aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-netflow.c
diff options
context:
space:
mode:
authorAndrew Feren <acferen@yahoo.com>2017-05-05 11:33:31 -0400
committerMichael Mann <mmann78@netscape.net>2017-05-06 02:30:05 +0000
commite2bd5314d005d7e94ed0b9e243ba26c4c67b0183 (patch)
tree233feaa44ed7c5b192f9c39d863f9d10631c93c4 /epan/dissectors/packet-netflow.c
parentd815913b387e7c97b22c19cb3422a0a78a480842 (diff)
Add decodes for Gigamon IPFIX information elements
-- Elements to be decoded described in IE-doctor format (RFC 7013 section 10) httprequrl(26866/1)<string> httprspstatus(26866/2)<unsigned16>{identifier} sslcertificateissuercommonname(26866/101)<string> sslcertificatesubjectcommonname(26866/102)<string> sslcertificateissuer(26866/103)<string> sslcertificatesubject(26866/104)<string> sslcertificatevalidnotbefore(26866/105)<string> sslcertificatevalidnotafter(26866/106)<string> sslcetificateserialnumber(26866/107)<octetArray> sslcertificatesignaturealgorithm(26866/108)<octetArray> sslcertificatesubjectpubalgorithm(26866/109)<octetArray> sslcertificatesubjectpubkeysize(26866/110)<unsigned16> sslcertificatesubjectaltname(26866/111)<string> sslservernameindication(26866/112)<string> sslserverversion(26866/113)<unsigned16> sslservercipher(26866/114)<unsigned16> sslservercompressionmethod(26866/115)<unsigned8> sslserversessionid(26866/116)<octetArray> dnsidentifier(26866/201)<unsigned16>{identifier} dnsopcode(26866/202)<unsigned8>{identifier} dnsresponsecode(26866/203)<unsigned8>{identifier} dnsqueryname(26866/204)<string> dnsresponsename(26866/205)<string> dnsresponsettl(26866/206)<unsigned32> dnsresponseipv4address(26866/207)<ipv4Address> dnsresponseipv6address(26866/208)<ipv6Address> dnsbits(26866/209)<string> dnsqdcount(26866/210)<unsigned16> dnsancount(26866/211)<unsigned16> dnsnscount(26866/212)<unsigned16> dnsarcount(26866/213)<unsigned16> dnsquerytype(26866/214)<unsigned16> dnsqueryclass(26866/215)<unsigned16> dnsresponsetype(26866/216)<unsigned16> dnsresponseclass(26866/217)<unsigned16> dnsresponserdlength(26866/218)<unsigned16> dnsresponserdata(26866/219)<string> dnsauthorityname(26866/220)<string> dnsauthoritytype(26866/221)<unsigned16> dnsauthorityclass(26866/222)<unsigned16> dnsauthorityttl(26866/223)<unsigned32> dnsauthorityrdlength(26866/224)<unsigned16> dnsauthorityrdata(26866/225)<string> dnsadditionalname(26866/226)<string> dnsadditionaltype(26866/227)<unsigned16> dnsadditionalclass(26866/228)<unsigned16> dnsadditionalttl(26866/229)<unsigned32> dnsadditionalrdlength(26866/230)<unsigned16> dnsadditionalrdata(26866/231)<string> Bug: 13688 Change-Id: I4a2472d9bb86d195851edd3a1f5e688ba31dde89 Reviewed-on: https://code.wireshark.org/review/21519 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-netflow.c')
-rw-r--r--epan/dissectors/packet-netflow.c678
1 files changed, 676 insertions, 2 deletions
diff --git a/epan/dissectors/packet-netflow.c b/epan/dissectors/packet-netflow.c
index d5e35cf29f..b6c8f9221f 100644
--- a/epan/dissectors/packet-netflow.c
+++ b/epan/dissectors/packet-netflow.c
@@ -302,10 +302,11 @@ typedef enum {
TF_IXIA,
TF_NETSCALER,
TF_BARRACUDA,
+ TF_GIGAMON,
TF_NO_VENDOR_INFO
} v9_v10_tmplt_fields_type_t;
#define TF_NUM 2
-#define TF_NUM_EXT 8 /* includes vendor fields */
+#define TF_NUM_EXT TF_NO_VENDOR_INFO+1 /* includes vendor fields */
typedef struct _v9_v10_tmplt {
/* For linking back to show where fields were defined */
@@ -1116,6 +1117,60 @@ static const value_string v10_template_types_netscaler[] = {
};
static value_string_ext v10_template_types_netscaler_ext = VALUE_STRING_EXT_INIT(v10_template_types_netscaler);
+static const value_string v10_template_types_gigamon[] = {
+ { 1, "HttpReqUrl" },
+ { 2, "HttpRspStatus" },
+ { 101, "SslCertificateIssuerCommonName" },
+ { 102, "SslCertificateSubjectCommonName" },
+ { 103, "SslCertificateIssuer" },
+ { 104, "SslCertificateSubject" },
+ { 105, "SslCertificateValidNotBefore" },
+ { 106, "SslCertificateValidNotAfter" },
+ { 107, "SslCetificateSerialNumber" },
+ { 108, "SslCertificateSignatureAlgorithm" },
+ { 109, "SslCertificateSubjectPubAlgorithm" },
+ { 110, "SslCertificateSubjectPubKeySize" },
+ { 111, "SslCertificateSubjectAltName" },
+ { 112, "SslServerNameIndication" },
+ { 113, "SslServerVersion" },
+ { 114, "SslServerCipher" },
+ { 115, "SslServerCompressionMethod" },
+ { 116, "SslServerSessionId" },
+ { 201, "DnsIdentifier" },
+ { 202, "DnsOpCode" },
+ { 203, "DnsResponseCode" },
+ { 204, "DnsQueryName" },
+ { 205, "DnsResponseName" },
+ { 206, "DnsResponseTTL" },
+ { 207, "DnsResponseIPv4Address" },
+ { 208, "DnsResponseIPv6Address" },
+ { 209, "DnsBits" },
+ { 210, "DnsQdCount" },
+ { 211, "DnsAnCount" },
+ { 212, "DnsNsCount" },
+ { 213, "DnsArCount" },
+ { 214, "DnsQueryType" },
+ { 215, "DnsQueryClass" },
+ { 216, "DnsResponseType" },
+ { 217, "DnsResponseClass" },
+ { 218, "DnsResponseRdLength" },
+ { 219, "DnsResponseRdata" },
+ { 220, "DnsAuthorityName" },
+ { 221, "DnsAuthorityType" },
+ { 222, "DnsAuthorityClass" },
+ { 223, "DnsAuthorityTTL" },
+ { 224, "DnsAuthorityRdLength" },
+ { 225, "DnsAuthorityRdata" },
+ { 226, "DnsAdditionalName" },
+ { 227, "DnsAdditionalType" },
+ { 228, "DnsAdditionalClass" },
+ { 229, "DnsAdditionalTTL" },
+ { 230, "DnsAdditionalRdLength" },
+ { 231, "DnsAdditionalRdata" },
+ { 0, NULL }
+};
+static value_string_ext v10_template_types_gigamon_ext = VALUE_STRING_EXT_INIT(v10_template_types_gigamon);
+
/* Barracuda NGFirewall IPFIX */
static const value_string v10_template_types_barracuda[] = {
{ 1, "Timestamp" },
@@ -1416,6 +1471,7 @@ static int hf_cflow_template_ntop_field_type = -1;
static int hf_cflow_template_ixia_field_type = -1;
static int hf_cflow_template_netscaler_field_type = -1;
static int hf_cflow_template_barracuda_field_type = -1;
+static int hf_cflow_template_gigamon_field_type = -1;
/*
@@ -2171,6 +2227,57 @@ static int hf_pie_barracuda_connipv4address = -1;
static int hf_pie_barracuda_conntransportport = -1;
static int hf_pie_barracuda_auditcounter = -1;
+static int hf_pie_gigamon = -1;
+static int hf_pie_gigamon_httprequrl = -1;
+static int hf_pie_gigamon_httprspstatus = -1;
+static int hf_pie_gigamon_sslcertificateissuercommonname = -1;
+static int hf_pie_gigamon_sslcertificatesubjectcommonname = -1;
+static int hf_pie_gigamon_sslcertificateissuer = -1;
+static int hf_pie_gigamon_sslcertificatesubject = -1;
+static int hf_pie_gigamon_sslcertificatevalidnotbefore = -1;
+static int hf_pie_gigamon_sslcertificatevalidnotafter = -1;
+static int hf_pie_gigamon_sslcetificateserialnumber = -1;
+static int hf_pie_gigamon_sslcertificatesignaturealgorithm = -1;
+static int hf_pie_gigamon_sslcertificatesubjectpubalgorithm = -1;
+static int hf_pie_gigamon_sslcertificatesubjectpubkeysize = -1;
+static int hf_pie_gigamon_sslcertificatesubjectaltname = -1;
+static int hf_pie_gigamon_sslservernameindication = -1;
+static int hf_pie_gigamon_sslserverversion = -1;
+static int hf_pie_gigamon_sslservercipher = -1;
+static int hf_pie_gigamon_sslservercompressionmethod = -1;
+static int hf_pie_gigamon_sslserversessionid = -1;
+static int hf_pie_gigamon_dnsidentifier = -1;
+static int hf_pie_gigamon_dnsopcode = -1;
+static int hf_pie_gigamon_dnsresponsecode = -1;
+static int hf_pie_gigamon_dnsqueryname = -1;
+static int hf_pie_gigamon_dnsresponsename = -1;
+static int hf_pie_gigamon_dnsresponsettl = -1;
+static int hf_pie_gigamon_dnsresponseipv4address = -1;
+static int hf_pie_gigamon_dnsresponseipv6address = -1;
+static int hf_pie_gigamon_dnsbits = -1;
+static int hf_pie_gigamon_dnsqdcount = -1;
+static int hf_pie_gigamon_dnsancount = -1;
+static int hf_pie_gigamon_dnsnscount = -1;
+static int hf_pie_gigamon_dnsarcount = -1;
+static int hf_pie_gigamon_dnsquerytype = -1;
+static int hf_pie_gigamon_dnsqueryclass = -1;
+static int hf_pie_gigamon_dnsresponsetype = -1;
+static int hf_pie_gigamon_dnsresponseclass = -1;
+static int hf_pie_gigamon_dnsresponserdlength = -1;
+static int hf_pie_gigamon_dnsresponserdata = -1;
+static int hf_pie_gigamon_dnsauthorityname = -1;
+static int hf_pie_gigamon_dnsauthoritytype = -1;
+static int hf_pie_gigamon_dnsauthorityclass = -1;
+static int hf_pie_gigamon_dnsauthorityttl = -1;
+static int hf_pie_gigamon_dnsauthorityrdlength = -1;
+static int hf_pie_gigamon_dnsauthorityrdata = -1;
+static int hf_pie_gigamon_dnsadditionalname = -1;
+static int hf_pie_gigamon_dnsadditionaltype = -1;
+static int hf_pie_gigamon_dnsadditionalclass = -1;
+static int hf_pie_gigamon_dnsadditionalttl = -1;
+static int hf_pie_gigamon_dnsadditionalrdlength = -1;
+static int hf_pie_gigamon_dnsadditionalrdata = -1;
+
static int hf_string_len_short = -1;
static int hf_string_len_long = -1;
@@ -2327,6 +2434,8 @@ pen_to_type_hf_list(guint32 pen) {
return TF_NETSCALER;
case VENDOR_BARRACUDA:
return TF_BARRACUDA;
+ case VENDOR_GIGAMON:
+ return TF_GIGAMON;
default:
return TF_NO_VENDOR_INFO;
}
@@ -3297,7 +3406,8 @@ dissect_v9_v10_pdu_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree,
ntop_pie_seen = FALSE,
ixia_pie_seen = FALSE,
netscaler_pie_seen = FALSE,
- barracuda_pie_seen = FALSE;
+ barracuda_pie_seen = FALSE,
+ gigamon_pie_seen = FALSE;
guint8 ip_protocol = 0;
@@ -3424,6 +3534,13 @@ dissect_v9_v10_pdu_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree,
barracuda_pie_seen = TRUE;
}
break;
+ case VENDOR_GIGAMON:
+ if (!gigamon_pie_seen) {
+ proto_item *pie_gigamon_ti = proto_tree_add_item(pdutree, hf_pie_gigamon, tvb, 0, 0, ENC_NA);
+ PROTO_ITEM_SET_HIDDEN(pie_gigamon_ti);
+ gigamon_pie_seen = TRUE;
+ }
+ break;
default:
break;
@@ -7096,6 +7213,254 @@ dissect_v9_v10_pdu_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree,
break;
/* END Barracuda Communications */
+ /* START Gigamon */
+ case ((VENDOR_GIGAMON << 16) | 1):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_httprequrl,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 2):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_httprspstatus,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 101):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificateissuercommonname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 102):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesubjectcommonname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 103):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificateissuer,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 104):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesubject,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 105):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatevalidnotbefore,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 106):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatevalidnotafter,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 107):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcetificateserialnumber,
+ tvb, offset, length, ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 108):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesignaturealgorithm,
+ tvb, offset, length, ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 109):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesubjectpubalgorithm,
+ tvb, offset, length, ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 110):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesubjectpubkeysize,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 111):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslcertificatesubjectaltname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 112):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslservernameindication,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 113):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslserverversion,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 114):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslservercipher,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 115):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslservercompressionmethod,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 116):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_sslserversessionid,
+ tvb, offset, length, ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 201):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsidentifier,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 202):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsopcode,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 203):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponsecode,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 204):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsqueryname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 205):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponsename,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 206):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponsettl,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 207):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponseipv4address,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 208):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponseipv6address,
+ tvb, offset, length, ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 209):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsbits,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 210):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsqdcount,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 211):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsancount,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 212):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsnscount,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 213):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsarcount,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 214):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsquerytype,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 215):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsqueryclass,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 216):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponsetype,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 217):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponseclass,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 218):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponserdlength,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 219):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsresponserdata,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 220):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthorityname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 221):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthoritytype,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 222):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthorityclass,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 223):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthorityttl,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 224):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthorityrdlength,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 225):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsauthorityrdata,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 226):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionalname,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 227):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionaltype,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 228):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionalclass,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 229):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionalttl,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 230):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionalrdlength,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case ((VENDOR_GIGAMON << 16) | 231):
+ ti = proto_tree_add_item(pdutree, hf_pie_gigamon_dnsadditionalrdata,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+
+ /* END Gigamon */
+
default: /* Unknown Field ID */
if ((hdrinfo_p->vspec == 9) || (pen == REVPEN)) {
ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_unknown_field_type,
@@ -7187,6 +7552,7 @@ static const int *v10_template_type_hf_list[TF_NUM_EXT] = {
&hf_cflow_template_ixia_field_type,
&hf_cflow_template_netscaler_field_type,
&hf_cflow_template_barracuda_field_type,
+ &hf_cflow_template_gigamon_field_type,
NULL};
static value_string_ext *v9_template_type_vse_list[TF_NUM] = {
@@ -7200,6 +7566,7 @@ static value_string_ext *v10_template_type_vse_list[TF_NUM_EXT] = {
&v10_template_types_ixia_ext,
&v10_template_types_netscaler_ext,
&v10_template_types_barracuda_ext,
+ &v10_template_types_gigamon_ext,
NULL};
static int
@@ -9973,6 +10340,11 @@ proto_register_netflow(void)
FT_UINT16, BASE_DEC|BASE_EXT_STRING, &v10_template_types_barracuda_ext, 0x7FFF,
"Template field type", HFILL}
},
+ {&hf_cflow_template_gigamon_field_type,
+ {"Type", "cflow.template_gigamon_field_type",
+ FT_UINT16, BASE_DEC|BASE_EXT_STRING, &v10_template_types_gigamon_ext, 0x7FFF,
+ "Template field type", HFILL}
+ },
{&hf_cflow_template_ipfix_field_type_enterprise,
{"Type", "cflow.template_ipfix_field_type_enterprise",
FT_UINT16, BASE_DEC, NULL, 0x7FFF,
@@ -11929,6 +12301,308 @@ proto_register_netflow(void)
"Internal Data Counter", HFILL}
},
+ /* Gigamon root (a hidden item to allow filtering) */
+ {&hf_pie_gigamon,
+ {"Gigamon", "cflow.pie.gigamon",
+ FT_NONE, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 1 */
+ {&hf_pie_gigamon_httprequrl,
+ {"HttpReqUrl", "cflow.pie.gigamon.httprequrl",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 2 */
+ {&hf_pie_gigamon_httprspstatus,
+ {"HttpRspStatus", "cflow.pie.gigamon.httprspstatus",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 101 */
+ {&hf_pie_gigamon_sslcertificateissuercommonname,
+ {"SslCertificateIssuerCommonName", "cflow.pie.gigamon.sslcertificateissuercommonname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 102 */
+ {&hf_pie_gigamon_sslcertificatesubjectcommonname,
+ {"SslCertificateSubjectCommonName", "cflow.pie.gigamon.sslcertificatesubjectcommonname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 103 */
+ {&hf_pie_gigamon_sslcertificateissuer,
+ {"SslCertificateIssuer", "cflow.pie.gigamon.sslcertificateissuer",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 104 */
+ {&hf_pie_gigamon_sslcertificatesubject,
+ {"SslCertificateSubject", "cflow.pie.gigamon.sslcertificatesubject",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 105 */
+ {&hf_pie_gigamon_sslcertificatevalidnotbefore,
+ {"SslCertificateValidNotBefore", "cflow.pie.gigamon.sslcertificatevalidnotbefore",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 106 */
+ {&hf_pie_gigamon_sslcertificatevalidnotafter,
+ {"SslCertificateValidNotAfter", "cflow.pie.gigamon.sslcertificatevalidnotafter",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 107 */
+ {&hf_pie_gigamon_sslcetificateserialnumber,
+ {"SslCetificateSerialNumber", "cflow.pie.gigamon.sslcetificateserialnumber",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 108 */
+ {&hf_pie_gigamon_sslcertificatesignaturealgorithm,
+ {"SslCertificateSignatureAlgorithm", "cflow.pie.gigamon.sslcertificatesignaturealgorithm",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 109 */
+ {&hf_pie_gigamon_sslcertificatesubjectpubalgorithm,
+ {"SslCertificateSubjectPubAlgorithm", "cflow.pie.gigamon.sslcertificatesubjectpubalgorithm",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+
+ /* gigamon, 26866 / 110 */
+ {&hf_pie_gigamon_sslcertificatesubjectpubkeysize,
+ {"SslCertificateSubjectPubKeySize", "cflow.pie.gigamon.sslcertificatesubjectpubkeysize",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 111 */
+ {&hf_pie_gigamon_sslcertificatesubjectaltname,
+ {"SslCertificateSubjectAltName", "cflow.pie.gigamon.sslcertificatesubjectaltname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 112 */
+ {&hf_pie_gigamon_sslservernameindication,
+ {"SslServerNameIndication", "cflow.pie.gigamon.sslservernameindication",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 113 */
+ {&hf_pie_gigamon_sslserverversion,
+ {"SslServerVersion", "cflow.pie.gigamon.sslserverversion",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 114 */
+ {&hf_pie_gigamon_sslservercipher,
+ {"SslServerCipher", "cflow.pie.gigamon.sslservercipher",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 115 */
+ {&hf_pie_gigamon_sslservercompressionmethod,
+ {"SslServerCompressionMethod", "cflow.pie.gigamon.sslservercompressionmethod",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 116 */
+ {&hf_pie_gigamon_sslserversessionid,
+ {"SslServerSessionId", "cflow.pie.gigamon.sslserversessionid",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 201 */
+ {&hf_pie_gigamon_dnsidentifier,
+ {"DnsIdentifier", "cflow.pie.gigamon.dnsidentifier",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 202 */
+ {&hf_pie_gigamon_dnsopcode,
+ {"DnsOpCode", "cflow.pie.gigamon.dnsopcode",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 203 */
+ {&hf_pie_gigamon_dnsresponsecode,
+ {"DnsResponseCode", "cflow.pie.gigamon.dnsresponsecode",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 204 */
+ {&hf_pie_gigamon_dnsqueryname,
+ {"DnsQueryName", "cflow.pie.gigamon.dnsqueryname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 205 */
+ {&hf_pie_gigamon_dnsresponsename,
+ {"DnsResponseName", "cflow.pie.gigamon.dnsresponsename",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 206 */
+ {&hf_pie_gigamon_dnsresponsettl,
+ {"DnsResponseTTL", "cflow.pie.gigamon.dnsresponsettl",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 207 */
+ {&hf_pie_gigamon_dnsresponseipv4address,
+ {"DnsResponseIPv4Address", "cflow.pie.gigamon.dnsresponseipv4address",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 208 */
+ {&hf_pie_gigamon_dnsresponseipv6address,
+ {"DnsResponseIPv6Address", "cflow.pie.gigamon.dnsresponseipv6address",
+ FT_IPv6, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 209 */
+ {&hf_pie_gigamon_dnsbits,
+ {"DnsBits", "cflow.pie.gigamon.dnsbits",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 210 */
+ {&hf_pie_gigamon_dnsqdcount,
+ {"DnsQdCount", "cflow.pie.gigamon.dnsqdcount",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 211 */
+ {&hf_pie_gigamon_dnsancount,
+ {"DnsAnCount", "cflow.pie.gigamon.dnsancount",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 212 */
+ {&hf_pie_gigamon_dnsnscount,
+ {"DnsNsCount", "cflow.pie.gigamon.dnsnscount",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 213 */
+ {&hf_pie_gigamon_dnsarcount,
+ {"DnsArCount", "cflow.pie.gigamon.dnsarcount",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 214 */
+ {&hf_pie_gigamon_dnsquerytype,
+ {"DnsQueryType", "cflow.pie.gigamon.dnsquerytype",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 215 */
+ {&hf_pie_gigamon_dnsqueryclass,
+ {"DnsQueryClass", "cflow.pie.gigamon.dnsqueryclass",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 216 */
+ {&hf_pie_gigamon_dnsresponsetype,
+ {"DnsResponseType", "cflow.pie.gigamon.dnsresponsetype",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 217 */
+ {&hf_pie_gigamon_dnsresponseclass,
+ {"DnsResponseClass", "cflow.pie.gigamon.dnsresponseclass",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 218 */
+ {&hf_pie_gigamon_dnsresponserdlength,
+ {"DnsResponseRdLength", "cflow.pie.gigamon.dnsresponserdlength",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 219 */
+ {&hf_pie_gigamon_dnsresponserdata,
+ {"DnsResponseRdata", "cflow.pie.gigamon.dnsresponserdata",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 220 */
+ {&hf_pie_gigamon_dnsauthorityname,
+ {"DnsAuthorityName", "cflow.pie.gigamon.dnsauthorityname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 221 */
+ {&hf_pie_gigamon_dnsauthoritytype,
+ {"DnsAuthorityType", "cflow.pie.gigamon.dnsauthoritytype",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 222 */
+ {&hf_pie_gigamon_dnsauthorityclass,
+ {"DnsAuthorityClass", "cflow.pie.gigamon.dnsauthorityclass",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 223 */
+ {&hf_pie_gigamon_dnsauthorityttl,
+ {"DnsAuthorityTTL", "cflow.pie.gigamon.dnsauthorityttl",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 224 */
+ {&hf_pie_gigamon_dnsauthorityrdlength,
+ {"DnsAuthorityRdLength", "cflow.pie.gigamon.dnsauthorityrdlength",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 225 */
+ {&hf_pie_gigamon_dnsauthorityrdata,
+ {"DnsAuthorityRdata", "cflow.pie.gigamon.dnsauthorityrdata",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 226 */
+ {&hf_pie_gigamon_dnsadditionalname,
+ {"DnsAdditionalName", "cflow.pie.gigamon.dnsadditionalname",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 227 */
+ {&hf_pie_gigamon_dnsadditionaltype,
+ {"DnsAdditionalType", "cflow.pie.gigamon.dnsadditionaltype",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 228 */
+ {&hf_pie_gigamon_dnsadditionalclass,
+ {"DnsAdditionalClass", "cflow.pie.gigamon.dnsadditionalclass",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 229 */
+ {&hf_pie_gigamon_dnsadditionalttl,
+ {"DnsAdditionalTTL", "cflow.pie.gigamon.dnsadditionalttl",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 230 */
+ {&hf_pie_gigamon_dnsadditionalrdlength,
+ {"DnsAdditionalRdLength", "cflow.pie.gigamon.dnsadditionalrdlength",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* gigamon, 26866 / 231 */
+ {&hf_pie_gigamon_dnsadditionalrdata,
+ {"DnsAdditionalRdata", "cflow.pie.gigamon.dnsadditionalrdata",
+ FT_STRING, STR_UNICODE, NULL, 0x0,
+ NULL, HFILL}
+ },
+
{&hf_string_len_short,
{"String_len_short", "cflow.string_len_short",
FT_UINT8, BASE_DEC, NULL, 0x0,
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 02:17:44 +0000