I'd appreciate if this can be checked in, or rejected if there's a
problem with it.
-------- Original Message --------
Subject: Bug in socks (4) - wrong / no dissection of SOCKS v4a
information - partial patch
Date: Mon, 16 Feb 2004 10:54:47 +0200
From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
To: Ethereal ' <ethereal-dev@xxxxxxxxxxxx>
1. There's no dissection of the domain name, if the remote address is
0.0.0.x (i.e., using SOCKS 4a)
2. The remote address in subsequent packets remains 0.0.0.x, although it
should have been switched to the remote address replied by the server.
Attached pleae find a patch against current CVS to the first problem,
the second is messier.
I'd be happy if someone can also take a look at the patch and comment.
I'm not sure it's complete.
SOCKS v4a is documented in
http://www.socks.nec.com/protocol/socks4a.protocol.
--- packet-socks.orig.c 2004-02-16 10:44:56.000000000 +0200
+++ packet-socks.c 2004-02-16 10:50:30.000000000 +0200
@@ -118,6 +118,7 @@
static int hf_socks_ip_dst = -1;
static int hf_socks_ip6_dst = -1;
static int hf_user_name = -1;
+static int hf_v4a_dns_name = -1;
static int hf_socks_dstport = -1;
static int hf_socks_cmd = -1;
static int hf_socks_results = -1;
@@ -457,6 +458,8 @@
guint command;
+ unsigned char ipaddr[4];
+ guint username_len;
/* Display command from client */
if (compare_packet( hash_info->connect_row)){
@@ -477,6 +480,7 @@
offset += 2;
/* Do destination address */
+ tvb_memcpy(tvb, ipaddr, offset, 4);
proto_tree_add_item( tree, hf_socks_ip_dst, tvb, offset,
4, FALSE);
@@ -486,9 +490,13 @@
/* Should perhaps do TCP reassembly as well */
if ( tvb_offset_exists(tvb, offset)) {
/* display user name */
+ username_len = tvb_strsize(tvb, offset);
proto_tree_add_string( tree, hf_user_name, tvb, offset,
tvb_strsize(tvb, offset),
tvb_get_ptr(tvb, offset, -1));
+ offset += username_len;
+ if(ipaddr[0] == 0 && ipaddr[1] == 0 && ipaddr[2]==0 && ipaddr[3] !=0) /* 0.0.0.x , where x!=0 means v4a support */
+ proto_tree_add_string( tree, hf_v4a_dns_name, tvb, offset, tvb_strsize(tvb, offset), tvb_get_ptr(tvb, offset, -1));
}
}
@@ -1151,6 +1159,10 @@
NULL, 0x0, "", HFILL
}
},
+ { &hf_v4a_dns_name,
+ { "SOCKS v4a Remote Domain Name", "socks.v4a_dns_name", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL
+ }
+ },
{ &hf_socks_dstport,
{ "Remote Port", "socks.dstport", FT_UINT16,
BASE_DEC, NULL, 0x0, "", HFILL