AT_IPv4)
|| (pinfo->net_dst.type != AT_IPv4)
|| (pinfo->net_src.len != 4)
|| (pinfo->net_dst.len != 4)
|| !pinfo->net_src.data
|| !pinfo->net_dst.data)
return FALSE;
memcpy((guint8 *)&src32, pinfo->net_src.data, 4); /* *Network* order */
memcpy((guint8 *)&dst32, pinfo->net_dst.data, 4); /* *Network* order */
if ( ((src32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS)
&&
((dst32 & PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS))
return FALSE;
/* Dissect result of desegmented TCP data */
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, PALTALK_HEADER_LENGTH
, dissect_paltalk_get_len, dissect_paltalk_desegmented);
return TRUE;
}
static gboolean
dissect_ymsg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
if (tvb_memeql(tvb, 0, "YMSG", 4) == -1) {
/* Not a Yahoo Messenger packet. */
return FALSE;
}
tcp_dissect_pdus(tvb, pinfo, tree, ymsg_desegment, 8, get_ymsg_pdu_len,
dissect_ymsg_pdu);
return TRUE;
}
static void dissect_remoting(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_remoting_message_len, dissect_remoting_msg);
}
// Reassemble tcp payload and call generic dissection
static void dissect_t2sf_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, T2_SF_LENGTH_NUM_BYTES, get_t2sf_pdu_len, dissect_t2sf);
}
/* Code to actually dissect the packets */
static void
dissect_RRAC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4,
get_rrac_pdu_len, dissect_RRAC_pdu);
}
