From c52c5a71d3103ac26d8b7bdf1fc1dcda95588197 Mon Sep 17 00:00:00 2001 From: Amit Geynis Date: Sun, 5 May 2019 16:45:49 +0300 Subject: [PATCH 1/8] Info column for SD --- sd_entries.lua | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/sd_entries.lua b/sd_entries.lua index 30da7f0..91a11a6 100644 --- a/sd_entries.lua +++ b/sd_entries.lua @@ -21,10 +21,16 @@ local f_e_cnt = ProtoField.uint8("sd.e.cnt","Counter",base.DEC,nil,0x0f) local f_e_egrp_id = ProtoField.uint8("sd.e.egrp_id","EventGroup_ID",base.HEX) local e_types = { - [0] = "FIND_SERVICE", -- 0x00 - [1] = "OFFER_SERVICE", -- 0x01 + [0] = "FIND SERVICE", -- 0x00 + [1] = "OFFER SERVICE", -- 0x01 [6] = "SUBSCRIBE", -- 0x06 - [7] = "SUBSCRIBE_ACK" -- 0x07 + [7] = "SUBSCRIBE ACK" -- 0x07 +} + +local e_negative_types = { + [1] = "STOP OFFER SERVICE", -- 0x01 + [6] = "STOP SUBSCRIBE", -- 0x06 + [7] = "SUBSCRIBE NACK" -- 0x07 } p_sd_ents.fields = {f_e_type,f_e_o1_i,f_e_o2_i,f_e_o1_n,f_e_o2_n,f_e_srv_id,f_e_inst_id,f_e_v_major,f_e_ttl,f_e_v_minor,f_e_reserved,f_e_init_req,f_e_reserved2,f_e_cnt,f_e_egrp_id} @@ -38,10 +44,21 @@ function p_sd_ents.dissector(buf,pinfo,root) -- parse entries (NOTE : some extra variables to easen understanding) local e_len_parsed = 0 + local info_col = "" while e_len_parsed < e_len do - local i_parse = parse_entries(root,buf(offset,(e_len-e_len_parsed))) + local i_parse, e_type_u8, ttl = parse_entries(root,buf(offset,(e_len - e_len_parsed))) e_len_parsed = e_len_parsed + i_parse + if (ttl ~= 0) then + info_col = info_col .. e_types[e_type_u8] .. ", " + else + info_col = info_col .. e_negative_types[e_type_u8] .. ", " offset = offset + i_parse + end + end + + if (info_col ~= "") then + -- Replace info column + pinfo.cols.info = info_col:sub(0, -3) end end @@ -96,6 +113,7 @@ function parse_entries(subtree,buf) offset = offset + 1 -- TTL e_subtree:add(f_e_ttl,buf(offset,3)) + local ttl = buf(offset,3):uint() offset = offset + 3 -- SERVICE / EVENTGROUP entries @@ -121,5 +139,5 @@ function parse_entries(subtree,buf) offset = offset + 2 end - return(offset) + return offset, type_u8, ttl end From 30684c5b79fca9d08fb393de06baa85e75e711b1 Mon Sep 17 00:00:00 2001 From: Amit Geynis Date: Sun, 5 May 2019 17:05:30 +0300 Subject: [PATCH 2/8] 1. Fix for data above SOME/IP feature 2. Added message type as info column --- someip.lua | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/someip.lua b/someip.lua index 806ed16..2489cde 100644 --- a/someip.lua +++ b/someip.lua @@ -8,7 +8,7 @@ local lshift, rshift = bit.lshift,bit.rshift local tohex = bit.tohex -- SOME/IP protocol -local SOMEIP_SD_OFFSET = 16 +local SOMEIP_LENGTH = 16 p_someip = Proto("someip","SOME/IP") @@ -29,27 +29,27 @@ local f_more_seg = ProtoField.uint8("someip.tp_more_segments","More Segments" local msg_types = { [0] = "REQUEST", -- 0x00 - [1] = "REQUEST_NO_RETURN", -- 0x01 + [1] = "REQUEST NO RETURN", -- 0x01 [2] = "NOTIFICATION", -- 0x02 - [64] = "REQUEST_ACK", -- 0x40 - [65] = "REQUEST_NO_RETURN_ACK", -- 0x41 - [66] = "NOTIFICATION_ACK", -- 0x42 + [64] = "REQUEST ACK", -- 0x40 + [65] = "REQUEST NO RETURN ACK", -- 0x41 + [66] = "NOTIFICATION ACK", -- 0x42 [128] = "RESPONSE", -- 0x80 [129] = "ERROR", -- 0x81 - [192] = "RESPONSE_ACK", -- 0xc0 - [193] = "ERROR_ACK", -- 0xc1 + [192] = "RESPONSE ACK", -- 0xc0 + [193] = "ERROR ACK", -- 0xc1 -- SOME/IP - Transport Protocol (SOME/IP-TP) [32] = "REQUEST Segment", -- 0x20 - [33] = "REQUEST_NO_RETURN Segment", -- 0x21 + [33] = "REQUEST NO RETURN Segment", -- 0x21 [34] = "NOTIFICATION Segment", -- 0x22 - [96] = "REQUEST_ACK Segment", -- 0x60 - [97] = "REQUEST_NO_RETURN_ACK Segment", -- 0x61 - [98] = "NOTIFICATION_ACK Segment", -- 0x62 + [96] = "REQUEST ACK Segment", -- 0x60 + [97] = "REQUEST NO RETURN ACK Segment", -- 0x61 + [98] = "NOTIFICATION ACK Segment", -- 0x62 [160] = "RESPONSE Segment", -- 0xa0 [161] = "ERROR Segment", -- 0xa1 - [224] = "RESPONSE_ACK Segment", -- 0xe0 - [225] = "ERROR_ACK Segment" -- 0xe1 + [224] = "RESPONSE ACK Segment", -- 0xe0 + [225] = "ERROR ACK Segment" -- 0xe1 } local ret_codes = { [0] = "E_OK", @@ -124,6 +124,8 @@ function p_someip.dissector(buf,pinfo,root) type:append_text(" (" .. msg_types[buf(14,1):uint()] ..")") end + pinfo.cols.info = msg_types[buf(14,1):uint()] + -- Return Code local rcode = subtree:add(f_rc,buf(15,1)) if ret_codes[buf(15,1):uint()] ~= nil then @@ -138,17 +140,17 @@ function p_someip.dissector(buf,pinfo,root) local more_seg = subtree:add(f_more_seg,buf(19,1)) if band(buf(19,1):uint(),0x01) == 0 then more_seg:append_text(" (Last Segment)") - pinfo.cols.info = "TP Segment Offset=" .. tp_offset .. " More=False" + pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=False" else more_seg:append_text(" (Another segment follows)") - pinfo.cols.info = "TP Segment Offset=" .. tp_offset .. " More=True" + pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=True" end end -- SD payload -- -- - if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_SD_OFFSET) then - Dissector.get("sd"):call(buf(SOMEIP_SD_OFFSET):tvb(),pinfo,root) + if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_LENGTH) then + Dissector.get("sd"):call(buf(SOMEIP_LENGTH):tvb(),pinfo,root) elseif (buf:len() > SOMEIP_LENGTH) then Dissector.get("data"):call(buf(SOMEIP_LENGTH):tvb(),pinfo,root) end @@ -167,4 +169,3 @@ function p_someip.init() tcp_dissector_table:add(port,p_someip) end end - From 05f6badaf8d3222a140bf86f5ed5483b63e33f5e Mon Sep 17 00:00:00 2001 From: JasperChecksum <51070645+JasperChecksum@users.noreply.github.com> Date: Wed, 29 May 2019 08:18:59 +0200 Subject: [PATCH 3/8] fix for repeated service-IDs For an IP-message containing several OFFER-entries, in the 'EntriesArray' for all entries the 1. detected 'Service ID' was shown. So the number of entries is correct, but the IDs were not. The 'offset'-index was not increased in the 'if'-path. IP-message: OFFER A OFFER B 'EntriesArray': Service ID: A Service ID: A --- sd_entries.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sd_entries.lua b/sd_entries.lua index 91a11a6..6bd6189 100644 --- a/sd_entries.lua +++ b/sd_entries.lua @@ -52,8 +52,8 @@ function p_sd_ents.dissector(buf,pinfo,root) info_col = info_col .. e_types[e_type_u8] .. ", " else info_col = info_col .. e_negative_types[e_type_u8] .. ", " - offset = offset + i_parse end + offset = offset + i_parse end if (info_col ~= "") then From db7880d6e693aa3c22f7dc5727db05c38cc79141 Mon Sep 17 00:00:00 2001 From: Amit Geynis Date: Thu, 23 May 2019 10:29:01 +0300 Subject: [PATCH 4/8] Cosmetic changes, full protocol name as wireshark conventions. --- sd.lua | 12 ++++++------ someip.lua | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sd.lua b/sd.lua index 361605f..a568770 100644 --- a/sd.lua +++ b/sd.lua @@ -7,8 +7,8 @@ local band,bor = bit.band,bit.bor local lshift, rshift = bit.lshift,bit.rshift local tohex = bit.tohex --- SD protocol -p_sd = Proto("sd","SD") +-- SOME/IP-SD protocol +p_sd = Proto("sd","Scalable service-Oriented MiddlewarE over IP - Service Discovery") local f_flags = ProtoField.uint8("sd.flags","Flags",base.HEX) local f_flags_reboot = ProtoField.bool("sd.flags.reboot", "Reboot Flag") @@ -24,7 +24,7 @@ local f_opts = ProtoField.bytes("sd.opt","OptionsArray") p_sd.fields = {f_flags,f_flags_reboot,f_flags_unicast,f_flags_init_data,f_res,f_ents_len,f_ents,f_opts_len,f_opts} function p_sd.dissector(buf,pinfo,root) - pinfo.cols.protocol = "SOME-IP/SD" + pinfo.cols.protocol = "SOME/IP-SD" -- create subtree local subtree = root:add(p_sd,buf(0)) @@ -39,7 +39,7 @@ function p_sd.dissector(buf,pinfo,root) flags_tree:add(f_flags_unicast,buf(0,1):bitfield(1,1)) flags_tree:add(f_flags_init_data,buf(0,1):bitfield(2,1)) - offset = offset+1 + offset = offset + 1 -- Reserved subtree:add(f_res,buf(offset,3)) @@ -48,7 +48,7 @@ function p_sd.dissector(buf,pinfo,root) -- Entries length local e_len = buf(offset,4):uint() subtree:add(f_ents_len,buf(offset,4)) - offset = offset+4 + offset = offset + 4 -- Entries --e_tree = subtree:add(f_ents,buf(offset,e_len)) e_tree = subtree:add("EntriesArray") @@ -58,7 +58,7 @@ function p_sd.dissector(buf,pinfo,root) -- Options length local o_len = buf(offset,4):uint() subtree:add(f_opts_len,buf(offset,4)) - offset = offset+4 + offset = offset + 4 -- Options --o_tree = subtree:add(f_ents,buf(offset,o_len)) o_tree = subtree:add("OptionsArray") diff --git a/someip.lua b/someip.lua index 2489cde..232cc23 100644 --- a/someip.lua +++ b/someip.lua @@ -10,7 +10,7 @@ local tohex = bit.tohex -- SOME/IP protocol local SOMEIP_LENGTH = 16 -p_someip = Proto("someip","SOME/IP") +p_someip = Proto("someip","Scalable service-Oriented MiddlewarE over IP") local f_msg_id = ProtoField.uint32("someip.messageid","MessageID",base.HEX) local f_len = ProtoField.uint32("someip.length","Length",base.HEX) @@ -97,7 +97,7 @@ end -- dissection function function p_someip.dissector(buf,pinfo,root) - pinfo.cols.protocol = p_someip.name + pinfo.cols.protocol = "SOME/IP" -- create subtree -- From c56ddac5cdd9316ca6291d59b6aedea345e0815b Mon Sep 17 00:00:00 2001 From: Amit Geynis Date: Sun, 26 May 2019 10:09:56 +0300 Subject: [PATCH 5/8] assembling packets larger than MTU above TCP --- someip.lua | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/someip.lua b/someip.lua index 232cc23..1c29325 100644 --- a/someip.lua +++ b/someip.lua @@ -8,7 +8,7 @@ local lshift, rshift = bit.lshift,bit.rshift local tohex = bit.tohex -- SOME/IP protocol -local SOMEIP_LENGTH = 16 +local SOMEIP_HDR_LENGTH = 16 p_someip = Proto("someip","Scalable service-Oriented MiddlewarE over IP") @@ -70,7 +70,7 @@ p_someip.fields = {f_msg_id,f_len,f_req_id,f_pv,f_iv,f_mt,f_rc, f_offset, f_rese p_someip.prefs["udp_port"] = Pref.uint("UDP Port",30490,"UDP Port for SOME/IP") -- fields functions -function field_msgid(subtree,buf) +local function field_msgid(subtree,buf) msg_id = subtree:add(f_msg_id,buf(0,4)) local msg_id_uint = buf(0,4):uint() @@ -85,7 +85,8 @@ function field_msgid(subtree,buf) msg_id:add("event_id : "..tohex(band(msg_id_uint,0x7fff),4)) end end -function field_reqid(subtree,buf) + +local function field_reqid(subtree,buf) req_id = subtree:add(f_req_id,buf(8,4)) local req_id_uint = buf(8,4):uint() @@ -95,8 +96,9 @@ function field_reqid(subtree,buf) req_id:add("session_id : "..tohex(req_id_uint,4)) end --- dissection function -function p_someip.dissector(buf,pinfo,root) +-- PDU dissection function +local function someip_pdu_dissect(buf,pinfo,root) + pinfo.cols.protocol = "SOME/IP" -- create subtree @@ -119,9 +121,9 @@ function p_someip.dissector(buf,pinfo,root) subtree:add(f_iv,buf(13,1)) -- Message type - local type = subtree:add(f_mt,buf(14,1)) + local m_type = subtree:add(f_mt,buf(14,1)) if msg_types[buf(14,1):uint()] ~= nil then - type:append_text(" (" .. msg_types[buf(14,1):uint()] ..")") + m_type:append_text(" (" .. msg_types[buf(14,1):uint()] ..")") end pinfo.cols.info = msg_types[buf(14,1):uint()] @@ -149,14 +151,28 @@ function p_someip.dissector(buf,pinfo,root) -- SD payload -- -- - if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_LENGTH) then - Dissector.get("sd"):call(buf(SOMEIP_LENGTH):tvb(),pinfo,root) - elseif (buf:len() > SOMEIP_LENGTH) then - Dissector.get("data"):call(buf(SOMEIP_LENGTH):tvb(),pinfo,root) + if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_HDR_LENGTH) then + Dissector.get("sd"):call(buf(SOMEIP_HDR_LENGTH):tvb(),pinfo,root) + elseif (buf:len() > SOMEIP_HDR_LENGTH) then + Dissector.get("data"):call(buf(SOMEIP_HDR_LENGTH):tvb(),pinfo,root) end end +local function get_someip_length(buf, pktinfo, offset) + return buf(offset + 4,4):uint() +end + +-- main dissection function +function p_someip.dissector(buf,pinfo,root) + -- if above TCP we need to assemble the PDU + if pinfo.port_type == 2 then + dissect_tcp_pdus(buf,root, SOMEIP_HDR_LENGTH, get_someip_length, someip_pdu_dissect) + else + someip_pdu_dissect(buf,pinfo,root) + end +end + -- initialization routine function p_someip.init() -- register protocol (some ports arount 30490, that is referenced on Specs) From 6073efb47f4f1765e49d53fa269564b94d795995 Mon Sep 17 00:00:00 2001 From: Amit Geynis Date: Sun, 22 Sep 2019 14:08:18 +0300 Subject: [PATCH 6/8] no description for unknown msg type --- someip.lua | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/someip.lua b/someip.lua index 1c29325..b846162 100644 --- a/someip.lua +++ b/someip.lua @@ -124,10 +124,9 @@ local function someip_pdu_dissect(buf,pinfo,root) local m_type = subtree:add(f_mt,buf(14,1)) if msg_types[buf(14,1):uint()] ~= nil then m_type:append_text(" (" .. msg_types[buf(14,1):uint()] ..")") + pinfo.cols.info = msg_types[buf(14,1):uint()] end - pinfo.cols.info = msg_types[buf(14,1):uint()] - -- Return Code local rcode = subtree:add(f_rc,buf(15,1)) if ret_codes[buf(15,1):uint()] ~= nil then @@ -142,10 +141,18 @@ local function someip_pdu_dissect(buf,pinfo,root) local more_seg = subtree:add(f_more_seg,buf(19,1)) if band(buf(19,1):uint(),0x01) == 0 then more_seg:append_text(" (Last Segment)") - pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=False" + if msg_types[buf(14,1):uint()] ~= nil then + pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=False" + else + pinfo.cols.info = " Offset=" .. tp_offset .. " More=False" + end else more_seg:append_text(" (Another segment follows)") - pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=True" + if msg_types[buf(14,1):uint()] ~= nil then + pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=True" + else + pinfo.cols.info = " Offset=" .. tp_offset .. " More=True" + end end end From 296f46327ac1de70bd66dbc00756ca2a7a341e3f Mon Sep 17 00:00:00 2001 From: Tomer Shalish Date: Wed, 25 Sep 2019 10:59:18 +0300 Subject: [PATCH 7/8] Assemble multiple PDUs from a single buffer --- someip.lua | 49 ++++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/someip.lua b/someip.lua index b846162..4d1994f 100644 --- a/someip.lua +++ b/someip.lua @@ -96,11 +96,22 @@ local function field_reqid(subtree,buf) req_id:add("session_id : "..tohex(req_id_uint,4)) end +local function get_someip_length(buf, pktinfo, offset) + return buf(offset + 4,4):uint() + 8 +end + -- PDU dissection function local function someip_pdu_dissect(buf,pinfo,root) + local m_type_num = buf(14,1):uint() + local prev_proto = tostring(pinfo.cols.protocol) pinfo.cols.protocol = "SOME/IP" + -- Delete irrelevant info from previous protocol + if prev_proto ~= tostring(pinfo.cols.protocol) then + pinfo.cols.info = "" + end + -- create subtree -- subtree = root:add(p_someip,buf(0)) @@ -122,9 +133,14 @@ local function someip_pdu_dissect(buf,pinfo,root) -- Message type local m_type = subtree:add(f_mt,buf(14,1)) - if msg_types[buf(14,1):uint()] ~= nil then - m_type:append_text(" (" .. msg_types[buf(14,1):uint()] ..")") - pinfo.cols.info = msg_types[buf(14,1):uint()] + if msg_types[m_type_num] ~= nil then + m_type:append_text(" (" .. msg_types[m_type_num] ..")") + -- Concatenate the info of someip messages sent in same datagram + if tostring(pinfo.cols.info) ~= "" then + pinfo.cols.info = tostring(pinfo.cols.info) .. ", " .. msg_types[m_type_num] + else + pinfo.cols.info = msg_types[m_type_num] + end end -- Return Code @@ -134,25 +150,18 @@ local function someip_pdu_dissect(buf,pinfo,root) end -- SOME/IP TP - if band(buf(14,1):uint(),0x20) ~= 0 then + if band(m_type_num,0x20) ~= 0 then subtree:add(f_offset,buf(16,4)) local tp_offset = band(buf(16,4):uint(), 0xfffffff0) + pinfo.cols.info = tostring(pinfo.cols.info) .. " Offset=" .. tp_offset subtree:add(f_reserved,buf(19,1)) local more_seg = subtree:add(f_more_seg,buf(19,1)) if band(buf(19,1):uint(),0x01) == 0 then more_seg:append_text(" (Last Segment)") - if msg_types[buf(14,1):uint()] ~= nil then - pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=False" - else - pinfo.cols.info = " Offset=" .. tp_offset .. " More=False" - end + pinfo.cols.info = tostring(pinfo.cols.info) .. " More=False" else more_seg:append_text(" (Another segment follows)") - if msg_types[buf(14,1):uint()] ~= nil then - pinfo.cols.info = msg_types[buf(14,1):uint()] .. " Offset=" .. tp_offset .. " More=True" - else - pinfo.cols.info = " Offset=" .. tp_offset .. " More=True" - end + pinfo.cols.info = tostring(pinfo.cols.info) .. " More=True" end end @@ -161,13 +170,15 @@ local function someip_pdu_dissect(buf,pinfo,root) if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_HDR_LENGTH) then Dissector.get("sd"):call(buf(SOMEIP_HDR_LENGTH):tvb(),pinfo,root) elseif (buf:len() > SOMEIP_HDR_LENGTH) then - Dissector.get("data"):call(buf(SOMEIP_HDR_LENGTH):tvb(),pinfo,root) + Dissector.get("data"):call(buf(SOMEIP_HDR_LENGTH, get_someip_length(buf,pinfo,0) - SOMEIP_HDR_LENGTH):tvb(),pinfo,root) end -end - -local function get_someip_length(buf, pktinfo, offset) - return buf(offset + 4,4):uint() + -- Dissect next SOMEIP packet -- + local end_of_current_packet = get_someip_length(buf,pinfo,0) + local next_packet_length = buf:len() - end_of_current_packet + if next_packet_length > 0 then + Dissector.get("someip"):call(buf(end_of_current_packet):tvb(),pinfo,root) + end end -- main dissection function From 54cfbf72224f6cad0aa3e8dcc2c5619e4b7be0ed Mon Sep 17 00:00:00 2001 From: Tomer Shalish Date: Sun, 13 Oct 2019 09:41:29 +0300 Subject: [PATCH 8/8] Multiple someip PDUs in one packet with no data no longer crash the dissector --- someip.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/someip.lua b/someip.lua index 4d1994f..37a2b92 100644 --- a/someip.lua +++ b/someip.lua @@ -169,7 +169,7 @@ local function someip_pdu_dissect(buf,pinfo,root) -- if (buf(0,4):uint() == 0xffff8100) and (buf:len() > SOMEIP_HDR_LENGTH) then Dissector.get("sd"):call(buf(SOMEIP_HDR_LENGTH):tvb(),pinfo,root) - elseif (buf:len() > SOMEIP_HDR_LENGTH) then + elseif (get_someip_length(buf,pinfo,0) > SOMEIP_HDR_LENGTH) then Dissector.get("data"):call(buf(SOMEIP_HDR_LENGTH, get_someip_length(buf,pinfo,0) - SOMEIP_HDR_LENGTH):tvb(),pinfo,root) end