guint32
get_guint32(const char *string, const char *name)
{
guint32 number;
if (!ws_strtou32(string, NULL, &number)) {
if (errno == EINVAL) {
cmdarg_err("The specified %s \"%s\" isn't a decimal number", name, string);
exit(1);
}
cmdarg_err("The specified %s \"%s\" is too large (greater than %d)",
name, string, number);
exit(1);
}
return number;
}
/*
* RFC2428 states...
*
* AF Number Protocol
* --------- --------
* 1 Internet Protocol, Version 4
* 2 Internet Protocol, Version 6
*
* AF Number Address Format Example
* --------- -------------- -------
* 1 dotted decimal 132.235.1.2
* 2 IPv6 string 1080::8:800:200C:417A
* representations
* defined in
*
* The following are sample EPRT commands:
* EPRT |1|132.235.1.2|6275|
* EPRT |2|1080::8:800:200C:417A|5282|
*
* The first command specifies that the server should use IPv4 to open a
* data connection to the host "132.235.1.2" on TCP port 6275. The
* second command specifies that the server should use the IPv6 network
* protocol and the network address "1080::8:800:200C:417A" to open a
* TCP data connection on port 5282.
*
* ... which means in fact that RFC2428 is capable to handle both,
* IPv4 and IPv6 so we have to care about the address family and properly
* act depending on it.
*
*/
static gboolean
parse_eprt_request(const guchar* line, gint linelen, guint32 *eprt_af,
guint32 *eprt_ip, guint16 *eprt_ipv6, guint16 *ftp_port,
guint32 *eprt_ip_len, guint32 *ftp_port_len)
{
gint delimiters_seen = 0;
gchar delimiter;
gint fieldlen;
gchar *field;
gint n;
gint lastn;
char *args, *p;
gboolean ret = TRUE;
/* line contains the EPRT parameters, we need at least the 4 delimiters */
if (!line || linelen<4)
return FALSE;
/* Copy the rest of the line into a null-terminated buffer. */
args = wmem_strndup(wmem_packet_scope(), line, linelen);
p = args;
/*
* Handle a NUL being in the line; if there's a NUL in the line,
* strlen(args) will terminate at the NUL and will thus return
* a value less than linelen.
*/
if ((gint)strlen(args) < linelen)
linelen = (gint)strlen(args);
/*
* RFC2428 sect. 2 states ...
*
* The EPRT command keyword MUST be followed by a single space (ASCII
* 32). Following the space, a delimiter character (<d>) MUST be
* specified.
*
* ... the preceding <space> is already stripped so we know that the first
* character must be the delimiter and has just to be checked to be valid.
*/
if (!isvalid_rfc2428_delimiter(*p))
return FALSE; /* EPRT command does not follow a vaild delimiter;
* malformed EPRT command - immediate escape */
delimiter = *p;
/* Validate that the delimiter occurs 4 times in the string */
for (n = 0; n < linelen; n++) {
if (*(p+n) == delimiter)
delimiters_seen++;
}
if (delimiters_seen != 4)
return FALSE; /* delimiter doesn't occur 4 times
* probably no EPRT request - immediate escape */
/* we know that the first character is a delimiter... */
delimiters_seen = 1;
lastn = 0;
/* ... so we can start searching from the 2nd onwards */
for (n=1; n < linelen; n++) {
if (*(p+n) != delimiter)
continue;
/* we found a delimiter */
delimiters_seen++;
fieldlen = n - lastn - 1;
if (fieldlen<=0)
return FALSE; /* all fields must have data in them */
field = p + lastn + 1;
if (delimiters_seen == 2) { /* end of address family field */
gchar *af_str;
af_str = wmem_strndup(wmem_packet_scope(), field, fieldlen);
if (!ws_strtou32(af_str, NULL, eprt_af))
return FALSE;
}
else if (delimiters_seen == 3) {/* end of IP address field */
gchar *ip_str;
ip_str = wmem_strndup(wmem_packet_scope(), field, fieldlen);
if (*eprt_af == EPRT_AF_IPv4) {
if (str_to_ip(ip_str, eprt_ip))
ret = TRUE;
else
ret = FALSE;
}
else if (*eprt_af == EPRT_AF_IPv6) {
if (str_to_ip6(ip_str, eprt_ipv6))
ret = TRUE;
else
ret = FALSE;
}
else
return FALSE; /* invalid/unknown address family */
*eprt_ip_len = fieldlen;
}
else if (delimiters_seen == 4) {/* end of port field */
gchar *pt_str;
pt_str = wmem_strndup(wmem_packet_scope(), field, fieldlen);
if (!ws_strtou16(pt_str, NULL, ftp_port))
return FALSE;
*ftp_port_len = fieldlen;
}
lastn = n;
}
return ret;
}
/* Dissect details of packet */
static void rlogin_display(rlogin_hash_entry_t *hash_info,
tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
struct tcpinfo *tcpinfo)
{
/* Display the proto tree */
int offset = 0;
proto_tree *rlogin_tree, *user_info_tree, *window_tree;
proto_item *ti;
guint length;
int str_len;
gint ti_offset;
proto_item *user_info_item, *window_info_item;
/* Create rlogin subtree */
ti = proto_tree_add_item(tree, proto_rlogin, tvb, 0, -1, ENC_NA);
rlogin_tree = proto_item_add_subtree(ti, ett_rlogin);
/* Return if data empty */
length = tvb_captured_length(tvb);
if (length == 0)
{
return;
}
/*
* XXX - this works only if the urgent pointer points to something
* in this segment; to make it work if the urgent pointer points
* to something past this segment, we'd have to remember the urgent
* pointer setting for this conversation.
*/
if (tcpinfo && IS_TH_URG(tcpinfo->flags) && /* if urgent pointer set */
length >= tcpinfo->urgent_pointer) /* and it's in this frame */
{
/* Get urgent byte into Temp */
int urgent_offset = tcpinfo->urgent_pointer - 1;
guint8 control_byte;
/* Check for text data in front */
if (urgent_offset > offset)
{
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, urgent_offset, ENC_ASCII|ENC_NA);
}
/* Show control byte */
proto_tree_add_item(rlogin_tree, hf_control_message, tvb,
urgent_offset, 1, ENC_BIG_ENDIAN);
control_byte = tvb_get_guint8(tvb, urgent_offset);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (%s)", val_to_str_const(control_byte, control_message_vals, "Unknown"));
offset = urgent_offset + 1; /* adjust offset */
}
else
if (tvb_get_guint8(tvb, offset) == '\0')
{
/* Startup */
if (pinfo->srcport == RLOGIN_PORT) /* from server */
{
proto_tree_add_item(rlogin_tree, hf_startup_info_received_flag,
tvb, offset, 1, ENC_BIG_ENDIAN);
}
else
{
proto_tree_add_item(rlogin_tree, hf_client_startup_flag,
tvb, offset, 1, ENC_BIG_ENDIAN);
}
++offset;
}
if (!tvb_offset_exists(tvb, offset))
{
/* No more data to check */
return;
}
if (hash_info->info_framenum == pinfo->num)
{
gint info_len;
gint slash_offset;
/* First frame of conversation, assume user info... */
info_len = tvb_captured_length_remaining(tvb, offset);
if (info_len <= 0)
return;
/* User info tree */
user_info_item = proto_tree_add_string_format(rlogin_tree, hf_user_info, tvb,
offset, info_len, FALSE,
"User info (%s)",
tvb_format_text(tvb, offset, info_len));
user_info_tree = proto_item_add_subtree(user_info_item,
ett_rlogin_user_info);
/* Client user name. */
str_len = tvb_strsize(tvb, offset);
proto_tree_add_item(user_info_tree, hf_user_info_client_user_name,
tvb, offset, str_len, ENC_ASCII|ENC_NA);
offset += str_len;
/* Server user name. */
str_len = tvb_strsize(tvb, offset);
proto_tree_add_item(user_info_tree, hf_user_info_server_user_name,
tvb, offset, str_len, ENC_ASCII|ENC_NA);
offset += str_len;
/* Terminal type/speed. */
slash_offset = tvb_find_guint8(tvb, offset, -1, '/');
if (slash_offset != -1)
{
guint8* str = NULL;
guint32 term_len = 0;
gboolean term_len_valid;
proto_item* pi = NULL;
/* Terminal type */
proto_tree_add_item(user_info_tree, hf_user_info_terminal_type,
tvb, offset, slash_offset-offset, ENC_ASCII|ENC_NA);
offset = slash_offset + 1;
/* Terminal speed */
str_len = tvb_strsize(tvb, offset);
str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, str_len,
ENC_NA|ENC_ASCII);
term_len_valid = ws_strtou32(str, NULL, &term_len);
pi = proto_tree_add_uint(user_info_tree,
hf_user_info_terminal_speed,
tvb, offset, str_len, term_len);
if (!term_len_valid)
expert_add_info(pinfo, pi, &ei_rlogin_termlen_invalid);
offset += str_len;
}
}
if (!tvb_offset_exists(tvb, offset))
{
/* No more data to check */
return;
}
/* Test for terminal information, the data will have 2 0xff bytes */
/* look for first 0xff byte */
ti_offset = tvb_find_guint8(tvb, offset, -1, 0xff);
/* Next byte must also be 0xff */
if (ti_offset != -1 &&
tvb_bytes_exist(tvb, ti_offset + 1, 1) &&
tvb_get_guint8(tvb, ti_offset + 1) == 0xff)
{
guint16 rows, columns;
/* Have found terminal info. */
if (ti_offset > offset)
{
/* There's data before the terminal info. */
proto_tree_add_item(rlogin_tree, hf_data, tvb,
offset, ti_offset - offset, ENC_ASCII|ENC_NA);
}
/* Create window info tree */
window_info_item =
proto_tree_add_item(rlogin_tree, hf_window_info, tvb, offset, 12, ENC_NA);
window_tree = proto_item_add_subtree(window_info_item, ett_rlogin_window);
/* Cookie */
proto_tree_add_item(window_tree, hf_magic_cookie, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* These bytes should be "ss" */
proto_tree_add_item(window_tree, hf_window_info_ss, tvb, offset, 2, ENC_ASCII|ENC_NA);
offset += 2;
/* Character rows */
rows = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(window_tree, hf_window_info_rows, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Characters per row */
columns = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(window_tree, hf_window_info_cols, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* x pixels */
proto_tree_add_item(window_tree, hf_window_info_x_pixels, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* y pixels */
proto_tree_add_item(window_tree, hf_window_info_y_pixels, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Show setting highlights in info column */
col_append_fstr(pinfo->cinfo, COL_INFO, " (rows=%u, cols=%u)",
rows, columns);
}
if (tvb_offset_exists(tvb, offset))
{
/* There's more data in the frame. */
proto_tree_add_item(rlogin_tree, hf_data, tvb, offset, -1, ENC_ASCII|ENC_NA);
}
}
int main(int argc, char **argv)
{
int result;
int option_idx = 0;
char* remote_host = NULL;
guint16 remote_port = 22;
char* remote_username = NULL;
char* remote_password = NULL;
char* remote_interface = NULL;
char* sshkey = NULL;
char* sshkey_passphrase = NULL;
char* remote_filter = NULL;
guint32 count = 0;
int ret = EXIT_FAILURE;
extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1);
char* help_url;
char* help_header = NULL;
#ifdef _WIN32
WSADATA wsaData;
attach_parent_console();
#endif /* _WIN32 */
help_url = data_file_url("ciscodump.html");
extcap_base_set_util_info(extcap_conf, argv[0], CISCODUMP_VERSION_MAJOR, CISCODUMP_VERSION_MINOR,
CISCODUMP_VERSION_RELEASE, help_url);
g_free(help_url);
extcap_base_register_interface(extcap_conf, CISCODUMP_EXTCAP_INTERFACE, "Cisco remote capture", 147, "Remote capture dependent DLT");
help_header = g_strdup_printf(
" %s --extcap-interfaces\n"
" %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n"
" %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--remote-username myuser --remote-interface gigabit0/0 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], CISCODUMP_EXTCAP_INTERFACE, argv[0],
CISCODUMP_EXTCAP_INTERFACE, argv[0], CISCODUMP_EXTCAP_INTERFACE);
extcap_help_add_header(extcap_conf, help_header);
g_free(help_header);
extcap_help_add_option(extcap_conf, "--help", "print this help");
extcap_help_add_option(extcap_conf, "--version", "print the version");
extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port (default: 22)");
extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username (default: the current user)");
extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. "
"If not specified, ssh-agent and ssh-key are used");
extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture "
"(default: don't capture data for lal interfaces IPs)");
opterr = 0;
optind = 0;
if (argc == 1) {
extcap_help_print(extcap_conf);
goto end;
}
while ((result = getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
switch (result) {
case OPT_HELP:
extcap_help_print(extcap_conf);
ret = EXIT_SUCCESS;
goto end;
case OPT_VERSION:
printf("%s\n", extcap_conf->version);
goto end;
case OPT_REMOTE_HOST:
g_free(remote_host);
remote_host = g_strdup(optarg);
break;
case OPT_REMOTE_PORT:
if (!ws_strtou16(optarg, NULL, &remote_port) || remote_port == 0) {
g_warning("Invalid port: %s", optarg);
goto end;
}
break;
case OPT_REMOTE_USERNAME:
g_free(remote_username);
remote_username = g_strdup(optarg);
break;
case OPT_REMOTE_PASSWORD:
g_free(remote_password);
remote_password = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_SSHKEY:
g_free(sshkey);
sshkey = g_strdup(optarg);
break;
case OPT_SSHKEY_PASSPHRASE:
g_free(sshkey_passphrase);
sshkey_passphrase = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_REMOTE_INTERFACE:
g_free(remote_interface);
remote_interface = g_strdup(optarg);
break;
case OPT_REMOTE_FILTER:
g_free(remote_filter);
remote_filter = g_strdup(optarg);
break;
case OPT_REMOTE_COUNT:
if (!ws_strtou32(optarg, NULL, &count)) {
g_warning("Invalid packet count: %s", optarg);
goto end;
}
break;
case ':':
/* missing option argument */
g_warning("Option '%s' requires an argument", argv[optind - 1]);
break;
default:
if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, optarg)) {
g_warning("Invalid option: %s", argv[optind - 1]);
goto end;
}
}
}
extcap_cmdline_debug(argv, argc);
if (optind != argc) {
g_warning("Unexpected extra option: %s", argv[optind]);
goto end;
}
if (extcap_base_handle_interface(extcap_conf)) {
ret = EXIT_SUCCESS;
goto end;
}
if (extcap_conf->show_config) {
ret = list_config(extcap_conf->interface, remote_port);
goto end;
}
#ifdef _WIN32
result = WSAStartup(MAKEWORD(1,1), &wsaData);
if (result != 0) {
g_warning("ERROR: WSAStartup failed with error: %d", result);
goto end;
}
#endif /* _WIN32 */
if (extcap_conf->capture) {
if (!remote_host) {
g_warning("Missing parameter: --remote-host");
goto end;
}
if (!remote_interface) {
g_warning("ERROR: No interface specified (--remote-interface)");
goto end;
}
if (count == 0) {
g_warning("ERROR: count of packets must be specified (--remote-count)");
goto end;
}
ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
remote_password, sshkey, sshkey_passphrase, remote_interface,
remote_filter, count, extcap_conf->fifo);
} else {
g_debug("You should not come here... maybe some parameter missing?");
ret = EXIT_FAILURE;
}
end:
g_free(remote_host);
g_free(remote_username);
g_free(remote_password);
g_free(remote_interface);
g_free(sshkey);
g_free(sshkey_passphrase);
g_free(remote_filter);
extcap_base_cleanup(&extcap_conf);
return ret;
}
/* Parses a packet record. */
static gboolean
parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
{
char line[VMS_LINE_LENGTH + 1];
int num_items_scanned;
guint32 pkt_len = 0;
int pktnum;
int csec = 101;
struct tm tm;
char mon[4] = {'J', 'A', 'N', 0};
gchar *p;
const gchar *endp;
static const gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
guint32 i;
int offset = 0;
guint8 *pd;
tm.tm_year = 1970;
tm.tm_mon = 0;
tm.tm_mday = 1;
tm.tm_hour = 1;
tm.tm_min = 1;
tm.tm_sec = 1;
/* Skip lines until one starts with a hex number */
do {
if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh, err_info);
if ((*err == 0) && (csec != 101)) {
*err = WTAP_ERR_SHORT_READ;
}
return FALSE;
}
line[VMS_LINE_LENGTH] = '\0';
if ((csec == 101) && (p = strstr(line, "packet ")) != NULL
&& (! strstr(line, "could not save "))) {
/* Find text in line starting with "packet ". */
/* First look for the Format 1 type sequencing */
num_items_scanned = sscanf(p,
"packet %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
&pktnum, &tm.tm_mday, mon,
&tm.tm_year, &tm.tm_hour,
&tm.tm_min, &tm.tm_sec, &csec);
/* Next look for the Format 2 type sequencing */
if (num_items_scanned != 8) {
num_items_scanned = sscanf(p,
"packet seq # = %9d at %2d-%3s-%4d %2d:%2d:%2d.%9d",
&pktnum, &tm.tm_mday, mon,
&tm.tm_year, &tm.tm_hour,
&tm.tm_min, &tm.tm_sec, &csec);
}
/* if unknown format then exit with error */
/* We will need to add code to handle new format */
if (num_items_scanned != 8) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("vms: header line not valid");
return FALSE;
}
}
if ( (! pkt_len) && (p = strstr(line, "Length"))) {
p += sizeof("Length ");
while (*p && ! g_ascii_isdigit(*p))
p++;
if ( !*p ) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("vms: Length field not valid");
return FALSE;
}
if (!ws_strtou32(p, &endp, &pkt_len) || (*endp != '\0' && !g_ascii_isspace(*endp))) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
return FALSE;
}
break;
}
} while (! isdumpline(line));
if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u",
pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
p = strstr(months, mon);
if (p)
tm.tm_mon = (int) (p - months) / 3;
tm.tm_year -= 1900;
tm.tm_isdst = -1;
rec->rec_type = REC_TYPE_PACKET;
rec->presence_flags = WTAP_HAS_TS;
rec->ts.secs = mktime(&tm);
rec->ts.nsecs = csec * 10000000;
rec->rec_header.packet_header.caplen = pkt_len;
rec->rec_header.packet_header.len = pkt_len;
/* Make sure we have enough room for the packet */
ws_buffer_assure_space(buf, pkt_len);
pd = ws_buffer_start_ptr(buf);
/* Convert the ASCII hex dump to binary data */
for (i = 0; i < pkt_len; i += 16) {
if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh, err_info);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
}
return FALSE;
}
line[VMS_LINE_LENGTH] = '\0';
if (i == 0) {
while (! isdumpline(line)) { /* advance to start of hex data */
if (file_gets(line, VMS_LINE_LENGTH, fh) == NULL) {
*err = file_error(fh, err_info);
if (*err == 0) {
*err = WTAP_ERR_SHORT_READ;
}
return FALSE;
}
line[VMS_LINE_LENGTH] = '\0';
}
while (line[offset] && !g_ascii_isxdigit(line[offset]))
offset++;
}
if (!parse_single_hex_dump_line(line, pd, i,
offset, pkt_len - i)) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup("vms: hex dump not valid");
return FALSE;
}
}
/* Avoid TCPIPTRACE-W-BUFFERSFUL, TCPIPtrace could not save n packets.
* errors.
*
* XXX - when we support packet drop report information in the
* Wiretap API, we should parse those lines and return "n" as
* a packet drop count. */
if (!file_gets(line, VMS_LINE_LENGTH, fh)) {
*err = file_error(fh, err_info);
if (*err == 0) {
/* There is no next line, so there's no "TCPIPtrace could not
* save n packets" line; not an error. */
return TRUE;
}
return FALSE;
}
return TRUE;
}
int main(int argc, char *argv[])
{
char* err_msg;
int result;
int option_idx = 0;
ssh_params_t* ssh_params = ssh_params_new();
char* remote_interface = NULL;
char* remote_filter = NULL;
guint32 count = 0;
int ret = EXIT_FAILURE;
extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1);
char* help_url;
char* help_header = NULL;
/*
* Get credential information for later use.
*/
init_process_policies();
/*
* Attempt to get the pathname of the directory containing the
* executable file.
*/
err_msg = init_progfile_dir(argv[0]);
if (err_msg != NULL) {
g_warning("Can't get pathname of directory containing the captype program: %s.",
err_msg);
g_free(err_msg);
}
help_url = data_file_url("ciscodump.html");
extcap_base_set_util_info(extcap_conf, argv[0], CISCODUMP_VERSION_MAJOR, CISCODUMP_VERSION_MINOR,
CISCODUMP_VERSION_RELEASE, help_url);
g_free(help_url);
extcap_base_register_interface(extcap_conf, CISCODUMP_EXTCAP_INTERFACE, "Cisco remote capture", 147, "Remote capture dependent DLT");
help_header = g_strdup_printf(
" %s --extcap-interfaces\n"
" %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n"
" %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--remote-username myuser --remote-interface gigabit0/0 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], CISCODUMP_EXTCAP_INTERFACE, argv[0],
CISCODUMP_EXTCAP_INTERFACE, argv[0], CISCODUMP_EXTCAP_INTERFACE);
extcap_help_add_header(extcap_conf, help_header);
g_free(help_header);
extcap_help_add_option(extcap_conf, "--help", "print this help");
extcap_help_add_option(extcap_conf, "--version", "print the version");
extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port (default: 22)");
extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username (default: the current user)");
extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. "
"If not specified, ssh-agent and ssh-key are used");
extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection");
extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture "
"(default: don't capture data for lal interfaces IPs)");
opterr = 0;
optind = 0;
if (argc == 1) {
extcap_help_print(extcap_conf);
goto end;
}
while ((result = getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
switch (result) {
case OPT_HELP:
extcap_help_print(extcap_conf);
ret = EXIT_SUCCESS;
goto end;
case OPT_VERSION:
printf("%s\n", extcap_conf->version);
goto end;
case OPT_REMOTE_HOST:
g_free(ssh_params->host);
ssh_params->host = g_strdup(optarg);
break;
case OPT_REMOTE_PORT:
if (!ws_strtou16(optarg, NULL, &ssh_params->port) || ssh_params->port == 0) {
g_warning("Invalid port: %s", optarg);
goto end;
}
break;
case OPT_REMOTE_USERNAME:
g_free(ssh_params->username);
ssh_params->username = g_strdup(optarg);
break;
case OPT_REMOTE_PASSWORD:
g_free(ssh_params->password);
ssh_params->password = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_SSHKEY:
g_free(ssh_params->sshkey_path);
ssh_params->sshkey_path = g_strdup(optarg);
break;
case OPT_SSHKEY_PASSPHRASE:
g_free(ssh_params->sshkey_passphrase);
ssh_params->sshkey_passphrase = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_PROXYCOMMAND:
g_free(ssh_params->proxycommand);
ssh_params->proxycommand = g_strdup(optarg);
break;
case OPT_REMOTE_INTERFACE:
g_free(remote_interface);
remote_interface = g_strdup(optarg);
break;
case OPT_REMOTE_FILTER:
g_free(remote_filter);
remote_filter = g_strdup(optarg);
break;
case OPT_REMOTE_COUNT:
if (!ws_strtou32(optarg, NULL, &count)) {
g_warning("Invalid packet count: %s", optarg);
goto end;
}
break;
case ':':
/* missing option argument */
g_warning("Option '%s' requires an argument", argv[optind - 1]);
break;
default:
if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, optarg)) {
g_warning("Invalid option: %s", argv[optind - 1]);
goto end;
}
}
}
extcap_cmdline_debug(argv, argc);
if (optind != argc) {
g_warning("Unexpected extra option: %s", argv[optind]);
goto end;
}
if (extcap_base_handle_interface(extcap_conf)) {
ret = EXIT_SUCCESS;
goto end;
}
if (extcap_conf->show_config) {
ret = list_config(extcap_conf->interface, ssh_params->port);
goto end;
}
err_msg = ws_init_sockets();
if (err_msg != NULL) {
g_warning("ERROR: %s", err_msg);
g_free(err_msg);
g_warning("%s", please_report_bug());
goto end;
}
if (extcap_conf->capture) {
if (!ssh_params->host) {
g_warning("Missing parameter: --remote-host");
goto end;
}
if (!remote_interface) {
g_warning("ERROR: No interface specified (--remote-interface)");
goto end;
}
if (count == 0) {
g_warning("ERROR: count of packets must be specified (--remote-count)");
goto end;
}
ssh_params->debug = extcap_conf->debug;
ret = ssh_open_remote_connection(ssh_params, remote_interface,
remote_filter, count, extcap_conf->fifo);
} else {
g_debug("You should not come here... maybe some parameter missing?");
ret = EXIT_FAILURE;
}
end:
ssh_params_free(ssh_params);
g_free(remote_interface);
g_free(remote_filter);
extcap_base_cleanup(&extcap_conf);
return ret;
}
static void
dissect_quakeworld_ConnectionlessPacket(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int direction)
{
proto_tree *cl_tree;
proto_tree *text_tree = NULL;
proto_item *pi = NULL;
guint8 *text;
int len;
int offset;
guint32 marker;
int command_len;
const char *command = "";
gboolean command_finished = FALSE;
marker = tvb_get_ntohl(tvb, 0);
cl_tree = proto_tree_add_subtree(tree, tvb, 0, -1, ett_quakeworld_connectionless, NULL, "Connectionless");
proto_tree_add_uint(cl_tree, hf_quakeworld_connectionless_marker,
tvb, 0, 4, marker);
/* all the rest of the packet is just text */
offset = 4;
text = tvb_get_stringz_enc(wmem_packet_scope(), tvb, offset, &len, ENC_ASCII|ENC_NA);
/* actually, we should look for a eol char and stop already there */
if (cl_tree) {
proto_item *text_item;
text_item = proto_tree_add_string(cl_tree, hf_quakeworld_connectionless_text,
tvb, offset, len, text);
text_tree = proto_item_add_subtree(text_item, ett_quakeworld_connectionless_text);
}
if (direction == DIR_C2S) {
/* client to server commands */
const char *c;
Cmd_TokenizeString(text, len);
c = Cmd_Argv(0);
/* client to sever commands */
if (strcmp(c,"ping") == 0) {
command = "Ping";
command_len = 4;
} else if (strcmp(c,"status") == 0) {
command = "Status";
command_len = 6;
} else if (strcmp(c,"log") == 0) {
command = "Log";
command_len = 3;
} else if (strcmp(c,"connect") == 0) {
guint32 version = 0;
guint16 qport = 0;
guint32 challenge = 0;
gboolean version_valid = TRUE;
gboolean qport_valid = TRUE;
gboolean challenge_valid = TRUE;
const char *infostring;
proto_tree *argument_tree = NULL;
command = "Connect";
command_len = Cmd_Argv_length(0);
if (text_tree) {
proto_item *argument_item;
pi = proto_tree_add_string(text_tree, hf_quakeworld_connectionless_command,
tvb, offset, command_len, command);
argument_item = proto_tree_add_string(text_tree,
hf_quakeworld_connectionless_arguments,
tvb, offset + Cmd_Argv_start(1), len + 1 - Cmd_Argv_start(1),
text + Cmd_Argv_start(1));
argument_tree = proto_item_add_subtree(argument_item,
ett_quakeworld_connectionless_arguments);
command_finished=TRUE;
}
version_valid = ws_strtou32(Cmd_Argv(1), NULL, &version);
qport_valid = ws_strtou16(Cmd_Argv(2), NULL, &qport);
challenge_valid = ws_strtou32(Cmd_Argv(3), NULL, &challenge);
infostring = Cmd_Argv(4);
if (text_tree && (!version_valid || !qport_valid || !challenge_valid))
expert_add_info(pinfo, pi, &ei_quakeworld_connectionless_command_invalid);
if (argument_tree) {
proto_item *info_item;
proto_tree *info_tree;
proto_tree_add_uint(argument_tree,
hf_quakeworld_connectionless_connect_version,
tvb,
offset + Cmd_Argv_start(1),
Cmd_Argv_length(1), version);
proto_tree_add_uint(argument_tree,
hf_quakeworld_connectionless_connect_qport,
tvb,
offset + Cmd_Argv_start(2),
Cmd_Argv_length(2), qport);
proto_tree_add_int(argument_tree,
hf_quakeworld_connectionless_connect_challenge,
tvb,
offset + Cmd_Argv_start(3),
Cmd_Argv_length(3), challenge);
info_item = proto_tree_add_string(argument_tree,
hf_quakeworld_connectionless_connect_infostring,
tvb,
offset + Cmd_Argv_start(4),
Cmd_Argv_length(4), infostring);
info_tree = proto_item_add_subtree(
info_item, ett_quakeworld_connectionless_connect_infostring);
dissect_id_infostring(tvb, info_tree, offset + Cmd_Argv_start(4),
wmem_strdup(wmem_packet_scope(), infostring),
ett_quakeworld_connectionless_connect_infostring_key_value,
hf_quakeworld_connectionless_connect_infostring_key_value,
hf_quakeworld_connectionless_connect_infostring_key,
hf_quakeworld_connectionless_connect_infostring_value);
}
} else if (strcmp(c,"getchallenge") == 0) {
command = "Get Challenge";
command_len = Cmd_Argv_length(0);
} else if (strcmp(c,"rcon") == 0) {
const char* password;
int i;
char remaining[MAX_TEXT_SIZE+1];
proto_tree *argument_tree = NULL;
command = "Remote Command";
command_len = Cmd_Argv_length(0);
if (text_tree) {
proto_item *argument_item;
proto_tree_add_string(text_tree, hf_quakeworld_connectionless_command,
tvb, offset, command_len, command);
argument_item = proto_tree_add_string(text_tree,
hf_quakeworld_connectionless_arguments,
tvb, offset + Cmd_Argv_start(1), len - Cmd_Argv_start(1),
text + Cmd_Argv_start(1));
argument_tree = proto_item_add_subtree(argument_item,
ett_quakeworld_connectionless_arguments);
command_finished=TRUE;
}
password = Cmd_Argv(1);
if (argument_tree) {
proto_tree_add_string(argument_tree,
hf_quakeworld_connectionless_rcon_password,
tvb,
offset + Cmd_Argv_start(1),
Cmd_Argv_length(1), password);
}
remaining[0] = '\0';
for (i=2; i<Cmd_Argc() ; i++) {
g_strlcat (remaining, Cmd_Argv(i), MAX_TEXT_SIZE+1);
g_strlcat (remaining, " ", MAX_TEXT_SIZE+1);
}
if (text_tree) {
proto_tree_add_string(argument_tree,
hf_quakeworld_connectionless_rcon_command,
tvb, offset + Cmd_Argv_start(2),
Cmd_Argv_start(Cmd_Argc()-1) + Cmd_Argv_length(Cmd_Argc()-1) -
Cmd_Argv_start(2),
remaining);
}
} else if (c[0]==A2A_PING && ( c[1]=='\0' || c[1]=='\n')) {
command = "Ping";
command_len = 1;
} else if (c[0]==A2A_ACK && ( c[1]=='\0' || c[1]=='\n')) {
command = "Ack";
command_len = 1;
} else {
command = "Unknown";
command_len = len - 1;
}
}
else {
/* server to client commands */
if (text[0] == S2C_CONNECTION) {
command = "Connected";
command_len = 1;
} else if (text[0] == A2C_CLIENT_COMMAND) {
command = "Client Command";
command_len = 1;
/* stringz (command), stringz (localid) */
} else if (text[0] == A2C_PRINT) {
command = "Print";
command_len = 1;
/* string */
} else if (text[0] == A2A_PING) {
command = "Ping";
command_len = 1;
} else if (text[0] == S2C_CHALLENGE) {
command = "Challenge";
command_len = 1;
/* string, conversion */
} else {
command = "Unknown";
command_len = len - 1;
}
}
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", command);
if (!command_finished) {
proto_tree_add_string(text_tree, hf_quakeworld_connectionless_command,
tvb, offset, command_len, command);
}
/*offset += len;*/
}
