diff options
| author | Guy Harris <guy@alum.mit.edu> | 2004-03-25 11:21:07 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2004-03-25 11:21:07 +0000 |
| commit | a1467c86e11071c4bd0eb71133684434f48cf094 (patch) | |
| tree | 5e3c4e04a24380aac59d752a21708a2afa46a051 /plugins | |
| parent | a6ed2d499af391480d9853833e22f153c502dc4b (diff) | |
From Duncan Sargeant: Cisco SS7 RUDP, RLM, and Session Management
support.
svn path=/trunk/; revision=10480
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/Makefile.am | 4 | ||||
| -rw-r--r-- | plugins/Makefile.nmake | 19 | ||||
| -rw-r--r-- | plugins/ciscosm/Makefile.am | 44 | ||||
| -rw-r--r-- | plugins/ciscosm/Makefile.nmake | 21 | ||||
| -rw-r--r-- | plugins/ciscosm/moduleinfo.h | 16 | ||||
| -rw-r--r-- | plugins/ciscosm/packet-sm.c | 184 | ||||
| -rw-r--r-- | plugins/rlm/Makefile.am | 44 | ||||
| -rw-r--r-- | plugins/rlm/Makefile.nmake | 21 | ||||
| -rw-r--r-- | plugins/rlm/moduleinfo.h | 16 | ||||
| -rw-r--r-- | plugins/rlm/packet-rlm.c | 253 | ||||
| -rw-r--r-- | plugins/rudp/Makefile.am | 44 | ||||
| -rw-r--r-- | plugins/rudp/Makefile.nmake | 21 | ||||
| -rw-r--r-- | plugins/rudp/moduleinfo.h | 16 | ||||
| -rw-r--r-- | plugins/rudp/packet-rudp.c | 231 |
14 files changed, 930 insertions, 4 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 0fdb844304..d7c3d757a0 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.29 2004/01/25 18:52:33 gerald Exp $ +# $Id: Makefile.am,v 1.30 2004/03/25 11:21:06 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -21,7 +21,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -SUBDIRS = acn asn1 artnet docsis enttec giop gryphon irda lwres megaco mgcp pcli rdm rtnet v5ua +SUBDIRS = acn artnet asn1 ciscosm docsis enttec giop gryphon irda lwres megaco mgcp pcli rdm rlm rtnet rudp v5ua plugindir = @plugindir@ diff --git a/plugins/Makefile.nmake b/plugins/Makefile.nmake index a8e9336801..232eefbf70 100644 --- a/plugins/Makefile.nmake +++ b/plugins/Makefile.nmake @@ -1,5 +1,5 @@ # -# $Id: Makefile.nmake,v 1.32 2003/12/18 19:04:47 guy Exp $ +# $Id: Makefile.nmake,v 1.33 2004/03/25 11:21:06 guy Exp $ # include ..\config.nmake @@ -11,7 +11,7 @@ CFLAGS=/DHAVE_CONFIG_H /I.. /I../wiretap /I. $(GLIB_CFLAGS) \ OBJECTS=plugin_api.obj -all: $(OBJECTS) acn artnet asn1 docsis enttec giop gryphon irda lwres megaco mgcp pcli rdm rtnet v5ua +all: $(OBJECTS) acn artnet asn1 ciscosm docsis enttec giop gryphon irda lwres megaco mgcp pcli rdm rlm rtnet rudp v5ua Xplugin_api.c: plugin_gen.py plugin_api_list.c @echo **** Plugin api may be out of date, please generate new files: @@ -39,6 +39,11 @@ asn1:: $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake cd .. +ciscosm:: + cd ciscosm + $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake + cd .. + docsis:: cd docsis $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake @@ -89,11 +94,21 @@ rdm:: $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake cd .. +rlm:: + cd rlm + $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake + cd .. + rtnet:: cd rtnet $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake cd .. +rudp:: + cd rudp + $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake + cd .. + v5ua:: cd v5ua $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake diff --git a/plugins/ciscosm/Makefile.am b/plugins/ciscosm/Makefile.am new file mode 100644 index 0000000000..f8049321e0 --- /dev/null +++ b/plugins/ciscosm/Makefile.am @@ -0,0 +1,44 @@ +# Makefile.am +# Automake file for Cisco SS7 Session Management dissector +# Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> +# +# $Id: Makefile.am,v 1.1 2004/03/25 11:21:06 guy Exp $ +# +# Ethereal - Network traffic analyzer +# By Gerald Combs <gerald@ethereal.com> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + +INCLUDES = -I$(top_srcdir) + +plugindir = @plugindir@ + +plugin_LTLIBRARIES = ciscosm.la +ciscosm_la_SOURCES = packet-sm.c moduleinfo.h +ciscosm_la_LDFLAGS = -module -avoid-version + +# Libs must be cleared, or else libtool won't create a shared module. +# If your module needs to be linked against any particular libraries, +# add them here. +LIBS = + +CLEANFILES = \ + ciscosm \ + *~ + +EXTRA_DIST = \ + Makefile.nmake diff --git a/plugins/ciscosm/Makefile.nmake b/plugins/ciscosm/Makefile.nmake new file mode 100644 index 0000000000..8038737b9d --- /dev/null +++ b/plugins/ciscosm/Makefile.nmake @@ -0,0 +1,21 @@ +# +# $Id: Makefile.nmake,v 1.1 2004/03/25 11:21:06 guy Exp $ +# + +include ..\..\config.nmake + +############### no need to modify below this line ######### + +CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) \ + /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS) + +OBJECTS=packet-sm.obj + +ciscosm.dll ciscosm.exp ciscosm.lib : $(OBJECTS) ..\plugin_api.obj + link -dll /out:ciscosm.dll $(OBJECTS) ..\plugin_api.obj \ + $(GLIB_LIBS) + +clean: + rm -f $(OBJECTS) ciscosm.dll ciscosm.exp ciscosm.lib $(PDB_FILE) + +distclean: clean diff --git a/plugins/ciscosm/moduleinfo.h b/plugins/ciscosm/moduleinfo.h new file mode 100644 index 0000000000..2bea0ea6ee --- /dev/null +++ b/plugins/ciscosm/moduleinfo.h @@ -0,0 +1,16 @@ +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +#undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE "ciscosm" + + +#ifdef VERSION +#undef VERSION +#endif + +/* Version number of package */ +#define VERSION "0.0.1" diff --git a/plugins/ciscosm/packet-sm.c b/plugins/ciscosm/packet-sm.c new file mode 100644 index 0000000000..140bd5f250 --- /dev/null +++ b/plugins/ciscosm/packet-sm.c @@ -0,0 +1,184 @@ +/* packet-sm.c + * Routines for Cisco Session Management Protocol dissection + * Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> + * + * $Id: packet-sm.c,v 1.1 2004/03/25 11:21:06 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * Copied from WHATEVER_FILE_YOU_USED (where "WHATEVER_FILE_YOU_USED" + * is a dissector file; if you just copied this from README.developer, + * don't bother with the "Copied from" - you don't even need to put + * in a "Copied from" if you copied an existing dissector, especially + * if the bulk of the code in the new dissector is your code) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* + * This is basically a glue dissector for the Cisco SM protocol. It sits + * between the RUDP and MTP3 layers in conversations on port 7000 between + * SLTs and MGCs. A link to an overview of the technology : + * + * http://www.cisco.com/en/US/products/sw/netmgtsw/ps4883/products_installation_and_configuration_guide_chapter09186a008010950a.html + * + * Link showing debugs of the protocol: + * http://www.cisco.com/univercd/cc/td/doc/product/access/sc/rel7/omts/omts_apb.htm#30052 + * + * I'm unable to get local debugs of this protocol, as the SLT's are + * slow cpu cisco 2600's, and they tend to drop the signalling links + * if you turn any debugging on! But there's not much interesting + * here, its just glue to get the ISUP/MTP3 data nicely. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef NEED_SNPRINTF_H +# include "snprintf.h" +#endif + +#include <gmodule.h> +#include <epan/packet.h> + +#include "plugins/plugin_api.h" +#include "plugins/plugin_api_defs.h" + /* Define version if we are not building ethereal statically */ + +#ifndef ENABLE_STATIC + G_MODULE_EXPORT const gchar version[] = VERSION; +#endif + +/* Initialize the protocol and registered fields */ +static int proto_sm = -1; + +static int hf_sm_sm_msg_type = -1; +static int hf_sm_protocol = -1; +static int hf_sm_msg_id = -1; +static int hf_sm_msg_type = -1; +static int hf_sm_channel = -1; +static int hf_sm_bearer = -1; +static int hf_sm_len = -1; + +/* Initialize the subtree pointers */ +static gint ett_sm = -1; + +/* Code to actually dissect the packets */ +static void +dissect_sm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *ti; + proto_tree *sm_tree; + tvbuff_t *next_tvb = NULL; + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "SM"); + + if (check_col(pinfo->cinfo, COL_INFO)) + col_set_str(pinfo->cinfo, COL_INFO, "Cisco SM Packet"); + + if (tree) { + ti = proto_tree_add_item(tree, proto_sm, tvb, 0, 16, FALSE); + sm_tree = proto_item_add_subtree(ti, ett_sm); + ti = proto_tree_add_item(sm_tree, hf_sm_sm_msg_type, tvb, 0, 4, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_protocol, tvb, 4, 2, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_msg_id, tvb, 6, 2, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_msg_type, tvb, 8, 2, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_channel, tvb, 10, 2, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_bearer, tvb, 12, 2, FALSE); + ti = proto_tree_add_item(sm_tree, hf_sm_len, tvb, 14, 2, FALSE); + } + + next_tvb = tvb_new_subset(tvb, 16, -1, -1); + if (tvb_length(next_tvb) && find_dissector("mtp3")) + call_dissector(find_dissector("mtp3"), next_tvb, pinfo, tree); +} + +G_MODULE_EXPORT void +plugin_init(plugin_address_table_t *pat +#ifndef PLUGINS_NEED_ADDRESS_TABLE +_U_ +#endif +) +{ + static hf_register_info hf[] = { + { &hf_sm_sm_msg_type, + { "SM Message Type", "sm.sm_msg_type", + FT_UINT32, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_protocol, + { "Protocol Type", "sm.protocol", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_msg_id, + { "Message ID", "sm.msgid", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_msg_type, + { "Message Type", "sm.msg_type", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_channel, + { "Channel ID", "sm.channel", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_bearer, + { "Bearer ID", "sm.bearer", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_sm_len, + { "Length", "sm.len", + FT_UINT16, BASE_DEC, NULL, 0x0, + "" } + }, + }; + +/* Setup protocol subtree array */ + static gint *ett[] = { + &ett_sm, + }; + +/* Initialize the table of pointers needed in Win32 DLLs */ + plugin_address_table_init(pat); + +/* Register the protocol name and description */ + proto_sm = proto_register_protocol("Cisco Session Management", + "SM", "sm"); + + register_dissector("sm", dissect_sm, proto_sm); + +/* Required function calls to register the header fields and subtrees used */ + proto_register_field_array(proto_sm, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +G_MODULE_EXPORT void +plugin_reg_handoff(void) +{ + return; +} diff --git a/plugins/rlm/Makefile.am b/plugins/rlm/Makefile.am new file mode 100644 index 0000000000..d396030698 --- /dev/null +++ b/plugins/rlm/Makefile.am @@ -0,0 +1,44 @@ +# Makefile.am +# Automake file for Cisco SS7 Redundant Link Management dissector +# Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> +# +# $Id: Makefile.am,v 1.1 2004/03/25 11:21:07 guy Exp $ +# +# Ethereal - Network traffic analyzer +# By Gerald Combs <gerald@ethereal.com> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + +INCLUDES = -I$(top_srcdir) + +plugindir = @plugindir@ + +plugin_LTLIBRARIES = rlm.la +rlm_la_SOURCES = packet-rlm.c moduleinfo.h +rlm_la_LDFLAGS = -module -avoid-version + +# Libs must be cleared, or else libtool won't create a shared module. +# If your module needs to be linked against any particular libraries, +# add them here. +LIBS = + +CLEANFILES = \ + rlm \ + *~ + +EXTRA_DIST = \ + Makefile.nmake diff --git a/plugins/rlm/Makefile.nmake b/plugins/rlm/Makefile.nmake new file mode 100644 index 0000000000..300c12cfc0 --- /dev/null +++ b/plugins/rlm/Makefile.nmake @@ -0,0 +1,21 @@ +# +# $Id: Makefile.nmake,v 1.1 2004/03/25 11:21:07 guy Exp $ +# + +include ..\..\config.nmake + +############### no need to modify below this line ######### + +CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) \ + /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS) + +OBJECTS=packet-rlm.obj + +rlm.dll rlm.exp rlm.lib : $(OBJECTS) ..\plugin_api.obj + link -dll /out:rlm.dll $(OBJECTS) ..\plugin_api.obj \ + $(GLIB_LIBS) + +clean: + rm -f $(OBJECTS) rlm.dll rlm.exp rlm.lib $(PDB_FILE) + +distclean: clean diff --git a/plugins/rlm/moduleinfo.h b/plugins/rlm/moduleinfo.h new file mode 100644 index 0000000000..aefd7a1dc4 --- /dev/null +++ b/plugins/rlm/moduleinfo.h @@ -0,0 +1,16 @@ +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +#undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE "rlm" + + +#ifdef VERSION +#undef VERSION +#endif + +/* Version number of package */ +#define VERSION "0.0.1" diff --git a/plugins/rlm/packet-rlm.c b/plugins/rlm/packet-rlm.c new file mode 100644 index 0000000000..641340f9c8 --- /dev/null +++ b/plugins/rlm/packet-rlm.c @@ -0,0 +1,253 @@ +/* packet-rlm.c + * Routines for RLM dissection + * Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> + * + * $Id: packet-rlm.c,v 1.1 2004/03/25 11:21:07 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* + * RLM is a proprietary Cisco protocol used for centralling managing + * many redundant NASes. I don't know much about the format, but you + * can read about the feature here: + * + * http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t3/rlm_123.htm + * + * RLM runs on a UDP port (default 3000) between the MGC and the NAS. + * On port N+1 (default 3001), a Q.931/LAPD/UDP connection is maintained. + * Both sides use the same local port number for the connection, so source + * and dest port are always the same. + * + * In large networks, the links are typically split onto higher ports, + * so anything up to 3015 (or higher) could either be RLM or Q.931 traffic, + * although always the RLM has the one lower port number for that RLM group. + * + * Multiple RLM groups are possible on a single NAS. + * + * I haven't been able to find the protocol documented, so I've + * guessed some of the fields based on the output of debug commands on + * cisco NASes. + * + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef NEED_SNPRINTF_H +# include "snprintf.h" +#endif + +#include <gmodule.h> +#include <epan/packet.h> + +#include "plugins/plugin_api.h" +#include "plugins/plugin_api_defs.h" + /* Define version if we are not building ethereal statically */ + +#ifndef ENABLE_STATIC + G_MODULE_EXPORT const gchar version[] = VERSION; +#endif + + +/* Initialize the protocol and registered fields */ +static int proto_rlm = -1; + +static int hf_rlm_version = -1; +static int hf_rlm_type = -1; +static int hf_rlm_unknown = -1; +static int hf_rlm_tid = -1; +static int hf_rlm_unknown2 = -1; + +/* Initialize the subtree pointers */ +static gint ett_rlm = -1; + + +/* RLM definitions - missing some! */ + +#define RLM_START_REQUEST 1 +#define RLM_START_ACK 2 +/* #define ??? 3 */ +/* #define ??? 4 */ +#define RLM_ECHO_REQUEST 5 +#define RLM_ECHO_REPLY 6 +/* #define ??? ?? */ + + +/* + Maybe this isn't the best place for it, but RLM goes hand in hand + with Q.931 traffic on a higher port. +*/ + +static gboolean +dissect_udp_lapd(tvbuff_t *tvb, packet_info *pinfo _U_ , proto_tree *tree) { + + if (pinfo->srcport < 3001 || pinfo->srcport > 3015 + || pinfo->destport < 3001 || pinfo->destport > 3015 + || pinfo->destport != pinfo->srcport) + return FALSE; + + call_dissector(find_dissector("lapd"), tvb, pinfo, tree); + return TRUE; +} + + +/* Code to actually dissect the packets */ +static gboolean +dissect_rlm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *ti; + proto_tree *rlm_tree; + guint8 rlm_type, version; + char *type_str = NULL; + + if (pinfo->srcport < 3000 || pinfo->srcport > 3015 + || pinfo->destport < 3000 || pinfo->destport > 3015 + || pinfo->destport != pinfo->srcport) + return FALSE; + + version = tvb_get_guint8(tvb, 0); + rlm_type = tvb_get_guint8(tvb, 1); + + /* we only know about version 2, and I've only seen 8 byte packets */ + if (tvb_length(tvb) != 8 || version != 2) { + return FALSE; + } + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "RLM"); + + switch (rlm_type) { + case RLM_START_REQUEST: + type_str = "Start request"; + break;; + + case RLM_START_ACK: + type_str = "Start acknowledgement"; + break;; + + case RLM_ECHO_REQUEST: + type_str = "Echo request"; + break;; + + case RLM_ECHO_REPLY: + type_str = "Echo reply"; + break;; + + default: + type_str = "Unknown type"; + break;; + } + + if (check_col(pinfo->cinfo, COL_INFO)) + col_set_str(pinfo->cinfo, COL_INFO, type_str); + + if (tree) { + /* proto_tree_add_protocol_format(tree, proto_rlm, tvb, 0, + 16, "Cisco Session Management"); */ + ti = proto_tree_add_item(tree, proto_rlm, tvb, 0, 8, FALSE); + rlm_tree = proto_item_add_subtree(ti, ett_rlm); + ti = proto_tree_add_item(rlm_tree, hf_rlm_version, tvb, 0, 1, FALSE); + proto_tree_add_uint_format(rlm_tree, hf_rlm_type, tvb, 1, 1, rlm_type, "Type: %u (%s)", rlm_type, type_str); + ti = proto_tree_add_item(rlm_tree, hf_rlm_unknown, tvb, 2, 2, FALSE); + ti = proto_tree_add_item(rlm_tree, hf_rlm_tid, tvb, 4, 2, FALSE); + ti = proto_tree_add_item(rlm_tree, hf_rlm_unknown2, tvb, 6, 2, FALSE); + } + + return TRUE; +} + + +/* Register the protocol with Ethereal */ + +/* this format is require because a script is used to build the C function + that calls all the protocol registration. +*/ + +G_MODULE_EXPORT void +plugin_init(plugin_address_table_t *pat +#ifndef PLUGINS_NEED_ADDRESS_TABLE +_U_ +#endif +) +{ + +/* Setup list of header fields See Section 1.6.1 for details*/ + static hf_register_info hf[] = { + { &hf_rlm_version, + { "Version", "rlm.version", + FT_UINT8, BASE_DEC, NULL, 0x0, + "" } + }, + { &hf_rlm_type, + { "Type", "rlm.type", + FT_UINT8, BASE_DEC, NULL, 0x0, + "" } + }, + { &hf_rlm_unknown, + { "Unknown", "rlm.unknown", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + { &hf_rlm_tid, + { "Transaction ID", "rlm.tid", + FT_UINT16, BASE_DEC, NULL, 0x0, + "" } + }, + { &hf_rlm_unknown2, + { "Unknown", "rlm.unknown2", + FT_UINT16, BASE_HEX, NULL, 0x0, + "" } + }, + }; + +/* Setup protocol subtree array */ + static gint *ett[] = { + &ett_rlm, + }; + +/* Initialize the table of pointers needed in Win32 DLLs */ + plugin_address_table_init(pat); + +/* Register the protocol name and description */ + proto_rlm = proto_register_protocol("Redundant Link Management Protocol", + "RLM", "rlm"); + +/* Required function calls to register the header fields and subtrees used */ + proto_register_field_array(proto_rlm, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + + +/* If this dissector uses sub-dissector registration add a registration routine. + This format is required because a script is used to find these routines and + create the code that calls these routines. +*/ +G_MODULE_EXPORT void +plugin_reg_handoff(void) +{ + heur_dissector_add("udp", dissect_rlm, proto_rlm); + heur_dissector_add("udp", dissect_udp_lapd, proto_get_id_by_filter_name("lapd")); +} + diff --git a/plugins/rudp/Makefile.am b/plugins/rudp/Makefile.am new file mode 100644 index 0000000000..b681bf0eb5 --- /dev/null +++ b/plugins/rudp/Makefile.am @@ -0,0 +1,44 @@ +# Makefile.am +# Automake file for Cisco SS7 Reliable UDP dissector +# Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> +# +# $Id: Makefile.am,v 1.1 2004/03/25 11:21:07 guy Exp $ +# +# Ethereal - Network traffic analyzer +# By Gerald Combs <gerald@ethereal.com> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + +INCLUDES = -I$(top_srcdir) + +plugindir = @plugindir@ + +plugin_LTLIBRARIES = rudp.la +rudp_la_SOURCES = packet-rudp.c moduleinfo.h +rudp_la_LDFLAGS = -module -avoid-version + +# Libs must be cleared, or else libtool won't create a shared module. +# If your module needs to be linked against any particular libraries, +# add them here. +LIBS = + +CLEANFILES = \ + rudp \ + *~ + +EXTRA_DIST = \ + Makefile.nmake diff --git a/plugins/rudp/Makefile.nmake b/plugins/rudp/Makefile.nmake new file mode 100644 index 0000000000..aefe44ab37 --- /dev/null +++ b/plugins/rudp/Makefile.nmake @@ -0,0 +1,21 @@ +# +# $Id: Makefile.nmake,v 1.1 2004/03/25 11:21:07 guy Exp $ +# + +include ..\..\config.nmake + +############### no need to modify below this line ######### + +CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) \ + /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS) + +OBJECTS=packet-rudp.obj + +rudp.dll rudp.exp rudp.lib : $(OBJECTS) ..\plugin_api.obj + link -dll /out:rudp.dll $(OBJECTS) ..\plugin_api.obj \ + $(GLIB_LIBS) + +clean: + rm -f $(OBJECTS) rudp.dll rudp.exp rudp.lib $(PDB_FILE) + +distclean: clean diff --git a/plugins/rudp/moduleinfo.h b/plugins/rudp/moduleinfo.h new file mode 100644 index 0000000000..23edc6ef5d --- /dev/null +++ b/plugins/rudp/moduleinfo.h @@ -0,0 +1,16 @@ +/* Included *after* config.h, in order to re-define these macros */ + +#ifdef PACKAGE +#undef PACKAGE +#endif + +/* Name of package */ +#define PACKAGE "rudp" + + +#ifdef VERSION +#undef VERSION +#endif + +/* Version number of package */ +#define VERSION "0.0.1" diff --git a/plugins/rudp/packet-rudp.c b/plugins/rudp/packet-rudp.c new file mode 100644 index 0000000000..c3fb4815de --- /dev/null +++ b/plugins/rudp/packet-rudp.c @@ -0,0 +1,231 @@ +/* packet-rudp.c + * Routines for Reliable UDP Protocol. + * Copyright 2004, Duncan Sargeant <dunc-ethereal@rcpt.to> + * + * $Id: packet-rudp.c,v 1.1 2004/03/25 11:21:07 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * Copied from packet-data.c, README.developer, and various other files. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + + * Reliable UDP is a lightweight protocol for providing TCP-like flow + * control over UDP. Cisco published an PFC a long time ago, and + * their actual implementation is slightly different, having no + * checksum field. + * + * I've cheated here - RUDP could be used for anything, but I've only + * seen it used to switched telephony calls, so we just call the Cisco SM + * dissector from here. + * + * Here are some links: + * + * http://www.watersprings.org/pub/id/draft-ietf-sigtran-reliable-udp-00.txt + * http://www.javvin.com/protocolRUDP.html + * http://www.cisco.com/univercd/cc/td/doc/product/access/sc/rel7/omts/omts_apb.htm#30052 + + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <gmodule.h> +#include <epan/packet.h> + +#include "plugins/plugin_api.h" +#include "plugins/plugin_api_defs.h" + /* Define version if we are not building ethereal statically */ + +#ifndef ENABLE_STATIC + G_MODULE_EXPORT const gchar version[] = VERSION; +#endif + +static int proto_rudp = -1; + +static int hf_rudp_flags = -1; +static int hf_rudp_flags_syn = -1; +static int hf_rudp_flags_ack = -1; +static int hf_rudp_flags_eak = -1; +static int hf_rudp_flags_rst = -1; +static int hf_rudp_flags_nul = -1; +static int hf_rudp_flags_chk = -1; +static int hf_rudp_flags_tcs = -1; +static int hf_rudp_flags_0 = -1; +static int hf_rudp_hlen = -1; +static int hf_rudp_seq = -1; +static int hf_rudp_ack = -1; +/* static int hf_rudp_cksum = -1; */ + +static gint ett_rudp = -1; +static gint ett_rudp_flags = -1; + + +static void +dissect_rudp(tvbuff_t *tvb, packet_info *pinfo _U_ , proto_tree *tree) +{ + tvbuff_t * next_tvb = NULL; + proto_tree *rudp_tree = NULL, *flags_tree; + proto_item *ti = NULL; + int flags[] = { hf_rudp_flags_syn, hf_rudp_flags_ack, hf_rudp_flags_eak, + hf_rudp_flags_rst, hf_rudp_flags_nul, hf_rudp_flags_chk, + hf_rudp_flags_tcs, hf_rudp_flags_0 }; + int i; + guint8 hlen; + + hlen = tvb_get_guint8(tvb, 1); + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "RUDP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + if (tree) { + ti = proto_tree_add_item(tree, proto_rudp, tvb, 0, hlen, FALSE); + rudp_tree = proto_item_add_subtree(ti, ett_rudp); + + ti = proto_tree_add_item(rudp_tree, hf_rudp_flags, tvb, 0, 1, FALSE); + flags_tree = proto_item_add_subtree(ti, ett_rudp_flags); + + for (i = 0; i < 8; i++) + proto_tree_add_item(flags_tree, flags[i], tvb, 0, 1, FALSE); + + proto_tree_add_item(rudp_tree, hf_rudp_hlen, tvb, 1, 1, FALSE); + proto_tree_add_item(rudp_tree, hf_rudp_seq, tvb, 2, 1, FALSE); + proto_tree_add_item(rudp_tree, hf_rudp_ack, tvb, 3, 1, FALSE); + } + + next_tvb = tvb_new_subset(tvb, hlen, -1, -1); + if (tvb_length(next_tvb) && find_dissector("sm")) + call_dissector(find_dissector("sm"), next_tvb, pinfo, tree); +} + +G_MODULE_EXPORT void +plugin_init(plugin_address_table_t *pat +#ifndef PLUGINS_NEED_ADDRESS_TABLE +_U_ +#endif +) +{ + + static hf_register_info hf[] = { + { &hf_rudp_flags, + { "RUDP Header flags", "rudp.flags", + FT_UINT8, BASE_DEC, NULL, 0x0, + "" } + }, + { &hf_rudp_flags_syn, + { "Syn", "rudp.flags.syn", + FT_BOOLEAN, 8, NULL, 0x80, + "" } + }, + { &hf_rudp_flags_ack, + { "Ack", "rudp.flags.ack", + FT_BOOLEAN, 8, NULL, 0x40, + "" } + }, + { &hf_rudp_flags_eak, + { "Eak", "rudp.flags.eak", + FT_BOOLEAN, 8, NULL, 0x20, + "Extended Ack" } + }, + { &hf_rudp_flags_rst, + { "RST", "rudp.flags.rst", + FT_BOOLEAN, 8, NULL, 0x10, + "Reset flag" } + }, + { &hf_rudp_flags_nul, + { "NULL", "rudp.flags.nul", + FT_BOOLEAN, 8, NULL, 0x08, + "Null flag" } + }, + { &hf_rudp_flags_chk, + { "CHK", "rudp.flags.chk", + FT_BOOLEAN, 8, NULL, 0x04, + "Checksum is on header or body" } + }, + { &hf_rudp_flags_tcs, + { "TCS", "rudp.flags.tcs", + FT_BOOLEAN, 8, NULL, 0x02, + "Transfer Connection System" } + }, + { &hf_rudp_flags_0, + { "0", "rudp.flags.0", + FT_BOOLEAN, 8, NULL, 0x01, + "" } + }, + { &hf_rudp_hlen, + { "Header Length", "rudp.hlen", + FT_UINT8, BASE_DEC, NULL, 0x0, + "" } + }, + { &hf_rudp_seq, + { "Seq", "rudp.seq", + FT_UINT8, BASE_DEC, NULL, 0x0, + "Sequence Number" } + }, + { &hf_rudp_ack, + { "Ack", "rudp.ack", + FT_UINT8, BASE_DEC, NULL, 0x0, + "Acknowledgement Number" } + }, + /* + + A checksum is specified in the RFC, but Cisco don't use one. + + { &hf_rudp_cksum, + { "Checksum", "rudp.cksum", + FT_UINT16, 8, NULL, 0x0, + "" } + }, + */ + }; + + +/* Setup protocol subtree array */ + static gint *ett[] = { + &ett_rudp, + &ett_rudp_flags, + }; + + + if (proto_rudp == -1) { + proto_rudp = proto_register_protocol ( + "Reliable UDP", /* name */ + "RUDP", /* short name */ + "rudp" /* abbrev */ + ); + } + + plugin_address_table_init(pat); + + proto_register_field_array(proto_rudp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +G_MODULE_EXPORT void +plugin_reg_handoff(void) { + static dissector_handle_t rudp_handle = NULL; + + if (!rudp_handle) { + rudp_handle = create_dissector_handle(dissect_rudp, proto_rudp); + } + + dissector_add("udp.port", 7000, rudp_handle); +} |