From 2510118bc5da449b399be489dc70b93df23a3367 Mon Sep 17 00:00:00 2001 From: Martin Kaiser Date: Sun, 17 Nov 2013 13:36:21 +0000 Subject: From Abhik Sarkar: dissector for Kyoto Tycoon binary protocol from me: make port range preference work highlight the correct bytes for records remove trailing commas correct(?) 64->32 cast https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418 svn path=/trunk/; revision=53383 --- AUTHORS | 1 + epan/CMakeLists.txt | 1 + epan/dissectors/Makefile.common | 1 + epan/dissectors/packet-kt.c | 801 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 804 insertions(+) create mode 100644 epan/dissectors/packet-kt.c diff --git a/AUTHORS b/AUTHORS index 3e8d5e2a57..84b50c77cd 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2712,6 +2712,7 @@ Abhik Sarkar { SMPP update to v5.0 Diameter conversations and statistics UAT for unknown HTTP headers + Kyoto Tycoon (binary protocol) dissector } Robin Seggelmann { diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index b9424dbd94..5174ae989f 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -842,6 +842,7 @@ set(DISSECTOR_SRC dissectors/packet-klm.c dissectors/packet-knet.c dissectors/packet-kpasswd.c + dissectors/packet-kt.c dissectors/packet-l1-events.c dissectors/packet-l2tp.c dissectors/packet-lanforge.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index e7a81811ac..cb8e4039d9 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -764,6 +764,7 @@ DISSECTOR_SRC = \ packet-klm.c \ packet-knet.c \ packet-kpasswd.c \ + packet-kt.c \ packet-l1-events.c \ packet-l2tp.c \ packet-lanforge.c \ diff --git a/epan/dissectors/packet-kt.c b/epan/dissectors/packet-kt.c new file mode 100644 index 0000000000..a9d0f59d9c --- /dev/null +++ b/epan/dissectors/packet-kt.c @@ -0,0 +1,801 @@ +/* packet-kt.c + * + * Routines for Kyoto Tycoon Version 1 binary protocol dissection + * Copyright 2013, Abhik Sarkar + * + * http://fallabs.com/kyototycoon/spex.html#protocol + * (Section "Binary Protocol") + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * Adapted from packet-bzr.c + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include +#include +#include +#include + + +void proto_register_kt(void); +void proto_reg_handoff_kt(void); + +static int proto_kt = -1; + +/* + * A few notes before we get into the thick of things... + * + * Note 1 (Abhik): + * ============================ + * While this is probably a very efficient protocol for the purpose + * for which it has been written, the way it has been written makes + * dissection a bit tricky. Requests and responses have the same + * "magic" identifier, but there is no clear cut way to distinguish + * between them. This means that a few dirty tricks have have to be + * employed for dissecting... and the dissector is based on sample + * captures from two different clients working with the same version + * of the server. + * It is possible that the dissection will break under other conditions. + * Hopefully, this can be fixed/improved with time. + * + * Note 2 (Abhik): + * ============================ + * There are three fields which use 64-bit time stamps. Based on what + * I can see from the sample traces I have, the value in each is + * different. I don't know if this is something specific to the + * version of the client and server I have, or this is how the + * implementation is... however, the difference is not apparent + * (at least to me) from the protocol specifications. + * So, this note is to clarify what I have found: + * - The timestamp (ts) in the replication requests is nanoseconds + * since epoch. + * - The timestamp (xt) in the set_bulk records is the number of + * seconds the record must live. + * - The timestamp (xt) in the get_bulk output records is the + * seconds since epoch. + * + * TODO: Support for reassembly of a request or response segmented over + * multiple frames needs to be added. + * A single frame containing multiple requests/responses seems unlikely + * due to the fact that there is no identifier for matching a request + * and a response. Tests suggest that the communication is synchronous. +*/ + +static dissector_handle_t kt_handle; + +/* Sub-trees */ +static gint ett_kt = -1; +static gint ett_kt_rec = -1; + +/* Header fields */ +static gint hf_kt_magic = -1; +static gint hf_kt_type = -1; +static gint hf_kt_ts = -1; +static gint hf_kt_flags = -1; +static gint hf_kt_rnum = -1; +static gint hf_kt_dbidx = -1; +static gint hf_kt_sid= -1; +static gint hf_kt_xt = -1; +static gint hf_kt_xt_resp = -1; +static gint hf_kt_ksiz = -1; +static gint hf_kt_vsiz = -1; +static gint hf_kt_key = -1; +static gint hf_kt_val = -1; +static gint hf_kt_key_str = -1; +static gint hf_kt_val_str = -1; +static gint hf_kt_hits = -1; +static gint hf_kt_nsiz = -1; +static gint hf_kt_name = -1; +static gint hf_kt_size = -1; +static gint hf_kt_log = -1; +static gint hf_kt_rec = -1; + +/* Magic Values */ +#define KT_MAGIC_REPL_WAIT 0xB0 +#define KT_MAGIC_REPLICATION 0xB1 +#define KT_MAGIC_PLAY_SCRIPT 0xB4 +#define KT_MAGIC_SET_BULK 0xB8 +#define KT_MAGIC_REMOVE_BULK 0xB9 +#define KT_MAGIC_GET_BULK 0xBA +#define KT_MAGIC_ERROR 0xBF + +static const value_string kt_magic_vals[] = { + {KT_MAGIC_REPL_WAIT, "replication - waiting for updates"}, + {KT_MAGIC_REPLICATION, "replication"}, + {KT_MAGIC_PLAY_SCRIPT, "play_script"}, + {KT_MAGIC_SET_BULK, "set_bulk" }, + {KT_MAGIC_REMOVE_BULK, "remove_bulk"}, + {KT_MAGIC_GET_BULK, "get_bulk" }, + {KT_MAGIC_ERROR, "error" }, + {0, NULL} +}; + +/* Operation type (determined/generated by the dissector) */ +#define KT_OPER_REQUEST 0x00 +#define KT_OPER_RESPONSE 0x01 + +static const value_string kt_oper_vals[] = { + {KT_OPER_REQUEST, "request"}, + {KT_OPER_RESPONSE, "response"}, + {0, NULL} +}; + +/* Preferences */ +/* + * The default port numbers are not IANA registered but used by the + * default configuration of the KT server all the same. + */ +#define DEFAULT_KT_PORT_RANGE "1978-1979" +static range_t *global_kt_tcp_port_range; +static gboolean kt_present_key_val_as_ascii; + +/* Dissection routines */ +static int +dissect_kt_replication_wait(tvbuff_t *tvb, proto_tree *tree) +{ + int offset; + guint64 ts; + nstime_t ns_ts; + + proto_item *pi; + + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_REQUEST); + PROTO_ITEM_SET_GENERATED(pi); + + offset = 1; + + ts = tvb_get_ntoh64(tvb, offset); + ns_ts.secs = ts / 1000000000; + ns_ts.nsecs = ts % 1000000000; + proto_tree_add_time(tree, hf_kt_ts, tvb, offset, 8, &ns_ts); + offset += 8; + + return offset; +} + +static int +dissect_kt_replication(tvbuff_t *tvb, proto_tree *tree) +{ + int offset; + guint32 next32, size; + guint64 ts; + nstime_t ns_ts; + + proto_item *pi; + + offset = 1; + + if (tvb_reported_length_remaining(tvb, offset) > 0) { + next32 = tvb_get_ntohl(tvb, offset); + if (next32 <= 1) { /* This means request. the 32 bits are flags */ + proto_tree_add_item(tree, hf_kt_flags, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_item(tree, hf_kt_ts, tvb, offset, 8, ENC_BIG_ENDIAN); + offset += 8; + + proto_tree_add_item(tree, hf_kt_sid, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + } else { /* This is a response. The 32 bits are the first half of the ts */ + ts = tvb_get_ntoh64(tvb, offset); + ns_ts.secs = ts / 1000000000; + ns_ts.nsecs = ts % 1000000000; + proto_tree_add_time(tree, hf_kt_ts, tvb, offset, 8, &ns_ts); + offset += 8; + + size = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_size, tvb, offset, 4, size); + offset += 4; + + proto_tree_add_item(tree, hf_kt_log, tvb, offset, size, ENC_NA); + offset += size; + } + } else { + /* This is an empty ack to the message with magic 0xB0. */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + } + + return offset; +} + +static int +dissect_kt_set_bulk(tvbuff_t *tvb, proto_tree *tree) +{ + guint32 next32, rnum, ksiz, vsiz; + gint offset, rec_start_offset; + + proto_item *ti; + proto_item *pi; + proto_tree *rec_tree; + + offset = 1; + next32 = tvb_get_ntohl(tvb, offset); + + if (tvb_reported_length_remaining(tvb, (offset + 4)) > 0) { + /* There's more data after the 32 bits. This is a request */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_REQUEST); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_flags, tvb, offset, 4, next32); + offset += 4; + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_rnum, tvb, offset, 4, rnum); + offset += 4; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + proto_tree_add_item(rec_tree, hf_kt_dbidx, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + vsiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_vsiz, tvb, offset, 4, vsiz); + offset += 4; + + proto_tree_add_item(rec_tree, hf_kt_xt, tvb, offset, 8, ENC_BIG_ENDIAN); + offset += 8; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_tree_add_item(rec_tree, hf_kt_val, tvb, offset, vsiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_val_str, tvb, offset, vsiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += vsiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } else { + /* Nothing remaining after the 32 bits. This is a response. */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_hits, tvb, offset, 4, next32); + offset += 4; + } + + return offset; +} + +static int +dissect_kt_play_script(tvbuff_t *tvb, proto_tree *tree) +{ + guint32 next32, rnum, ksiz, vsiz, nsiz; + gint offset, rec_start_offset; + + proto_item *ti; + proto_item *pi; + proto_tree *rec_tree; + + offset = 1; + next32 = tvb_get_ntohl(tvb, offset); + + if (next32 == 0) { + if (tvb_reported_length_remaining(tvb, (offset + 4)) > 0) { + /* There's more data after the 32 bits. This is a request */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_REQUEST); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_flags, tvb, offset, 4, next32); + offset += 4; + + nsiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_nsiz, tvb, offset, 4, nsiz); + offset += 4; + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_rnum, tvb, offset, 4, rnum); + offset += 4; + + proto_tree_add_item(tree, hf_kt_name, tvb, offset, nsiz, ENC_ASCII|ENC_NA); + offset += nsiz; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + vsiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_vsiz, tvb, offset, 4, vsiz); + offset += 4; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_tree_add_item(rec_tree, hf_kt_val, tvb, offset, vsiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_val_str, tvb, offset, vsiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += vsiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } else { + /* Nothing remaining after the 32 bits. This is a response with no records. */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_rnum, tvb, offset, 4, next32); + offset += 4; + } + } else { /* response - one or more records */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_hits, tvb, offset, 4, rnum); + offset += 4; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + vsiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_vsiz, tvb, offset, 4, vsiz); + offset += 4; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_tree_add_item(rec_tree, hf_kt_val, tvb, offset, vsiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_val_str, tvb, offset, vsiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += vsiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } + + return offset; +} + +static int +dissect_kt_get_bulk(tvbuff_t *tvb, proto_tree *tree) +{ + guint32 next32, rnum, ksiz, vsiz; + guint64 xt; + nstime_t ts; + gint offset, rec_start_offset; + + proto_item *ti; + proto_item *pi; + proto_tree *rec_tree; + + offset = 1; + next32 = tvb_get_ntohl(tvb, offset); + + if (next32 == 0) { + if (tvb_reported_length_remaining(tvb, (offset + 4)) > 0) { /* request */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_REQUEST); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_flags, tvb, offset, 4, next32); + offset += 4; + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_rnum, tvb, offset, 4, rnum); + offset += 4; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + proto_tree_add_item(rec_tree, hf_kt_dbidx, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } else { /* response - no records */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_hits, tvb, offset, 4, next32); + offset += 4; + } + } else { /* response - one or more records */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_hits, tvb, offset, 4, rnum); + offset += 4; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + proto_tree_add_item(rec_tree, hf_kt_dbidx, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + vsiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_vsiz, tvb, offset, 4, vsiz); + offset += 4; + + xt = tvb_get_ntoh64(tvb, offset); + ts.secs = xt&0xFFFFFFFF; + ts.nsecs = 0; + proto_tree_add_time(rec_tree, hf_kt_xt_resp, tvb, offset, 8, &ts); + offset += 8; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_tree_add_item(rec_tree, hf_kt_val, tvb, offset, vsiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_val_str, tvb, offset, vsiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += vsiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } + + return offset; +} + +static int +dissect_kt_remove_bulk(tvbuff_t *tvb, proto_tree *tree) +{ + guint32 next32, rnum, ksiz; + gint offset, rec_start_offset; + + proto_item *ti; + proto_item *pi; + proto_tree *rec_tree; + + offset = 1; + next32 = tvb_get_ntohl(tvb, offset); + + if (tvb_reported_length_remaining(tvb, (offset + 4)) > 0) { /* request */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_REQUEST); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_flags, tvb, offset, 4, next32); + offset += 4; + + rnum = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(tree, hf_kt_rnum, tvb, offset, 4, rnum); + offset += 4; + + while (rnum > 0) { + /* Create a sub-tree for each record */ + ti = proto_tree_add_item(tree, hf_kt_rec, tvb, offset, -1, ENC_NA); + rec_tree = proto_item_add_subtree(ti, ett_kt_rec); + rec_start_offset = offset; + + proto_tree_add_item(rec_tree, hf_kt_dbidx, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + ksiz = tvb_get_ntohl(tvb, offset); + proto_tree_add_uint(rec_tree, hf_kt_ksiz, tvb, offset, 4, ksiz); + offset += 4; + + proto_tree_add_item(rec_tree, hf_kt_key, tvb, offset, ksiz, ENC_NA); + if (kt_present_key_val_as_ascii) { + pi = proto_tree_add_item(rec_tree, hf_kt_key_str, tvb, offset, ksiz, ENC_ASCII|ENC_NA); + PROTO_ITEM_SET_GENERATED(pi); + } + offset += ksiz; + + proto_item_set_len(ti, offset-rec_start_offset); + rnum--; + } + } else { /* response */ + pi = proto_tree_add_uint(tree, hf_kt_type, tvb, 0, 1, KT_OPER_RESPONSE); + PROTO_ITEM_SET_GENERATED(pi); + + proto_tree_add_uint(tree, hf_kt_hits, tvb, offset, 4, next32); + offset += 4; + } + + return offset; +} +static void +dissect_kt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + gint magic; + proto_item *ti; + proto_tree *kt_tree; + int offset; + + ti = NULL; + kt_tree = NULL; + offset = 0; + + while (tvb_reported_length_remaining(tvb, offset) > 0) { + magic = tvb_get_guint8(tvb, offset); + + /* If the magic is not one of the known values, exit */ + if (try_val_to_str(magic, kt_magic_vals) == NULL) + return; + + /* Otherwise, the magic value is known. Continue */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "KT"); + col_set_str(pinfo->cinfo, COL_INFO, try_val_to_str(magic, kt_magic_vals)); + + ti = proto_tree_add_item(tree, proto_kt, tvb, 0, tvb_length(tvb), ENC_NA); + kt_tree = proto_item_add_subtree(ti, ett_kt); + + proto_tree_add_item(kt_tree, hf_kt_magic, tvb, 0, 1, ENC_BIG_ENDIAN); + offset++; + + switch (magic) { + case KT_MAGIC_REPL_WAIT: + offset+= dissect_kt_replication_wait(tvb, kt_tree); + break; + case KT_MAGIC_REPLICATION: + offset+= dissect_kt_replication(tvb, kt_tree); + break; + case KT_MAGIC_PLAY_SCRIPT: + offset+= dissect_kt_play_script(tvb, kt_tree); + break; + case KT_MAGIC_SET_BULK: + offset+= dissect_kt_set_bulk(tvb, kt_tree); + break; + case KT_MAGIC_REMOVE_BULK: + offset+= dissect_kt_remove_bulk(tvb, kt_tree); + break; + case KT_MAGIC_GET_BULK: + offset+= dissect_kt_get_bulk(tvb, kt_tree); + break; + case KT_MAGIC_ERROR: + break; + } + } +} + +void +proto_register_kt(void) +{ + module_t *kt_module; /* preferences */ + + static hf_register_info hf[] = { + { &hf_kt_magic, + { "magic", "kt.magic", FT_UINT8, BASE_HEX, + VALS(kt_magic_vals), 0x0, "identifier", HFILL + } + }, + { &hf_kt_type, + { "type", "kt.type", FT_UINT8, BASE_HEX, + VALS(kt_oper_vals), 0x0, "request/response", HFILL + } + }, + { &hf_kt_flags, + { "flags", "kt.flags", FT_UINT32, BASE_HEX, + NULL, 0x0, "flags of bitwise-or", HFILL + } + }, + { &hf_kt_rnum, + { "rnum", "kt.rnum", FT_UINT32, BASE_DEC, NULL, 0x0, + "the number of records", HFILL + } + }, + { &hf_kt_dbidx, + { "dbidx", "kt.dbidx", FT_UINT16, + BASE_DEC, NULL, 0x0, "the index of the target database", HFILL + } + }, + { &hf_kt_sid, + { "sid", "kt.sid", FT_UINT16, BASE_DEC, + NULL, 0x0, "the server ID number", HFILL + } + }, + { &hf_kt_ts, + { "ts", "kt.ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, + NULL, 0x0, "the timestamp of the log", HFILL + } + }, + { &hf_kt_xt, + { "xt", "kt.xt", FT_UINT64, BASE_DEC, + NULL, 0x0, "the expiration time in seconds", HFILL + } + }, + { &hf_kt_xt_resp, + { "xt", "kt.xt_resp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, + NULL, 0x0, "the expiration time", HFILL + } + }, + { &hf_kt_ksiz, + { "ksiz", "kt.ksiz", FT_UINT32, BASE_DEC, + NULL, 0x0, "the size of the key",HFILL + } + }, + { &hf_kt_vsiz, + { "vsiz", "kt.vsiz", FT_UINT32, BASE_DEC, + NULL, 0x0, "the size of the value", HFILL + } + }, + { &hf_kt_key, + { "key", "kt.key", FT_BYTES, BASE_NONE, + NULL, 0x0, "the key", HFILL + } + }, + { &hf_kt_val, + { "value", "kt.value", FT_BYTES, BASE_NONE, + NULL, 0x0, "the value", HFILL + } + }, + { &hf_kt_key_str, + { "key", "kt.key_str", FT_STRING, BASE_NONE, + NULL, 0x0, "ASCII representation of the key", HFILL + } + }, + { &hf_kt_val_str, + { "value", "kt.value_str", FT_STRING, BASE_NONE, + NULL, 0x0, "ASCII representation of the value", HFILL + } + }, + { &hf_kt_hits, + { "hits", "kt.hits", FT_UINT32, BASE_DEC, + NULL, 0x0, "the number of records", HFILL + } + }, + { &hf_kt_size, + { "size", "kt.size", FT_UINT32, BASE_DEC, + NULL, 0x0, "the size of the replication log", HFILL + } + }, + { &hf_kt_log, + { "log", "kt.log", FT_BYTES, BASE_NONE, + NULL, 0x0, "the replication log", HFILL + } + }, + { &hf_kt_nsiz, + { "nsiz", "kt.nsiz", FT_UINT32, BASE_DEC, + NULL, 0x0, "the size of the procedure name", HFILL + } + }, + { &hf_kt_name, + { "name", "kt.name", FT_STRING, BASE_NONE, + NULL, 0x0, "the procedure name", HFILL + } + }, + { &hf_kt_rec, + { "record", "kt.record", FT_NONE, BASE_NONE, + NULL, 0x0, "a record", HFILL + } + } + }; + + static gint *ett[] = { + &ett_kt, + &ett_kt_rec + }; + + proto_kt = proto_register_protocol("Kyoto Tycoon Protocol", "Kyoto Tycoon", "kt"); + register_dissector("kt", dissect_kt, proto_kt); + proto_register_field_array(proto_kt, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Preferences */ + kt_module = prefs_register_protocol(proto_kt, proto_reg_handoff_kt); + + range_convert_str(&global_kt_tcp_port_range, DEFAULT_KT_PORT_RANGE, MAX_TCP_PORT); + prefs_register_range_preference(kt_module, "tcp.ports", "Kyoto Tycoon TCP ports", + "TCP ports to be decoded as Kyoto Tycoon (binary protocol) (default: " + DEFAULT_KT_PORT_RANGE ")", + &global_kt_tcp_port_range, MAX_TCP_PORT); + + prefs_register_bool_preference(kt_module, "present_key_val_as_ascii", + "Attempt to also show ASCII string representation of keys and values", + "KT allows binary values in keys and values. Attempt to show an ASCII representation anyway (which might be prematurely terminated by a NULL!", + &kt_present_key_val_as_ascii); +} + +void +proto_reg_handoff_kt(void) +{ + static gboolean Initialized = FALSE; + static range_t *kt_tcp_port_range; + + if (!Initialized) { + kt_handle = find_dissector("kt"); + Initialized = TRUE; + } + else { + dissector_delete_uint_range("tcp.port", kt_tcp_port_range, kt_handle); + g_free(kt_tcp_port_range); + } + + kt_tcp_port_range = range_copy(global_kt_tcp_port_range); + dissector_add_uint_range("tcp.port", kt_tcp_port_range, kt_handle); +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ -- cgit v1.2.1