diff options
author | Joerg Mayer <jmayer@loplof.de> | 2018-01-24 04:00:07 +0100 |
---|---|---|
committer | Jörg Mayer <jmayer@loplof.de> | 2018-03-11 11:17:47 +0000 |
commit | 68efae8588dc88254e5b0ee2a4009012be332381 (patch) | |
tree | b15d9a7ad58c17a6dba638222ba64c52857901cf | |
parent | 2a3b58d1333df1d505c4947c22b2388d5491b689 (diff) |
Adapt to current WS code base to make it compile and run without warnings or errors
Change-Id: I135df8b0e49346e32a19620d52cd1a9a44b4ac08
Reviewed-on: https://code.wireshark.org/review/26426
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
-rw-r--r-- | docbook/release-notes.asciidoc | 1 | ||||
-rw-r--r-- | epan/dissectors/CMakeLists.txt | 2 | ||||
-rw-r--r-- | epan/dissectors/Makefile.am | 2 | ||||
-rw-r--r-- | epan/dissectors/README.F5ETHTRAILER | 279 | ||||
-rw-r--r-- | epan/dissectors/packet-f5ethtrailer.c | 423 | ||||
-rw-r--r-- | epan/dissectors/packet-f5ethtrailer.h | 23 | ||||
-rwxr-xr-x | tools/checkfiltername.pl | 3 |
7 files changed, 287 insertions, 446 deletions
diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index 073d634a1d..dcc01c9563 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -100,6 +100,7 @@ Broadcom tags (Broadcom Ethernet switch management frames) CVS password server CAN-ETH Excentis DOCSIS31 XRA header +F5ethtrailer FP Mux GRPC (gRPC) IEEE 802.3br Frame Preemption Protocol diff --git a/epan/dissectors/CMakeLists.txt b/epan/dissectors/CMakeLists.txt index 772a8450cb..afb40b5767 100644 --- a/epan/dissectors/CMakeLists.txt +++ b/epan/dissectors/CMakeLists.txt @@ -322,6 +322,7 @@ set(DISSECTOR_PUBLIC_HEADERS packet-epmd.h packet-ess.h packet-eth.h + packet-f5ethtrailer.h packet-fc.h packet-fcbls.h packet-fcct.h @@ -954,6 +955,7 @@ set(DISSECTOR_SRC ${CMAKE_CURRENT_SOURCE_DIR}/packet-exec.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-exported_pdu.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-extreme.c + ${CMAKE_CURRENT_SOURCE_DIR}/packet-f5ethtrailer.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-fc00.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-fc.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-fcct.c diff --git a/epan/dissectors/Makefile.am b/epan/dissectors/Makefile.am index 7849ccbf6b..9f09b494de 100644 --- a/epan/dissectors/Makefile.am +++ b/epan/dissectors/Makefile.am @@ -576,6 +576,7 @@ DISSECTOR_SRC = \ packet-exec.c \ packet-exported_pdu.c \ packet-extreme.c \ + packet-f5ethtrailer.c \ packet-fc00.c \ packet-fc.c \ packet-fcct.c \ @@ -1575,6 +1576,7 @@ DISSECTOR_INCLUDES = \ packet-epmd.h \ packet-ess.h \ packet-eth.h \ + packet-f5ethtrailer.h \ packet-fc.h \ packet-fcbls.h \ packet-fcct.h \ diff --git a/epan/dissectors/README.F5ETHTRAILER b/epan/dissectors/README.F5ETHTRAILER deleted file mode 100644 index 2c2f702ed2..0000000000 --- a/epan/dissectors/README.F5ETHTRAILER +++ /dev/null @@ -1,279 +0,0 @@ -F5 Ethernet Trailer Plugin -Version 1.11 Aug 19, 2017 -(c) F5 Networks, 2007-2017 - -Supported Platforms: - BIGIP 9.4.2 and later. - -Supported Wireshark Versions: - Wireshark 2.2, 2.4 - -Installation: - 1. Acquire the Wireshark source tarball at: - * http://www.wireshark.org/download/src/wireshark-{version}.tar.bz2 - 2. Extract out the files. - 3. Enter into the directory, and extract the files in the F5 package: - # cd wireshark-{version}/ - # tar xzf wireshark2.2.plugin.f5ethtrailer.1.11.tar.gz - 4. (optional) You might want to define the "NO_F5_POP_OTHERFIELDS" macro. - Please see the note in the packet-f5ethtrailer.c file for details. - 5a. If you are on Windows, proceed to compilation following the - instructions at: - * http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html - 5b. If you are on a GNU GCC based platform, proceed to compilation by - following the instructions at: - * http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBuildFirstTime.html - 6. Install Wireshark to your target system - -Usage: - - * Acquire capture files using the following command line: - * tcpdump -w capture.pcap -s0 -i internal:nnn - * Load the capture file into wireshark. - - * Observe the grammar added to the beginning of each packet in the "Info" - column of the packet list pane. - * Observe the added "F5 Ethernet trailer" section in the packet detail - pane. - * These fields are filterable like any other field. - * Review the preferences for the dissector. - - * If you are using Wireshark 1.8 or higher, you might be missing the Low - details of the trailer for some packets. If this happens, try modifying - the settings for the Ethernet dissector. Go to "Edit/Preferences...", - expand "Protocols" on the left and select "Ethernet". Disable "Assume - short frames which include a trailer contain padding". - -Notes: - - Follow F5 Conversation: - - As an alternative to the Populate Fields for Other Dissectors below, you - can now follow a connection through the BIG-IP using the main menu - Analyze/Conversation Filter menu. There are three options: follow "F5 IP", - "F5 TCP" or "F5 UDP". Select a frame and choose the appropriate menu item. - For best results, disable Populate Fields for Other Dissectors. This - method of following a conversation should avoid the stray packets problem - mentioned below. - - These menu selections will populate an appropriate filter expression with - ip.addr, tcp.port or udp.port, f5ethtrailer.peeraddr, f5ethtrailer.peerport - and f5ethtrailer.peeripproto. - - You will need to have gathered the capture with high noise (":nnn") to - contain the peer flow information in order for this to work. - - Populate Fields for Other Dissectors: - - The populate fields for other dissectors will add hidden fields to the - f5ethtrailer for "ip.addr", "ipv6.addr", "tcp.port" and "udp.port" based on - information in high noise of a packet. This will allow the "Conversation - Filter" option in Wireshark to find both the client-side and server-side - flows for a connection. - - In order to use this, you will need to enable the "Populate fields for - other dissectors" preference. Note that the fields are registered when the - preference is enabled. After changing the preference, you may need to - restart Wireshark for proper handling. - - Please note that this may cause some stray packets to show up in filter - results since, for example, "tcp.port eq A and tcp.port eq B" can now be - matching on at least four fields (tcp.port from the TCP dissector and - tcp.port from the f5ethtrailer dissector) and a filter can match on an - address/port from the IP/TCP/UDP dissector or an address/port from the - f5ethtrailer dissector. - - For example, given two connections: - client:12345 <-> VIP:443 {BIGIP} clientS:12346 <-> poolmember:80 - client:12346 <-> VIP:443 {BIGIP} clientS:12347 <-> poolmember:80 - Selecting "Conversation Filter->TCP" on the client side of the second - connection will result in a filter of: - ip.addr eq client and ip.addr eq VIP and - tcp.port eq 12346 and tcp.port eq 443 - All four flows would be displayed by the filter: - * From client:12345 <-> VIP:443 (unexpected) - - ip.addr from ip.src matches. - - ip.addr from ip.dst matches. - - tcp.port from f5ethtrailer.peerlocalport matches. - - tcp.port from tcp.dstport matches. - * From clientS:12346 <-> poolmember:80 (unexpected) - - ip.addr from f5ethtrailer.peerremoteaddr matches. - - ip.addr from f5ethtrailer.peerlocaladdr matches. - - tcp.port from tcp.srcport matches. - - tcp.port from f5ethtrailer.peerlocalport matches. - * From client:12346 <-> VIP:443 (expected) - - ip.addr from ip.src matches. - - ip.addr from ip.dst matches. - - tcp.port from tcp.srcport matches. - - tcp.port from tcp.dstport matches. - * From clientS:12347 <-> poolmember:80 (desired) - - ip.addr from f5ethtrailer.peerremoteaddr matches. - - ip.addr from f5ethtrailer.peerlocaladdr matches. - - tcp.port from f5ethtrailer.peerremoteport matches. - - tcp.port from f5ethtrailer.peerlocalport matches. - - You can filter based on IP/port information by disabling the "Populate - fields for other dissectors" and creating your own filter like: - ( ip.addr eq client and ip.addr eq VIP and - tcp.port eq 12346 and tcp.port eq 443 ) or - ( f5ethtrailer.peeraddr eq client and f5ethtrailer.peeraddr eq VIP and - f5ethtrailer.peerport eq 12346 and f5ethtrailer.peerport eq 443 ) - - Since the preference is disabled by default, it should not cause any - interference unless the user actively enables the preference. You can - remove the option entirely at compile time by defining the compiler macro - "NO_F5_POP_OTHERFIELDS". - - Analysis: - - The f5ethtrailer dissector can add an "F5 Analysis" subtree to the "F5 - Ethernet trailer" protocol tree. The items added here are also added to - Wireshark expert info. The analysis done is intended to help spot traffic - anomalies. - - Possible Analysis: - * Flow reuse or SYN retransmit - Filter field name: f5ethtrailer.analysis.flowreuse - This is intended to highlight initial packets that arrive that match - a pre-existing flow. In other words, a TCP SYN packet that arrives - and matches an existing flow. This can indicate: - - A prior flow was not properly terminated and a new flow is starting. - - A stray SYN has arrived for an existing connection. - - A SYN has been retransmitted (the first SYN would have created the - flow that subsequent SYNs would match). - - * Flow lost, incorrect VLAN, loose initiation, tunnel or SYN cookie use - Filter field name: f5ethtrailer.analysis.flowlost - This is intended to highlight non-initial packets that arrive that - do not match an existing flow. In other words, a TCP non-SYN packet - arriving that does not match an existing flow. This can indicate: - - The flow is no longer in the BIGIP's connection table. - - VLAN keyed connections is in use (the default) and a packet arrived - on an incorrect VLAN. - - A stray packet has arrived. - - The packet may be handled by a virtual server with loose initiation. - In this case, a packet in the middle of a TCP conversation could - arrive and then be handled by a virtual server that has loose - initiation enabled to create a flow. - - The packet may be the inner payload of a tunnel. For inbound tunnel - traffic, the encapsulating packet is shown as well as the - encapsulated packet (and the encapsulated packet may not have flow - information). - - SYN cookies are being used (the initial SYN would not have created - a flow). - - A few notes. The analysis is implemented by using Wireshark taps and - tapping the IP/IPv6/TCP dissectors. The taps are not called until after - packet dissection is completely finished. So, the f5ethtrailer dissector - may not have the necessary data to draw conclusions. The traffic light - in the lower left corner of the Wireshark GUI might not properly reflect - the existence of these analysis fields. - - Hiding Slot Information in Info Column: - - You can now specify which platforms will display slot information in the - summary in the info columns. In the preferences for the F5 Ethernet - trailer dissector, you can provide a regular expression to match the - platform in F5 tcpdump header packet. If there is no platform information - in the header (or there is no header at all), slot information will always - be displayed. A reasonable regular expression would be "^(A.*|Z101)$" to - match chassis and vCMP platforms (there is no distinction for vCMP on a - chassis versus an appliance). The default is to always display slot - information (no regular expression is provided by default). - - Statistics reports (Wireshark 1.12 and later only): - - All statistics are reported as packet counts and byte counts. Byte count - statistics do not include the bytes of the trailer. - - Statistics menu now has: - F5/Virtual Server Distribution - A line for each named virtual server name - A line for traffic with a flow ID and no virtual server name - A line for traffic without a flow ID. - - F5/tmm Distribution - A line for each tmm. - A line each for ingress and egress (should add to tmm total) - A line each for (should add to tmm total) - Traffic with a virtual server name - Traffic with a flow ID and no virtual server name - Traffic without a flow ID. - -Change Log: -------------------------------------------------------------------------------- -Version 1.11: - * Implemented a tap for the F5 Ethernet trailer dissector - * Used the tap datastructures for the trailer analysis - * Generate Statistics reports (off of Statistics menu) - -------------------------------------------------------------------------------- -Version 1.10: - * Added support for BIG-IP version 12. - * Fixed field size problem for peervlan. - -Version 1.9: - * Added ability to filter connection through BIG-IP - Main Menu/Analyze/Conversation Filter/F5 {IP,TCP,UDP} - -Version 1.8: - * Added support for Wireshark 1.12, dropped support for Wireshark 1.6. - * Improved analysis. It should now work with tshark. - * Ability to restrict slot data in info column to specific platforms. - * Ability to reduce the length of summary information in info column. - * Fixed display of "(peer)" flag in reset cause in the info column (the peer - flag has always been correct in the packet details pane). - * Other minor fixes. - -------------------------------------------------------------------------------- -Version 1.7: - * Support for BIG-IP 11.5. - -------------------------------------------------------------------------------- -Version 1.6: - * Added support for Wireshark 1.10. - * The population of fields for other dissectors is now compiled by default. - * Added analysis of trailer information. - * High noise (peer flow information) is not rendered if there is not - actually a peer flow. - * Removed support for Wireshark 1.4. - -------------------------------------------------------------------------------- -Version 1.5: - * Render tcpdump first pseudo-packet which contains command information. - * If there is no peer flow data, don't render high noise, just show a field - that says there is no peer flow data. - -------------------------------------------------------------------------------- -Version 1.4: - * Fixed issue with improper rendering of some v11.2 variable length trailers. - -------------------------------------------------------------------------------- -Version 1.3: - * Support for BIG-IP v11.2. - * Support for BIG-IP v11.0. - * With v10 and higher captures, slots start at 1 to match tcpdump output on - BIG-IP. - * Add "IN" and "OUT" strings to the display of the ingress field in the - packet details pane. - * Add ability to populate ip.addr, tcp.port, etc. to make following both - flows in a connection easier based upon data in the high detail. (This is - not compiled in by default, controlled by F5_POP_OTHERFIELDS macro.) - * Add preference to put the tmm/blade/ingress in the info column or not. - * Add generic peeraddr/peerport fields (to match either local or remote). - * Display peer addresses as IPv4 where appropriate. - * Display route domain IPv6 format address as IPv4 + route domain ID. - * Modest performance improvement. - * No longer support WS 1.2.x. 1.4.5 and higher only. - * Other minor fixes. - -------------------------------------------------------------------------------- -Version 1.2: - * Low detail trailer information is now collapsible. - * Fixed display of ingress slot and port fields. - * Properly display version 9.4 trailers - * Ports to build on WS 1.2 - * Added an "anyflowid" field so that search for a flowid as either a flowid - or a peer flow id is collapsed to one filter: - "f5ethtrailer.anyflowid eq X" is equivalent to - "(f5ethtrailer.flowid eq X or f5ethtrailer.peerid eq X)" diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c index bfc621bd2c..26f2fd4369 100644 --- a/epan/dissectors/packet-f5ethtrailer.c +++ b/epan/dissectors/packet-f5ethtrailer.c @@ -1,20 +1,189 @@ /* packet-f5ethtrailer.c -* This program is free software; you can redistribute it and/or -* modify it under the terms of the GNU General Public License -* as published by the Free Software Foundation; either version 2 -* of the License, or (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -* -* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks -*/ + * + * F5 Ethernet Trailer Copyright 2008-2017 F5 Networks + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* +Supported Platforms: + BIGIP 9.4.2 and later. + +Usage: + + * Acquire capture files using the following command line: + * tcpdump -w capture.pcap -s0 -i internal:nnn + * Load the capture file into wireshark. + + * Observe the grammar added to the beginning of each packet in the "Info" + column of the packet list pane. + * Observe the added "F5 Ethernet trailer" section in the packet detail + pane. + * These fields are filterable like any other field. + * Review the preferences for the dissector. + + * If you are missing the Low details of the trailer for some packets, try + modifying the settings for the Ethernet dissector. Go to "Edit/Preferences...", + expand "Protocols" on the left and select "Ethernet". Disable "Assume + short frames which include a trailer contain padding". + +Notes: + + Follow F5 Conversation: + + As an alternative to the Populate Fields for Other Dissectors below, you + can now follow a connection through the BIG-IP using the main menu + Analyze/Conversation Filter menu. There are three options: follow "F5 IP", + "F5 TCP" or "F5 UDP". Select a frame and choose the appropriate menu item. + For best results, disable Populate Fields for Other Dissectors. This + method of following a conversation should avoid the stray packets problem + mentioned below. + + These menu selections will populate an appropriate filter expression with + ip.addr, tcp.port or udp.port, f5ethtrailer.peeraddr, f5ethtrailer.peerport + and f5ethtrailer.peeripproto. + + You will need to have gathered the capture with high noise (":nnn") to + contain the peer flow information in order for this to work. + + Populate Fields for Other Dissectors: + + The populate fields for other dissectors will add hidden fields to the + f5ethtrailer for "ip.addr", "ipv6.addr", "tcp.port" and "udp.port" based on + information in high noise of a packet. This will allow the "Conversation + Filter" option in Wireshark to find both the client-side and server-side + flows for a connection. + + In order to use this, you will need to enable the "Populate fields for + other dissectors" preference. Note that the fields are registered when the + preference is enabled. After changing the preference, you may need to + restart Wireshark for proper handling. + + Please note that this may cause some stray packets to show up in filter + results since, for example, "tcp.port eq A and tcp.port eq B" can now be + matching on at least four fields (tcp.port from the TCP dissector and + tcp.port from the f5ethtrailer dissector) and a filter can match on an + address/port from the IP/TCP/UDP dissector or an address/port from the + f5ethtrailer dissector. + + For example, given two connections: + client:12345 <-> VIP:443 {BIGIP} clientS:12346 <-> poolmember:80 + client:12346 <-> VIP:443 {BIGIP} clientS:12347 <-> poolmember:80 + Selecting "Conversation Filter->TCP" on the client side of the second + connection will result in a filter of: + ip.addr eq client and ip.addr eq VIP and + tcp.port eq 12346 and tcp.port eq 443 + All four flows would be displayed by the filter: + * From client:12345 <-> VIP:443 (unexpected) + - ip.addr from ip.src matches. + - ip.addr from ip.dst matches. + - tcp.port from f5ethtrailer.peerlocalport matches. + - tcp.port from tcp.dstport matches. + * From clientS:12346 <-> poolmember:80 (unexpected) + - ip.addr from f5ethtrailer.peerremoteaddr matches. + - ip.addr from f5ethtrailer.peerlocaladdr matches. + - tcp.port from tcp.srcport matches. + - tcp.port from f5ethtrailer.peerlocalport matches. + * From client:12346 <-> VIP:443 (expected) + - ip.addr from ip.src matches. + - ip.addr from ip.dst matches. + - tcp.port from tcp.srcport matches. + - tcp.port from tcp.dstport matches. + * From clientS:12347 <-> poolmember:80 (desired) + - ip.addr from f5ethtrailer.peerremoteaddr matches. + - ip.addr from f5ethtrailer.peerlocaladdr matches. + - tcp.port from f5ethtrailer.peerremoteport matches. + - tcp.port from f5ethtrailer.peerlocalport matches. + + You can filter based on IP/port information by disabling the "Populate + fields for other dissectors" and creating your own filter like: + ( ip.addr eq client and ip.addr eq VIP and + tcp.port eq 12346 and tcp.port eq 443 ) or + ( f5ethtrailer.peeraddr eq client and f5ethtrailer.peeraddr eq VIP and + f5ethtrailer.peerport eq 12346 and f5ethtrailer.peerport eq 443 ) + + Since the preference is disabled by default, it should not cause any + interference unless the user actively enables the preference. You can + remove the option entirely at compile time by defining the compiler macro + "NO_F5_POP_OTHERFIELDS". + + Analysis: + + The f5ethtrailer dissector can add an "F5 Analysis" subtree to the "F5 + Ethernet trailer" protocol tree. The items added here are also added to + Wireshark expert info. The analysis done is intended to help spot traffic + anomalies. + + Possible Analysis: + * Flow reuse or SYN retransmit + Filter field name: f5ethtrailer.analysis.flowreuse + This is intended to highlight initial packets that arrive that match + a pre-existing flow. In other words, a TCP SYN packet that arrives + and matches an existing flow. This can indicate: + - A prior flow was not properly terminated and a new flow is starting. + - A stray SYN has arrived for an existing connection. + - A SYN has been retransmitted (the first SYN would have created the + flow that subsequent SYNs would match). + + * Flow lost, incorrect VLAN, loose initiation, tunnel or SYN cookie use + Filter field name: f5ethtrailer.analysis.flowlost + This is intended to highlight non-initial packets that arrive that + do not match an existing flow. In other words, a TCP non-SYN packet + arriving that does not match an existing flow. This can indicate: + - The flow is no longer in the BIGIP's connection table. + - VLAN keyed connections is in use (the default) and a packet arrived + on an incorrect VLAN. + - A stray packet has arrived. + - The packet may be handled by a virtual server with loose initiation. + In this case, a packet in the middle of a TCP conversation could + arrive and then be handled by a virtual server that has loose + initiation enabled to create a flow. + - The packet may be the inner payload of a tunnel. For inbound tunnel + traffic, the encapsulating packet is shown as well as the + encapsulated packet (and the encapsulated packet may not have flow + information). + - SYN cookies are being used (the initial SYN would not have created + a flow). + + A few notes. The analysis is implemented by using Wireshark taps and + tapping the IP/IPv6/TCP dissectors. The taps are not called until after + packet dissection is completely finished. So, the f5ethtrailer dissector + may not have the necessary data to draw conclusions. The traffic light + in the lower left corner of the Wireshark GUI might not properly reflect + the existence of these analysis fields. + + Hiding Slot Information in Info Column: + + You can now specify which platforms will display slot information in the + summary in the info columns. In the preferences for the F5 Ethernet + trailer dissector, you can provide a regular expression to match the + platform in F5 tcpdump header packet. If there is no platform information + in the header (or there is no header at all), slot information will always + be displayed. A reasonable regular expression would be "^(A.*|Z101)$" to + match chassis and vCMP platforms (there is no distinction for vCMP on a + chassis versus an appliance). The default is to always display slot + information (no regular expression is provided by default). + + Statistics reports: + + All statistics are reported as packet counts and byte counts. Byte count + statistics do not include the bytes of the trailer. + + Statistics menu now has: + F5/Virtual Server Distribution + A line for each named virtual server name + A line for traffic with a flow ID and no virtual server name + A line for traffic without a flow ID. + + F5/tmm Distribution + A line for each tmm. + A line each for ingress and egress (should add to tmm total) + A line each for (should add to tmm total) + Traffic with a virtual server name + Traffic with a flow ID and no virtual server name + Traffic without a flow ID. + */ + /* A note about the F5_POP_OTHERFIELDS macro: * @@ -36,18 +205,6 @@ * not be a change for people that have been running without it. */ -/* There is a an issue with the Wireshark Ethernet dissector. It does not call - * trailer dissectors if it is not building a tree. The problems with this are - * 1. With some invocations of tshark, you will not get the IN/OUT and tmm - * information in the default tshark output. This can be fixed by somehow - * triggering tshark to build a tree (supply a filter, or add custom - * columns to the display, or probably other things). - * 2. When performing analysis (and populating expert info) during the first - * pass through the capture, the trailer information is not read and there - * can be no analysis performed. So, the traffic light in the lower left - * corner of the gui will likely be incorrect. - */ - /* Only enable populate othe fields if it has not been requested that it be * built without (-DNO_F5_POP_OTHERFIELDS on the compiler command line). */ #ifndef NO_F5_POP_OTHERFIELDS @@ -72,7 +229,6 @@ #include <epan/proto_data.h> #include <epan/dissector_filters.h> #include <epan/dissectors/packet-ip.h> -#include <epan/dissectors/packet-ipv6.h> #include <epan/dissectors/packet-tcp.h> #include <epan/etypes.h> #include <epan/to_str.h> @@ -83,24 +239,18 @@ #define PROTO_TAG_F5ETHTRAILER "F5ETHTRAILER" -/*-----------------------------------------------------------------------------------------------*/ -/** Setup macros to ease the commpilation of this dissector on various versions of Wireshark. */ -#if defined(VERSION_MAJOR) && defined(VERSION_MINOR) -# if VERSION_MAJOR > 2 || (VERSION_MAJOR == 2 && VERSION_MINOR == 2) -# define ip6h_nxt ip6_nxt -# endif -# if VERSION_MAJOR > 2 || (VERSION_MAJOR == 2 && VERSION_MINOR >= 4) - /* Nothing at this point. */ -# endif -#endif -/*-----------------------------------------------------------------------------------------------*/ - /* Wireshark ID of the F5ETHTRAILER protocol */ static int proto_f5ethtrailer = -1; static int tap_f5ethtrailer = -1; static int proto_f5fileinfo = -1; static int tap_f5fileinfo = -1; +void proto_reg_handoff_f5ethtrailer(void); +void proto_register_f5ethtrailer(void); + +void proto_reg_handoff_f5fileinfo(void); +void proto_register_f5fileinfo(void); + gboolean dissect_f5ethtrailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); @@ -120,11 +270,8 @@ static gint hf_vip = -1; /* Med */ static gint hf_med_id = -1; static gint hf_flow_id = -1; -static gint hf_flow_id64 = -1; static gint hf_peer_id = -1; -static gint hf_peer_id64 = -1; static gint hf_any_flow = -1; -static gint hf_any_flow64 = -1; static gint hf_cf_flags = -1; static gint hf_cf_flags2 = -1; static gint hf_flow_type = -1; @@ -299,16 +446,16 @@ static gboolean f5_udp_conv_valid(packet_info *pinfo) static gchar *f5_ip_conv_filter(packet_info *pinfo) { gchar *buf = NULL; - gchar s_addr[MAX_IP6_STR_LEN]; - gchar d_addr[MAX_IP6_STR_LEN]; + gchar s_addr[WS_INET6_ADDRSTRLEN]; + gchar d_addr[WS_INET6_ADDRSTRLEN]; if( !f5_ip_conv_valid(pinfo) ) { return(NULL); } *d_addr = *s_addr = '\0'; if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ip.addr eq %s and ip.addr eq %s) or" @@ -316,8 +463,8 @@ static gchar *f5_ip_conv_filter(packet_info *pinfo) s_addr, d_addr, s_addr, d_addr); } } else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ipv6.addr eq %s and ipv6.addr eq %s) or" @@ -354,16 +501,16 @@ static gchar *f5_ip_conv_filter(packet_info *pinfo) static gchar *f5_tcp_conv_filter(packet_info *pinfo) { gchar *buf = NULL; - gchar s_addr[MAX_IP6_STR_LEN]; - gchar d_addr[MAX_IP6_STR_LEN]; + gchar s_addr[WS_INET6_ADDRSTRLEN]; + gchar d_addr[WS_INET6_ADDRSTRLEN]; if( !f5_tcp_conv_valid(pinfo) ) { return(NULL); } *d_addr = *s_addr = '\0'; if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ip.addr eq %s and ip.addr eq %s and tcp.port eq %d and tcp.port eq %d) or" @@ -374,8 +521,8 @@ static gchar *f5_tcp_conv_filter(packet_info *pinfo) s_addr, d_addr, pinfo->srcport, pinfo->destport); } } else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ipv6.addr eq %s and ipv6.addr eq %s and tcp.port eq %d and tcp.port eq %d) or" @@ -415,16 +562,16 @@ static gchar *f5_tcp_conv_filter(packet_info *pinfo) static gchar *f5_udp_conv_filter(packet_info *pinfo) { gchar *buf = NULL; - gchar s_addr[MAX_IP6_STR_LEN]; - gchar d_addr[MAX_IP6_STR_LEN]; + gchar s_addr[WS_INET6_ADDRSTRLEN]; + gchar d_addr[WS_INET6_ADDRSTRLEN]; if( !f5_udp_conv_valid(pinfo) ) { return(NULL); } *d_addr = *s_addr = '\0'; if(pinfo->net_src.type == AT_IPv4 && pinfo->net_dst.type == AT_IPv4) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ip.addr eq %s and ip.addr eq %s and udp.port eq %d and udp.port eq %d) or" @@ -435,8 +582,8 @@ static gchar *f5_udp_conv_filter(packet_info *pinfo) s_addr, d_addr, pinfo->srcport, pinfo->destport); } } else if(pinfo->net_src.type == AT_IPv6 && pinfo->net_dst.type == AT_IPv6) { - address_to_str_buf(&pinfo->src, s_addr, MAX_IP6_STR_LEN); - address_to_str_buf(&pinfo->dst, d_addr, MAX_IP6_STR_LEN); + address_to_str_buf(&pinfo->src, s_addr, WS_INET6_ADDRSTRLEN); + address_to_str_buf(&pinfo->dst, d_addr, WS_INET6_ADDRSTRLEN); if(*s_addr != '\0' && *d_addr != '\0') { buf = g_strdup_printf( "(ipv6.addr eq %s and ipv6.addr eq %s and udp.port eq %d and udp.port eq %d) or" @@ -482,7 +629,7 @@ static const gchar *st_str_virtdist_novirt = "Flow without virtual server name"; * * \attention This is an interface function to be called from the rest of wireshark. * - * @param st + * @param st A pointer to the stats tree to use * */ static void f5eth_tmmdist_stats_tree_init( @@ -502,7 +649,7 @@ static void f5eth_tmmdist_stats_tree_init( * * @param st A pointer to the stats tree to use * @param pinfo A pointer to the packet info. - * @param edt + * @param edt Unused * @param data A pointer to the data provided by the tap * @return 1 if the data was actually used to alter the statistics, 0 otherwise. * @@ -513,7 +660,7 @@ static int f5eth_tmmdist_stats_tree_packet( epan_dissect_t *edt _U_, const void *data ) { - f5eth_tap_data_t *tdata; + const f5eth_tap_data_t *tdata; guint32 pkt_len; int st_node_tot_pkts; int st_node_tot_bytes; @@ -522,7 +669,7 @@ static int f5eth_tmmdist_stats_tree_packet( char tmm_stat_name_buffer[PER_TMM_STAT_NAME_BUF_LEN]; if(data == NULL) return 0; - tdata = (f5eth_tap_data_t *)data; + tdata = (const f5eth_tap_data_t *)data; /* Unnecessary since this tap packet function and the F5 Ethernet trailer dissector are both in * the same source file. If you are using this function as an example in a separate tap source * file, you should uncomment this. @@ -617,11 +764,11 @@ static int f5eth_virtdist_stats_tree_packet( epan_dissect_t *edt _U_, const void *data ) { - f5eth_tap_data_t *tdata; + const f5eth_tap_data_t *tdata; guint32 pkt_len; if(data == NULL) return 0; - tdata = (f5eth_tap_data_t *)data; + tdata = (const f5eth_tap_data_t *)data; /* Unnecessary since this tap packet function and the F5 Ethernet trailer dissector are both in * the same source file. If you are using this function as an example in a separate tap source * file, you should uncomment this. @@ -727,7 +874,7 @@ typedef enum { , brief_in_out_only = 7 } f5eth_info_type_t; /** Info column display format type strings */ -static enum_val_t f5eth_display_strings[] = { +static const enum_val_t f5eth_display_strings[] = { { "None", "None", 0 } , { "Full", "Full", 1 } , { "InOutOnly", "In/out only", 3 } @@ -829,7 +976,7 @@ static void f5eth_set_info_col_inout( packet_info *pinfo, guint ingress, guint slot _U_, - guint tm _U_ + guint tmm _U_ ) { gboolean col_writable; /* @@ -839,23 +986,11 @@ static void f5eth_set_info_col_inout( col_writable = col_get_writable(pinfo->cinfo, COL_INFO); col_set_writable(pinfo->cinfo, COL_INFO, TRUE); -# if ( __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 5)) -# pragma GCC diagnostic push -# pragma GCC diagnostic ignored "-Wformat-security" -# endif - /** The info_format_in_only and info_format_out_only should not have any format - * specifiers in them, and as such, this function should not require additional - * paramters. Warning silenced on gcc. There is no col_prepend_fence_str() - * function in Wireshark. If you modify the value(s) for - * info_format*_{in,out}_only, you do so at your own risk. */ - if(ingress != 0) { - col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, info_format_in_only); - } else { - col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, info_format_out_only); - } -# if ( __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 5)) -# pragma GCC diagnostic pop -# endif + if(ingress != 0) { + col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, "%s", info_format_in_only); + } else { + col_prepend_fence_fstr(pinfo->cinfo, COL_INFO, "%s", info_format_out_only); + } /* Reset writable to whatever it was before we got here. */ col_set_writable(pinfo->cinfo, COL_INFO, col_writable); @@ -1093,25 +1228,25 @@ void proto_register_f5ethtrailer (void) } , { &hf_type, { "Type", "f5ethtrailer.type", FT_UINT8, BASE_DEC, NULL, - 0x0, "F5ETHTRAILER type", HFILL } + 0x0, NULL, HFILL } } , { &hf_length, { "Trailer length", "f5ethtrailer.length", FT_UINT8, BASE_DEC, NULL, - 0x0, "F5ETHTRAILER length", HFILL } + 0x0, NULL, HFILL } } , { &hf_version, { "Version", "f5ethtrailer.version", FT_UINT8, BASE_DEC, NULL, - 0x0, "F5ETHTRAILER version", HFILL } + 0x0, NULL, HFILL } } /* Low parameters */ , { &hf_low_id, - { "F5 Low Details", "f5ethtrailer.low", FT_NONE, BASE_NONE, NULL, - 0x0, "Low Details", HFILL } + { "Low Details", "f5ethtrailer.low", FT_NONE, BASE_NONE, NULL, + 0x0, NULL, HFILL } } , { &hf_ingress, { "Ingress", "f5ethtrailer.ingress", FT_BOOLEAN, BASE_NONE, NULL, - 0x0, "Incoming packet?", HFILL } + 0x0, NULL, HFILL } } , { &hf_slot0, { "Slot (0-based)", "f5ethtrailer.slot", FT_UINT8, BASE_DEC, NULL, @@ -1127,7 +1262,7 @@ void proto_register_f5ethtrailer (void) } , { &hf_vipnamelen, { "VIP name length", "f5ethtrailer.vipnamelen", FT_UINT8, BASE_DEC, NULL, - 0x0, "Length of the VIP field", HFILL } + 0x0, NULL, HFILL } } , { &hf_vip, { "VIP", "f5ethtrailer.vip", FT_STRING, BASE_NONE, NULL, @@ -1136,60 +1271,48 @@ void proto_register_f5ethtrailer (void) /* Medium parameters */ , { &hf_med_id, - { "F5 Medium Details", "f5ethtrailer.medium", FT_NONE, BASE_NONE, NULL, - 0x0, "Medium Details", HFILL } + { "Medium Details", "f5ethtrailer.medium", FT_NONE, BASE_NONE, NULL, + 0x0, NULL, HFILL } } , { &hf_any_flow, - { "Flow ID or peer flow ID", "f5ethtrailer.anyflowid", FT_UINT32, BASE_HEX, NULL, - 0x0, "", HFILL } - } - , { &hf_any_flow64, { "Flow ID or peer flow ID", "f5ethtrailer.anyflowid", FT_UINT64, BASE_HEX, NULL, - 0x0, "", HFILL } + 0x0, NULL, HFILL } } , { &hf_flow_id, - { "Flow ID", "f5ethtrailer.flowid", FT_UINT32, BASE_HEX, NULL, - 0x0, "Flow ID", HFILL } - } - , { &hf_flow_id64, { "Flow ID", "f5ethtrailer.flowid", FT_UINT64, BASE_HEX, NULL, - 0x0, "Flow ID", HFILL } + 0x0, NULL, HFILL } } , { &hf_peer_id, - { "Peer ID", "f5ethtrailer.peerid", FT_UINT32, BASE_HEX, NULL, - 0x0, "Peer ID", HFILL } - } - , { &hf_peer_id64, { "Peer ID", "f5ethtrailer.peerid", FT_UINT64, BASE_HEX, NULL, - 0x0, "Peer ID", HFILL } + 0x0, NULL, HFILL } } , { &hf_cf_flags, { "Connflow Flags", "f5ethtrailer.cfflags", FT_UINT32, BASE_HEX, NULL, - 0x0, "Connflow flags", HFILL } + 0x0, NULL, HFILL } } , { &hf_cf_flags2, { "Connflow Flags High Bits", "f5ethtrailer.cfflags2", FT_UINT32, - BASE_HEX, NULL, 0x0, "Connflow flags high bits", HFILL } + BASE_HEX, NULL, 0x0, NULL, HFILL } } , { &hf_flow_type, { "Flow Type", "f5ethtrailer.flowtype", FT_UINT8, BASE_HEX, NULL, - 0x0, "Flow type", HFILL } + 0x0, NULL, HFILL } } , { &hf_ha_unit, { "HA Unit", "f5ethtrailer.haunit", FT_UINT8, BASE_HEX, NULL, - 0x0, "HA unit", HFILL } + 0x0, NULL, HFILL } } , { &hf_ingress_slot, { "Ingress Slot", "f5ethtrailer.ingressslot", FT_UINT16, BASE_DEC, NULL, - 0x0, "Ingress slot", HFILL } + 0x0, NULL, HFILL } } , { &hf_ingress_port, { "Ingress Port", "f5ethtrailer.ingressport", FT_UINT16, BASE_DEC, NULL, - 0x0, "Ingress port", HFILL } + 0x0, NULL, HFILL } } , { &hf_priority, { "Priority", "f5ethtrailer.priority", FT_UINT8, BASE_DEC, NULL, - 0x0, "Packet priority", HFILL } + 0x0, NULL, HFILL } } , { &hf_rstcause, { "RST cause", "f5ethtrailer.rstcause", FT_NONE, BASE_NONE, NULL, @@ -1222,16 +1345,16 @@ void proto_register_f5ethtrailer (void) /* High parameters */ , { &hf_high_id, - { "F5 High Details", "f5ethtrailer.high", FT_NONE, BASE_NONE, NULL, - 0x0, "High Details", HFILL } + { "High Details", "f5ethtrailer.high", FT_NONE, BASE_NONE, NULL, + 0x0, NULL, HFILL } } , { &hf_peer_ipproto, { "Peer IP Protocol", "f5ethtrailer.peeripproto", FT_UINT8, BASE_DEC, - NULL, 0x0, "Peer IP", HFILL } + NULL, 0x0, NULL, HFILL } } , { &hf_peer_vlan, { "Peer VLAN", "f5ethtrailer.peervlan", FT_UINT16, BASE_DEC, NULL, - 0x0, "Peer VLAN", HFILL } + 0x0, NULL, HFILL } } , { &hf_peer_remote_addr, { "Peer remote address", "f5ethtrailer.peerremoteaddr", FT_IPv4, @@ -1259,11 +1382,11 @@ void proto_register_f5ethtrailer (void) } , { &hf_peer_remote_rtdom, { "Peer remote route domain", "f5ethtrailer.peerremotertdom", FT_UINT16, - BASE_DEC, NULL, 0x0, "Peer remote route domain", HFILL } + BASE_DEC, NULL, 0x0, NULL, HFILL } } , { &hf_peer_local_rtdom, { "Peer local route domain", "f5ethtrailer.peerlocalrtdom", FT_UINT16, - BASE_DEC, NULL, 0x0, "Peer local route domain", HFILL } + BASE_DEC, NULL, 0x0, NULL, HFILL } } , { &hf_peer_rtdom, { "Peer remote or local route domain", "f5ethtrailer.peerrtdom", FT_UINT16, @@ -1271,11 +1394,11 @@ void proto_register_f5ethtrailer (void) } , { &hf_peer_remote_port, { "Peer remote port", "f5ethtrailer.peerremoteport", FT_UINT16, BASE_DEC, - NULL, 0x0, "Peer remote port", HFILL } + NULL, 0x0, NULL, HFILL } } , { &hf_peer_local_port, { "Peer local port", "f5ethtrailer.peerlocalport", FT_UINT16, BASE_DEC, - NULL, 0x0, "Peer local port", HFILL } + NULL, 0x0, NULL, HFILL } } , { &hf_peer_port, { "Peer remote or local port", "f5ethtrailer.peerport", FT_UINT16, BASE_DEC, @@ -1288,7 +1411,7 @@ void proto_register_f5ethtrailer (void) /* Analysis parameters */ , { &hf_analysis, - { "F5 Analysis", "f5ethtrailer.analysis", FT_NONE, BASE_NONE, NULL, + { "Analysis", "f5ethtrailer.analysis", FT_NONE, BASE_NONE, NULL, 0x0, "Analysis of details", HFILL } } , { &hf_analysis_flowreuse, @@ -1712,7 +1835,7 @@ static void perform_analysis(struct f5eth_analysis_data_t *ad) * @param tvb A pointer to a TV buffer for the packet. * @param pinfo A pointer to the packet info struction for the packet * @param tree A pointer to the protocol tree structure - * @param tdata A pointer to the intra-noise information data + * @param ad A pointer to the intra-noise information data * * There is a shortcoming in the Ethernet dissector where the trailer dissectors are not called * when there is no protocol tree. So, for example, when first loading the file, this is not @@ -1724,7 +1847,7 @@ static void render_analysis( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - struct f5eth_analysis_data_t *ad) + const struct f5eth_analysis_data_t *ad) { proto_item *pi; proto_tree *pt; @@ -1756,21 +1879,21 @@ static gboolean ip_tap_pkt( const void *data ) { struct f5eth_analysis_data_t *ad; - ws_ip *iph; + const ws_ip4 *iph; if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE); if(ad->ip_visited == 1) return(FALSE); ad->ip_visited = 1; if(data == NULL) return(FALSE); - iph = (ws_ip *)data; + iph = (const ws_ip4 *)data; /* Only care about TCP at this time */ /* We wait until here to make this check so that if TCP in encapsulated in something else, we * don't work on the encapsulated header. So, we only want to work on TCP if it associated * with the first IP header (not if it's embedded in an ICMP datagram or some sort of tunnel). */ - if(iph->ip_nxt != IP_PROTO_TCP) { + if(iph->ip_proto != IP_PROTO_TCP) { ad->ip_istcp = 0; return(FALSE); } @@ -1791,14 +1914,14 @@ static gboolean ipv6_tap_pkt( const void *data ) { struct f5eth_analysis_data_t *ad; - struct ws_ip6_hdr *ipv6h; + const struct ws_ip6_hdr *ipv6h; if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE); if(ad->ip_visited == 1) return(FALSE); ad->ip_visited = 1; if(data == NULL) return(FALSE); - ipv6h = (struct ws_ip6_hdr *)data; + ipv6h = (const struct ws_ip6_hdr *)data; /* Only care about TCP at this time */ /* We wait until here to make this check so that if TCP in encapsulated in something else, we @@ -1829,14 +1952,14 @@ static gboolean tcp_tap_pkt( const void *data ) { struct f5eth_analysis_data_t *ad; - tcp_info_t *tcph; + const tcp_info_t *tcph; if((ad = get_f5eth_analysis_data(pinfo)) == NULL) return(FALSE); if(ad->tcp_visited == 1) return(FALSE); ad->tcp_visited = 1; if(data == NULL) return(FALSE); - tcph = (tcp_info_t *)data; + tcph = (const tcp_info_t *)data; ad->tcp_synset = (tcph->th_flags & TH_SYN) ? 1 : 0; ad->tcp_ackset = (tcph->th_flags & TH_ACK) ? 1 : 0; @@ -1911,7 +2034,7 @@ static proto_item *displayIPv6as4( if(hidden) PROTO_ITEM_SET_HIDDEN(pi); } } - + return(pi); } /* displayIPv6as4() */ @@ -2210,13 +2333,13 @@ dissect_med_trailer( } else { /* After v10, flowIDs are 64bit */ tdata->flow = tvb_get_ntoh64(tvb,o); - pi = proto_tree_add_item(tree, hf_flow_id64, tvb, o, 8, ENC_BIG_ENDIAN); - pi = proto_tree_add_item(tree, hf_any_flow64, tvb, o, 8, ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_flow_id, tvb, o, 8, ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_any_flow, tvb, o, 8, ENC_BIG_ENDIAN); PROTO_ITEM_SET_HIDDEN(pi); o += 8; tdata->peer_flow = tvb_get_ntoh64(tvb,o); - pi = proto_tree_add_item(tree, hf_peer_id64, tvb, o, 8, ENC_BIG_ENDIAN); - pi = proto_tree_add_item(tree, hf_any_flow64, tvb, o, 8, ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_peer_id, tvb, o, 8, ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_any_flow, tvb, o, 8, ENC_BIG_ENDIAN); PROTO_ITEM_SET_HIDDEN(pi); o += 8; } @@ -2277,13 +2400,13 @@ dissect_med_trailer( rstcauseval, "0x%012" G_GINT64_MODIFIER "x", rstcauseval); pi = proto_tree_add_item(rc_tree, hf_rstcause_line, tvb, o+6, 2, ENC_BIG_ENDIAN); o += 8; - + proto_item_append_text(rc_item, ": [%" G_GINT64_MODIFIER "x:%" G_GINT64_MODIFIER "u]%s %s", rstcauseval, rstcauseline, rstcausepeer ? " {peer}" : "", tvb_get_string_enc(wmem_packet_scope(), tvb, o, rstcauselen-(o-startcause), ENC_ASCII)); pi = proto_tree_add_item(rc_tree, hf_rstcause_txt, tvb, o, rstcauselen-(o-startcause), - ENC_ASCII); + ENC_ASCII|ENC_NA); o += (rstcauselen - (o-startcause)); /* XXX This is strange */ break; default: @@ -2441,7 +2564,7 @@ dissect_low_trailer( PROTO_ITEM_SET_HIDDEN(pi); o += 1; } - pi = proto_tree_add_item(tree, hf_vip, tvb, o, vipnamelen, ENC_ASCII); + pi = proto_tree_add_item(tree, hf_vip, tvb, o, vipnamelen, ENC_ASCII|ENC_NA); o += vipnamelen; return(trailer_length); @@ -2489,7 +2612,7 @@ dissect_f5ethtrailer( tdata->noise_high = 0; tdata->flows_set = 0; tdata->ingress = 3; - + /* If there is no reference to the fields here, then there is no need to * populate a tree. We only need to populate the column information. Set * tree to NULL to prevent the subdissectors from doing much work. */ @@ -2641,7 +2764,7 @@ dissect_f5ethtrailer( * dissectors have a chance to dissect (and the Ethernet dissector does not * waste its time rendering Ethernet information for no reason). */ -gboolean +static gboolean dissect_f5fileinfo( tvbuff_t *tvb , packet_info *pinfo @@ -2687,7 +2810,7 @@ dissect_f5fileinfo( guint i; const guint8 *c; - proto_tree_add_item(tree, hf_fi_version, tvb, offset+5, objlen-6, ENC_ASCII); + proto_tree_add_item(tree, hf_fi_version, tvb, offset+5, objlen-6, ENC_ASCII|ENC_NA); for(c=object; *c && (*c < '0' || *c > '9'); c++); for(i=0; i<6 && *c; c++) { if(*c < '0' || *c > '9') { @@ -2697,13 +2820,13 @@ dissect_f5fileinfo( } } else if(strncmp(object, "HOST: ", 6) == 0) - proto_tree_add_item(tree, hf_fi_hostname, tvb, offset+6, objlen-7, ENC_ASCII); + proto_tree_add_item(tree, hf_fi_hostname, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA); else if(strncmp(object, "PLAT: ", 6) == 0) { - proto_tree_add_item(tree, hf_fi_platform, tvb, offset+6, objlen-7, ENC_ASCII); + proto_tree_add_item(tree, hf_fi_platform, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA); platform = tvb_get_string_enc(wmem_packet_scope(), tvb, offset+6, objlen-7, ENC_ASCII); } else if(strncmp(object, "PROD: ", 6) == 0) - proto_tree_add_item(tree, hf_fi_product, tvb, offset+6, objlen-7, ENC_ASCII); + proto_tree_add_item(tree, hf_fi_product, tvb, offset+6, objlen-7, ENC_ASCII|ENC_NA); offset += objlen; } diff --git a/epan/dissectors/packet-f5ethtrailer.h b/epan/dissectors/packet-f5ethtrailer.h index 016d6619e6..ce41ff741a 100644 --- a/epan/dissectors/packet-f5ethtrailer.h +++ b/epan/dissectors/packet-f5ethtrailer.h @@ -1,20 +1,9 @@ /* packet-f5ethtrailer.h -* This program is free software; you can redistribute it and/or -* modify it under the terms of the GNU General Public License -* as published by the Free Software Foundation; either version 2 -* of the License, or (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -* -* F5 Ethernet Trailer Copyright 2008-2017 F5 Networks -*/ + * + * F5 Ethernet Trailer Copyright 2008-2017 F5 Networks + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ /* How to use the fileinfo version tap * @@ -52,7 +41,7 @@ * change. * Example: * #define F5FILEINFO_TAP_POST_FUNC f5info_tap_local - * #include <plugins/f5ethtrailer/packet-f5ethtrailer.h> + * #include <epan/dissectors/packet-f5ethtrailer.h> * ... * static void f5info_tap_local(struct f5fileinfo_tap_data *tap_data) * { diff --git a/tools/checkfiltername.pl b/tools/checkfiltername.pl index 8ae4c272f7..c67715c676 100755 --- a/tools/checkfiltername.pl +++ b/tools/checkfiltername.pl @@ -392,6 +392,9 @@ sub is_from_other_protocol_whitelist { if (($proto_filename eq "packet-dvb-ipdc.c") && (index($_[0], "ipdc") >= 0)) {return 1;} if (($proto_filename eq "packet-enip.c") && (index($_[0], "cip") >= 0)) {return 1;} if (($proto_filename eq "packet-extreme.c") && (index($_[0], "llc") >= 0)) {return 1;} + if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "ip") >= 0)) {return 1;} + if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "udp") >= 0)) {return 1;} + if (($proto_filename eq "packet-f5ethtrailer.c") && (index($_[0], "tcp") >= 0)) {return 1;} if (($proto_filename eq "packet-fmp_notify.c") && (index($_[0], "fmp") >= 0)) {return 1;} if (($proto_filename eq "packet-foundry.c") && (index($_[0], "llc") >= 0)) {return 1;} if (($proto_filename eq "packet-glusterfs.c") && (index($_[0], "gluster") >= 0)) {return 1;} |