/* packet-aim.c * Routines for AIM dissection * Copyright 2000, Adam Fritzler * * $Id: packet-aim.c,v 1.00 2000/05/28 17:04:23 oabad Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * Copied from README.developer * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #ifdef NEED_SNPRINTF_H # ifdef HAVE_STDARG_H # include # else # include # endif # include "snprintf.h" #endif #include #include #include "packet.h" #define TCP_PORT_AIM 5190 /* Initialize the protocol and registered fields */ static int proto_aim = -1; static int proto_aim_snac = -1; static int hf_aim_channel = -1; static int hf_aim_seqnum = -1; static int hf_aim_flaplen = -1; static int hf_aim_snac_family = -1; static int hf_aim_snac_subtype = -1; static int hf_aim_snac_flags0 = -1; static int hf_aim_snac_flags1 = -1; static int hf_aim_snac_reqid = -1; static int hf_aim_snac_name = -1; static int hf_aim_userinfo_sn = -1; static int hf_aim_userinfo_warnlevel = -1; static int hf_aim_userinfo_idletime = -1; static int hf_aim_userinfo_class = -1; static int hf_aim_userinfo_membersince = -1; static int hf_aim_userinfo_onlinesince = -1; static int hf_aim_userinfo_sessionlen = -1; static int hf_aim_userinfo_capabilities = -1; static int hf_aim_userinfo_unknown = -1; static int hf_aim_icbmcookie = -1; static int hf_aim_icbm_channel = -1; static int hf_aim_icbm_unknown = -1; static int hf_aim_icbm_ack = -1; static int hf_aim_icbm_away = -1; static int hf_aim_icbm_msgblock = -1; static int hf_aim_icbm_msg = -1; static int hf_aim_icbm_encflag1 = -1, hf_aim_icbm_encflag2 = -1; /* Initialize the subtree pointers */ static gint ett_aim = -1; static gint ett_aim_snac = -1; static gint ett_aim_data = -1; static gint ett_aim_icbmmsgblock = -1; /* * The aim_tlv* and aim_info* functions are directly from * libfaim CVS as of the start of July 2000. * * Its okay, really. I'm the author. */ #define MAXSNLEN 32 #define aimutil_get16(buf) ((((*(buf))<<8)&0xff00) + ((*((buf)+1)) & 0xff)) #define aimutil_get32(buf) ((((*(buf))<<24)&0xff000000) + \ (((*((buf)+1))<<16)&0x00ff0000) + \ (((*((buf)+2))<< 8)&0x0000ff00) + \ (((*((buf)+3) )&0x000000ff))) struct aim_tlv_t { u_short type; u_short length; u_char *value; }; /* List of above. */ struct aim_tlvlist_t { struct aim_tlv_t *tlv; struct aim_tlvlist_t *next; }; #define AIM_CLASS_TRIAL 0x0001 #define AIM_CLASS_UNKNOWN2 0x0002 #define AIM_CLASS_AOL 0x0004 #define AIM_CLASS_UNKNOWN4 0x0008 #define AIM_CLASS_FREE 0x0010 #define AIM_CLASS_AWAY 0x0020 #define AIM_CLASS_UNKNOWN40 0x0040 #define AIM_CLASS_UNKNOWN80 0x0080 #define AIM_CAPS_BUDDYICON 0x01 #define AIM_CAPS_VOICE 0x02 #define AIM_CAPS_IMIMAGE 0x04 #define AIM_CAPS_CHAT 0x08 #define AIM_CAPS_GETFILE 0x10 #define AIM_CAPS_SENDFILE 0x20 static struct aim_tlv_t *aim_createtlv(void) { struct aim_tlv_t *newtlv = NULL; newtlv = (struct aim_tlv_t *)malloc(sizeof(struct aim_tlv_t)); memset(newtlv, 0, sizeof(struct aim_tlv_t)); return newtlv; } static int aim_freetlv(struct aim_tlv_t **oldtlv) { if (!oldtlv) return -1; if (!*oldtlv) return -1; if ((*oldtlv)->value) free((*oldtlv)->value); free(*(oldtlv)); (*oldtlv) = NULL; return 0; } static struct aim_tlvlist_t *aim_readtlvchain(tvbuff_t *tvb, int pos) { struct aim_tlvlist_t *list; struct aim_tlvlist_t *cur; u_short type; u_short length; int maxlen = tvb_length(tvb); list = NULL; while (pos < maxlen) { type = tvb_get_ntohs(tvb, pos); pos += 2; if (pos < maxlen) { length = tvb_get_ntohs(tvb, pos); pos += 2; if ((pos+length) <= maxlen) { /* * Okay, so now AOL has decided that any TLV of * type 0x0013 can only be two bytes, despite * what the actual given length is. So here * we dump any invalid TLVs of that sort. Hopefully * theres no special cases to this special case. * - mid (30jun2000) */ if ((type == 0x0013) && (length != 0x0002)) { printf("faim: skipping TLV t(0013) with invalid length (0x%04x)\n", length); length = 0x0002; } else { cur = (struct aim_tlvlist_t *)malloc(sizeof(struct aim_tlvlist_t)); memset(cur, 0x00, sizeof(struct aim_tlvlist_t)); cur->tlv = aim_createtlv(); cur->tlv->type = type; cur->tlv->length = length; cur->tlv->value = (u_char *)malloc(length*sizeof(u_char)); tvb_memcpy(tvb, cur->tlv->value, pos, length); cur->next = list; list = cur; } pos += length; } } } return list; } static void aim_freetlvchain(struct aim_tlvlist_t **list) { struct aim_tlvlist_t *cur, *cur2; if (!list || !(*list)) return; cur = *list; while (cur) { aim_freetlv(&cur->tlv); cur2 = cur->next; free(cur); cur = cur2; } list = NULL; return; } static int aim_counttlvchain(struct aim_tlvlist_t **list) { struct aim_tlvlist_t *cur; int count = 0; if (!list || !(*list)) return 0; for (cur = *list; cur; cur = cur->next) count++; return count; } /* * Grab the Nth TLV of type type in the TLV list list. */ static struct aim_tlv_t *aim_gettlv(struct aim_tlvlist_t *list, u_short type, int nth) { int i; struct aim_tlvlist_t *cur; i = 0; for (cur = list; cur != NULL; cur = cur->next) { if (cur && cur->tlv) { if (cur->tlv->type == type) i++; if (i >= nth) return cur->tlv; } } return NULL; } static char *aim_gettlv_str(struct aim_tlvlist_t *list, u_short type, int nth) { struct aim_tlv_t *tlv; char *newstr; if (!(tlv = aim_gettlv(list, type, nth))) return NULL; newstr = (char *) malloc(tlv->length + 1); memcpy(newstr, tlv->value, tlv->length); *(newstr + tlv->length) = '\0'; return newstr; } /* * Capability blocks. */ static u_char aim_caps[6][16] = { /* Buddy icon */ {0x09, 0x46, 0x13, 0x46, 0x4c, 0x7f, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}, /* Voice */ {0x09, 0x46, 0x13, 0x41, 0x4c, 0x7f, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}, /* IM image */ {0x09, 0x46, 0x13, 0x45, 0x4c, 0x7f, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}, /* Chat */ {0x74, 0x8f, 0x24, 0x20, 0x62, 0x87, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}, /* Get file */ {0x09, 0x46, 0x13, 0x48, 0x4c, 0x7f, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00}, /* Send file */ {0x09, 0x46, 0x13, 0x43, 0x4c, 0x7f, 0x11, 0xd1, 0x82, 0x22, 0x44, 0x45, 0x53, 0x54, 0x00, 0x00} }; /* XXX convert to use tvbuffs */ static u_short aim_getcap(unsigned char *capblock, int buflen) { u_short ret = 0; int y; int offset = 0; while (offset < buflen) { for(y=0; y < (sizeof(aim_caps)/0x10); y++) { if (memcmp(&aim_caps[y], capblock+offset, 0x10) == 0) { switch(y) { case 0: ret |= AIM_CAPS_BUDDYICON; break; case 1: ret |= AIM_CAPS_VOICE; break; case 2: ret |= AIM_CAPS_IMIMAGE; break; case 3: ret |= AIM_CAPS_CHAT; break; case 4: ret |= AIM_CAPS_GETFILE; break; case 5: ret |= AIM_CAPS_SENDFILE; break; default: ret |= 0xff00; break; } } } offset += 0x10; } return ret; } static char *aim_getsnacname(unsigned short family, unsigned short subtype) { unsigned short maxf; unsigned short maxs; char *literals[14][25] = { {"Invalid", NULL }, {"General", "Invalid", "Error", "Client Ready", "Server Ready", "Service Request", "Redirect", "Rate Information Request", "Rate Information", "Rate Information Ack", NULL, "Rate Information Change", "Server Pause", NULL, "Server Resume", "Request Personal User Information", "Personal User Information", "Evil Notification", NULL, "Migration notice", "Message of the Day", "Set Privacy Flags", "Well Known URL", "NOP" }, {"Location", "Invalid", "Error", "Request Rights", "Rights Information", "Set user information", "Request User Information", "User Information", "Watcher Sub Request", "Watcher Notification" }, {"Buddy List Management", "Invalid", "Error", "Request Rights", "Rights Information", "Add Buddy", "Remove Buddy", "Watcher List Query", "Watcher List Response", "Watcher SubRequest", "Watcher Notification", "Reject Notification", "Oncoming Buddy", "Offgoing Buddy" }, {"Messeging", "Invalid", "Error", "Add ICBM Parameter", "Remove ICBM Parameter", "Request Parameter Information", "Parameter Information", "Outgoing Message", "Incoming Message", "Evil Request", "Evil Reply", "Missed Calls", "Message Error", "Host Ack" }, {"Advertisements", "Invalid", "Error", "Request Ad", "Ad Data (GIFs)" }, {"Invitation / Client-to-Client", "Invalid", "Error", "Invite a Friend", "Invitation Ack" }, {"Administrative", "Invalid", "Error", "Information Request", "Information Reply", "Information Change Request", "Information Chat Reply", "Account Confirm Request", "Account Confirm Reply", "Account Delete Request", "Account Delete Reply" }, {"Popups", "Invalid", "Error", "Display Popup" }, {"BOS", "Invalid", "Error", "Request Rights", "Rights Response", "Set group permission mask", "Add permission list entries", "Delete permission list entries", "Add deny list entries", "Delete deny list entries", "Server Error" }, {"User Lookup", "Invalid", "Error", "Search Request", "Search Response" }, {"Stats", "Invalid", "Error", "Set minimum report interval", "Report Events" }, {"Translate", "Invalid", "Error", "Translate Request", "Translate Reply", }, {"Chat Navigation", "Invalid", "Error", "Request rights", "Request Exchange Information", "Request Room Information", "Request Occupant List", "Search for Room", "Outgoing Message", "Incoming Message", "Evil Request", "Evil Reply", "Chat Error", } }; maxf = sizeof(literals) / sizeof(literals[0]); maxs = sizeof(literals[0]) / sizeof(literals[0][0]); if((family < maxf) && (subtype+1 < maxs) && (literals[family][subtype] != NULL)) return literals[family][subtype+1]; return NULL; } /* * This is basically aim_extractuserinfo() from libfaim, converted to use * tvbuffs and add widgets occasionally. */ static int dissect_aim_userinfo(tvbuff_t *tvb, int offset, proto_tree *tree) { unsigned short tempshort; char sn[MAXSNLEN+1]; proto_item *tv; int offsetsave,lastvalid=1; unsigned short tlvcnt,curtlv=0; offsetsave = offset; tempshort = tvb_get_guint8(tvb, offset); offset++; tvb_memcpy(tvb, sn, offset, tempshort); sn[tempshort] = '\0'; offset += tempshort; tv = proto_tree_add_string_format(tree, hf_aim_userinfo_sn, tvb, offsetsave, offset-offsetsave, sn, "Screen Name: %s", sn); tempshort = tvb_get_ntohs(tvb, offset); /* XXX if theres'a add_float, we should use that and give in a nice way */ tv = proto_tree_add_uint_format(tree, hf_aim_userinfo_warnlevel, tvb, offset, 2, tempshort, "Warning Level: 0x%04x", tempshort); offset += 2; tlvcnt = tvb_get_ntohs(tvb, offset); offset += 2; while (curtlv < tlvcnt) { unsigned short curtype; lastvalid = 1; curtype = tvb_get_ntohs(tvb, offset); switch (curtype) { /* * Type = 0x0000: Invalid * * AOL has been trying to throw these in just to break us. * They're real nice guys over there at AOL. * * Just skip the two zero bytes and continue on. (This doesn't * count towards tlvcnt!) */ case 0x0000: lastvalid = 0; offset += 2; break; /* * Type = 0x0001: Member Class. * * Specified as any of the following bitwise ORed together: * 0x0001 Trial (user less than 60days) * 0x0002 Unknown bit 2 * 0x0004 AOL Main Service user * 0x0008 Unknown bit 4 * 0x0010 Free (AIM) user * 0x0020 Away * */ case 0x0001: { unsigned short class; char classstr[512]; int stroff = 0; class = tvb_get_ntohs(tvb, offset+4); stroff += sprintf(classstr+stroff, "Class: 0x%04x (", class); if (class & AIM_CLASS_TRIAL) stroff += sprintf(classstr+stroff, "Trial "); if (class & AIM_CLASS_UNKNOWN2) stroff += sprintf(classstr+stroff, "Unknown2 "); if (class & AIM_CLASS_AOL) stroff += sprintf(classstr+stroff, "AOL "); if (class & AIM_CLASS_UNKNOWN4) stroff += sprintf(classstr+stroff, "Unknown4 "); if (class & AIM_CLASS_FREE) stroff += sprintf(classstr+stroff, "Free "); if (class & AIM_CLASS_AWAY) stroff += sprintf(classstr+stroff, "Away "); if (class & AIM_CLASS_UNKNOWN40) stroff += sprintf(classstr+stroff, "Unknown40 "); if (class & AIM_CLASS_UNKNOWN80) stroff += sprintf(classstr+stroff, "Unknown80 "); stroff += sprintf(classstr+stroff-1, ")"); proto_tree_add_string_format(tree, hf_aim_userinfo_class, tvb, offset, 6, classstr, classstr); break; } /* * Type = 0x0002: Member-Since date. * * The time/date that the user originally * registered for the service, stored in * time_t format */ case 0x0002: { unsigned long membersince; membersince = tvb_get_ntohl(tvb, offset+4); proto_tree_add_uint_format(tree, hf_aim_userinfo_membersince, tvb, offset, 8, membersince, "Member since: 0x%08lx (time_t)", membersince); break; } /* * Type = 0x0003: On-Since date. * * The time/date that the user started * their current session, stored in time_t * format. */ case 0x0003: { unsigned long onlinesince; onlinesince = tvb_get_ntohl(tvb, offset+4); proto_tree_add_uint_format(tree, hf_aim_userinfo_onlinesince, tvb, offset, 8, onlinesince, "Online since: 0x%08lx (time_t)", onlinesince); break; } /* * Type = 0x0004: Idle time. * * Number of seconds since the user * actively used the service. */ case 0x0004: { unsigned short idletime; idletime = tvb_get_ntohs(tvb, offset+4); proto_tree_add_uint_format(tree, hf_aim_userinfo_idletime, tvb, offset, 6, idletime, "Idle time: 0x%04x seconds", idletime); break; } /* * Type = 0x000d * * Capability information. Not real sure of * actual decoding. See comment on aim_bos_setprofile() * in aim_misc.c about the capability block, its the same. * */ case 0x000d: { int len; unsigned short caps; unsigned char *buf; char capstr[512]; int stroff = 0; len = tvb_get_ntohs(tvb, offset+2); if (!len) break; buf = tvb_get_ptr(tvb, offset+4, len); caps = aim_getcap(buf, len); /* XXX do we have to free() the pointer from tvb_get_ptr? */ stroff += sprintf(capstr+stroff, "Capabilities: 0x%04x (", caps); if (caps & AIM_CAPS_BUDDYICON) stroff += sprintf(capstr+stroff, "Buddyicon "); if (caps & AIM_CAPS_VOICE) stroff += sprintf(capstr+stroff, "Voice "); if (caps & AIM_CAPS_IMIMAGE) stroff += sprintf(capstr+stroff, "IMImage "); if (caps & AIM_CAPS_CHAT) stroff += sprintf(capstr+stroff, "Chat "); if (caps & AIM_CAPS_GETFILE) stroff += sprintf(capstr+stroff, "GetFile "); if (caps & AIM_CAPS_SENDFILE) stroff += sprintf(capstr+stroff, "SendFile "); stroff += sprintf(capstr+stroff-1, ")"); proto_tree_add_string_format(tree, hf_aim_userinfo_capabilities, tvb, offset, 2+2+len, capstr, capstr); } break; /* * Type = 0x000e * * Unknown. Always of zero length, and always only * on AOL users. * * Ignore. * */ case 0x000e: break; /* * Type = 0x000f: Session Length. (AIM) * Type = 0x0010: Session Length. (AOL) * * The duration, in seconds, of the user's * current session. * * Which TLV type this comes in depends * on the service the user is using (AIM or AOL). * */ case 0x000f: case 0x0010: { unsigned long sessionlen; sessionlen = tvb_get_ntohl(tvb, offset+4); proto_tree_add_uint_format(tree, hf_aim_userinfo_sessionlen, tvb, offset, 8, sessionlen, "Session length: 0x%08lx seconds", sessionlen); break; } /* * Reaching here indicates that either AOL has * added yet another TLV for us to deal with, * or the parsing has gone Terribly Wrong. * * Either way, inform the owner and attempt * recovery. * */ default: { unsigned short type, length; type = tvb_get_ntohs(tvb, offset); length = tvb_get_ntohs(tvb, offset+2); /* XXX this may occur more than once -- is there any hazard to using hf_aim_userinfo_unknown over again? */ proto_tree_add_string_format(tree, hf_aim_userinfo_unknown, tvb, offset, 2+2+length, NULL, "Unknown Userinfo TLV t(%04x) l(%04x)", type, length); } #if 0 { int len,z = 0, y = 0, x = 0; char tmpstr[80]; printf("faim: userinfo: **warning: unexpected TLV:\n"); printf("faim: userinfo: sn =%s\n", outinfo->sn); printf("faim: userinfo: curtlv=0x%04x\n", curtlv); printf("faim: userinfo: type =0x%04x\n",aimutil_get16(&buf[i])); printf("faim: userinfo: length=0x%04x\n", len = aimutil_get16(&buf[i+2])); printf("faim: userinfo: data: \n"); while (z