From d1ccc338d6ca2926193b86186ab3f11d3d4e7838 Mon Sep 17 00:00:00 2001 From: Michael Mann Date: Sun, 9 Nov 2014 21:13:38 -0500 Subject: Add dissector table for sFlow header dissection. Change-Id: I189a5b2d5f769395fa5e387f8be49b81903fb252 Reviewed-on: https://code.wireshark.org/review/5262 Reviewed-by: Michael Mann Petri-Dish: Michael Mann Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/Makefile.common | 1 + epan/dissectors/packet-eth.c | 2 + epan/dissectors/packet-fddi.c | 3 + epan/dissectors/packet-fr.c | 2 + epan/dissectors/packet-ieee80211.c | 6 +- epan/dissectors/packet-ip.c | 2 + epan/dissectors/packet-ipv6.c | 2 + epan/dissectors/packet-mpls.c | 2 + epan/dissectors/packet-ppp.c | 2 + epan/dissectors/packet-sflow.c | 170 ++----------------------------------- epan/dissectors/packet-sflow.h | 65 ++++++++++++++ epan/dissectors/packet-tr.c | 2 + epan/dissectors/packet-x25.c | 2 + 13 files changed, 99 insertions(+), 162 deletions(-) create mode 100644 epan/dissectors/packet-sflow.h diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index c85980a45c..e2be25d3cc 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -1635,6 +1635,7 @@ DISSECTOR_INCLUDES = \ packet-sctp.h \ packet-sdp.h \ packet-ses.h \ + packet-sflow.h \ packet-sip.h \ packet-skinny.h \ packet-sll.h \ diff --git a/epan/dissectors/packet-eth.c b/epan/dissectors/packet-eth.c index 6d0c162f33..11c97bbe77 100644 --- a/epan/dissectors/packet-eth.c +++ b/epan/dissectors/packet-eth.c @@ -40,6 +40,7 @@ #include "packet-sll.h" #include "packet-usb.h" #include "packet-juniper.h" +#include "packet-sflow.h" #include #include #include @@ -1027,6 +1028,7 @@ proto_reg_handoff_eth(void) dissector_add_uint("chdlc.protocol", ETHERTYPE_ETHBRIDGE, eth_withoutfcs_handle); dissector_add_uint("gre.proto", ETHERTYPE_ETHBRIDGE, eth_withoutfcs_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_ETHER, eth_withoutfcs_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_ETHERNET, eth_withoutfcs_handle); dissector_add_uint("sll.ltype", LINUX_SLL_P_ETHERNET, eth_withoutfcs_handle); diff --git a/epan/dissectors/packet-fddi.c b/epan/dissectors/packet-fddi.c index 739828677e..c37c310cce 100644 --- a/epan/dissectors/packet-fddi.c +++ b/epan/dissectors/packet-fddi.c @@ -36,6 +36,7 @@ #include #include "packet-fddi.h" #include "packet-llc.h" +#include "packet-sflow.h" #include #include @@ -546,6 +547,8 @@ proto_reg_handoff_fddi(void) fddi_handle = find_dissector("fddi"); dissector_add_uint("wtap_encap", WTAP_ENCAP_FDDI, fddi_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_FDDI, fddi_handle); + fddi_bitswapped_handle = create_dissector_handle(dissect_fddi_bitswapped, proto_fddi); dissector_add_uint("wtap_encap", WTAP_ENCAP_FDDI_BITSWAPPED, diff --git a/epan/dissectors/packet-fr.c b/epan/dissectors/packet-fr.c index c30de44990..91358b084b 100644 --- a/epan/dissectors/packet-fr.c +++ b/epan/dissectors/packet-fr.c @@ -49,6 +49,7 @@ #include "packet-ppp.h" #include "packet-fr.h" #include "packet-juniper.h" +#include "packet-sflow.h" #include #include #include @@ -1010,6 +1011,7 @@ proto_reg_handoff_fr(void) dissector_add_uint("gre.proto", ETHERTYPE_RAW_FR, fr_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_FRELAY, fr_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_FRELAY, fr_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_FRAME_RELAY, fr_handle); fr_phdr_handle = create_dissector_handle(dissect_fr_phdr, proto_fr); dissector_add_uint("wtap_encap", WTAP_ENCAP_FRELAY_WITH_PHDR, fr_phdr_handle); diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index 23e4aa73b6..fe2c63dd35 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -108,6 +108,7 @@ #include "packet-wps.h" #include "packet-e212.h" +#include "packet-sflow.h" /* Davide Schiera (2006-11-22): including AirPDcap project */ #include @@ -26670,7 +26671,7 @@ void proto_reg_handoff_ieee80211(void) { dissector_handle_t data_encap_handle, centrino_handle; - dissector_handle_t wlan_rsna_eapol_wpa_key_handle, wlan_rsna_eapol_rsn_key_handle; + dissector_handle_t wlan_rsna_eapol_wpa_key_handle, wlan_rsna_eapol_rsn_key_handle, wlan_withoutfcs_handle; /* * Get handles for the LLC, IPX and Ethernet dissectors. @@ -26725,6 +26726,9 @@ proto_reg_handoff_ieee80211(void) wlan_rsna_eapol_rsn_key_handle = new_create_dissector_handle(dissect_wlan_rsna_eapol_rsn_key, proto_wlan_rsna_eapol); dissector_add_uint("eapol.keydes.type", EAPOL_RSN_KEY, wlan_rsna_eapol_rsn_key_handle); + + wlan_withoutfcs_handle = find_dissector("wlan_withoutfcs"); + dissector_add_uint("sflow_245.header_protocol", SFLOW_5_HEADER_80211_MAC, wlan_withoutfcs_handle); } /* diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 3dd2dfcc07..ec081f382c 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -54,6 +54,7 @@ #include "packet-ip.h" #include "packet-juniper.h" +#include "packet-sflow.h" #ifdef HAVE_GEOIP #include @@ -3107,6 +3108,7 @@ proto_reg_handoff_ip(void) dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP, ip_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_IP, ip_handle); dissector_add_uint("pwach.channel_type", 0x21, ip_handle); /* IPv4, RFC4385 clause 6. */ + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv4, ip_handle); dissector_add_for_decode_as("udp.port", ip_handle); heur_dissector_add("tipc", dissect_ip_heur, proto_ip); diff --git a/epan/dissectors/packet-ipv6.c b/epan/dissectors/packet-ipv6.c index ee7b0319b6..4806040739 100644 --- a/epan/dissectors/packet-ipv6.c +++ b/epan/dissectors/packet-ipv6.c @@ -51,6 +51,7 @@ #include "packet-ipv6.h" #include "packet-ip.h" #include "packet-juniper.h" +#include "packet-sflow.h" #ifdef HAVE_GEOIP_V6 #include @@ -3041,6 +3042,7 @@ proto_reg_handoff_ipv6(void) dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP6, ipv6_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_IP6, ipv6_handle); dissector_add_uint("pwach.channel_type", 0x57, ipv6_handle); /* IPv6, RFC4385 clause 6. */ + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv6, ipv6_handle); ipv6_hopopts_handle = new_create_dissector_handle(dissect_hopopts, proto_ipv6_hopopts ); dissector_add_uint("ipv6.nxt", IP_PROTO_HOPOPTS, ipv6_hopopts_handle); diff --git a/epan/dissectors/packet-mpls.c b/epan/dissectors/packet-mpls.c index 7346865c50..a2c182b982 100644 --- a/epan/dissectors/packet-mpls.c +++ b/epan/dissectors/packet-mpls.c @@ -64,6 +64,7 @@ #include "packet-pw-common.h" #include "packet-bfd.h" #include "packet-juniper.h" +#include "packet-sflow.h" void proto_register_mpls(void); void proto_reg_handoff_mpls(void); @@ -791,6 +792,7 @@ proto_reg_handoff_mpls(void) dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP6_MPLS, mpls_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_CLNP_MPLS, mpls_handle); dissector_add_for_decode_as("pwach.channel_type", mpls_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_MPLS, mpls_handle); mpls_handle = find_dissector("mplspwcw"); dissector_add_uint( "mpls.label", MPLS_LABEL_INVALID, mpls_handle ); diff --git a/epan/dissectors/packet-ppp.c b/epan/dissectors/packet-ppp.c index 1061c33580..81759814d1 100644 --- a/epan/dissectors/packet-ppp.c +++ b/epan/dissectors/packet-ppp.c @@ -49,6 +49,7 @@ #include "packet-usb.h" #include "packet-sll.h" #include "packet-juniper.h" +#include "packet-sflow.h" void proto_register_ppp_raw_hdlc(void); void proto_reg_handoff_ppp_raw_hdlc(void); @@ -5488,6 +5489,7 @@ proto_reg_handoff_ppp(void) dissector_add_uint("osinl.excl", NLPID_PPP, ppp_handle); dissector_add_uint("gre.proto", ETHERTYPE_PPP, ppp_hdlc_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_PPP, ppp_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_PPP, ppp_hdlc_handle); } void diff --git a/epan/dissectors/packet-sflow.c b/epan/dissectors/packet-sflow.c index 31f3e68e95..052636bfb8 100644 --- a/epan/dissectors/packet-sflow.c +++ b/epan/dissectors/packet-sflow.c @@ -57,6 +57,7 @@ #include #include #include +#include "packet-sflow.h" #define SFLOW_UDP_PORTS "6343" @@ -161,24 +162,6 @@ const true_false_string tfs_high_normal = { "High", "Normal" }; const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" }; const true_false_string tfs_up_down = { "Up", "Down" }; -#define SFLOW_245_HEADER_ETHERNET 1 -#define SFLOW_245_HEADER_TOKENBUS 2 -#define SFLOW_245_HEADER_TOKENRING 3 -#define SFLOW_245_HEADER_FDDI 4 -#define SFLOW_245_HEADER_FRAME_RELAY 5 -#define SFLOW_245_HEADER_X25 6 -#define SFLOW_245_HEADER_PPP 7 -#define SFLOW_245_HEADER_SMDS 8 -#define SFLOW_245_HEADER_AAL5 9 -#define SFLOW_245_HEADER_AAL5_IP 10 -#define SFLOW_245_HEADER_IPv4 11 -#define SFLOW_245_HEADER_IPv6 12 -#define SFLOW_245_HEADER_MPLS 13 -#define SFLOW_5_HEADER_POS 14 -#define SFLOW_5_HEADER_80211_MAC 15 -#define SFLOW_5_HEADER_80211_AMPDU 16 -#define SFLOW_5_HEADER_80211_AMSDU_SUBFRAME 17 - static const value_string sflow_245_header_protocol[] = { { SFLOW_245_HEADER_ETHERNET, "Ethernet"}, { SFLOW_245_HEADER_TOKENBUS, "Token Bus"}, @@ -630,23 +613,7 @@ static gint ett_sflow_245_sampled_header = -1; static expert_field ei_sflow_invalid_address_type = EI_INIT; -/* dissectors for other protocols */ -static dissector_handle_t eth_withoutfcs_handle; -static dissector_handle_t tr_handle; -static dissector_handle_t fddi_handle; -static dissector_handle_t fr_handle; -static dissector_handle_t x25_handle; -static dissector_handle_t ppp_hdlc_handle; -static dissector_handle_t smds_handle; -static dissector_handle_t aal5_handle; -static dissector_handle_t ipv4_handle; -static dissector_handle_t ipv6_handle; -static dissector_handle_t mpls_handle; -static dissector_handle_t pos_handle; -static dissector_handle_t ieee80211_mac_handle; -static dissector_handle_t ieee80211_ampdu_handle; -static dissector_handle_t ieee80211_amsdu_subframe_handle; -/* don't dissect */ +static dissector_table_t header_subdissector_table; static dissector_handle_t data_handle; void proto_reg_handoff_sflow_245(void); @@ -732,59 +699,11 @@ dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo, TRY { - switch (header_proto) { - case SFLOW_245_HEADER_ETHERNET: - call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_TOKENRING: - call_dissector(tr_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_FDDI: - call_dissector(fddi_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_FRAME_RELAY: - call_dissector(fr_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_X25: - call_dissector(x25_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_PPP: - call_dissector(ppp_hdlc_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_SMDS: - call_dissector(smds_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_AAL5: - case SFLOW_245_HEADER_AAL5_IP: - /* I'll be surprised if this works! I have no AAL5 captures - * to test with, and I'm not sure how the encapsulation goes */ - call_dissector(aal5_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_IPv4: - call_dissector(ipv4_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_IPv6: - call_dissector(ipv6_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_245_HEADER_MPLS: - call_dissector(mpls_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_5_HEADER_POS: - call_dissector(pos_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_5_HEADER_80211_MAC: - call_dissector(ieee80211_mac_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_5_HEADER_80211_AMPDU: - call_dissector(ieee80211_ampdu_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - case SFLOW_5_HEADER_80211_AMSDU_SUBFRAME: - call_dissector(ieee80211_amsdu_subframe_handle, next_tvb, pinfo, sflow_245_header_tree); - break; - default: - /* some of the protocols, I have no clue where to begin. */ - break; - } + if ((global_dissect_samp_headers == FALSE) || + !dissector_try_uint(header_subdissector_table, header_proto, next_tvb, pinfo, sflow_245_header_tree)) + { + call_dissector(data_handle, next_tvb, pinfo, sflow_245_header_tree); + } } CATCH_BOUNDS_ERRORS { @@ -3552,6 +3471,8 @@ proto_register_sflow(void) { expert_sflow = expert_register_protocol(proto_sflow); expert_register_field_array(expert_sflow, ei, array_length(ei)); + header_subdissector_table = register_dissector_table("sflow_245.header_protocol", "SFLOW header protocol", FT_UINT32, BASE_DEC); + /* Register our configuration options for sFlow */ sflow_245_module = prefs_register_protocol(proto_sflow, proto_reg_handoff_sflow_245); @@ -3610,79 +3531,6 @@ proto_reg_handoff_sflow_245(void) { sflow_ports = range_copy(global_sflow_ports); dissector_add_uint_range("udp.port", sflow_ports, sflow_handle); - - - /*dissector_handle_t sflow_245_handle;*/ - - /* - * XXX - should this be done with a dissector table? - */ - - if (global_dissect_samp_headers) { - eth_withoutfcs_handle = find_dissector("eth_withoutfcs"); - tr_handle = find_dissector("tr"); - fddi_handle = find_dissector("fddi"); - fr_handle = find_dissector("fr"); - x25_handle = find_dissector("x.25"); - ppp_hdlc_handle = find_dissector("ppp_hdlc"); -#if 0 - smds_handle = find_dissector("smds"); -#else - /* We don't have an SMDS dissector yet - * - *Switched multimegabit data service (SMDS) was a connectionless service - *used to connect LANs, MANs and WANs to exchange data. SMDS was based on - *the IEEE 802.6 DQDB standard. SMDS fragmented its datagrams into smaller - *"cells" for transport, and can be viewed as a technological precursor of ATM. - */ - smds_handle = data_handle; -#endif -#if 0 - aal5_handle = find_dissector("aal5"); -#else - /* - * No AAL5 (ATM Adaptation Layer 5) dissector available. - * What does the packet look like? An AAL5 PDU? Where - * do the VPI/VCI pair appear, if anywhere? - */ - aal5_handle = data_handle; -#endif - ipv4_handle = find_dissector("ip"); - ipv6_handle = find_dissector("ipv6"); - mpls_handle = find_dissector("mpls"); -#if 0 - pos_handle = find_dissector("pos"); -#else - /* wireshark does not have POS dissector yet */ - pos_handle = data_handle; -#endif - ieee80211_mac_handle = find_dissector("wlan_withoutfcs"); -#if 0 - ieee80211_ampdu_handle = find_dissector("ampdu"); - ieee80211_amsdu_subframe_handle = find_dissector("wlan_aggregate"); -#else - /* No handles for these */ - ieee80211_ampdu_handle = data_handle; - ieee80211_amsdu_subframe_handle = data_handle; -#endif - } else { - eth_withoutfcs_handle = data_handle; - tr_handle = data_handle; - fddi_handle = data_handle; - fr_handle = data_handle; - x25_handle = data_handle; - ppp_hdlc_handle = data_handle; - smds_handle = data_handle; - aal5_handle = data_handle; - ipv4_handle = data_handle; - ipv6_handle = data_handle; - mpls_handle = data_handle; - pos_handle = data_handle; - ieee80211_mac_handle = data_handle; - ieee80211_ampdu_handle = data_handle; - ieee80211_amsdu_subframe_handle = data_handle; - } - } /* diff --git a/epan/dissectors/packet-sflow.h b/epan/dissectors/packet-sflow.h new file mode 100644 index 0000000000..d2a32c420f --- /dev/null +++ b/epan/dissectors/packet-sflow.h @@ -0,0 +1,65 @@ +/* packet-sflow.h + * sFlow v5 dissection implemented according to the specifications + * at http://www.sflow.org/sflow_version_5.txt + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef __PACKET_SFLOW_H__ +#define __PACKET_SFLOW_H__ + +#define SFLOW_245_HEADER_ETHERNET 1 +#define SFLOW_245_HEADER_TOKENBUS 2 +#define SFLOW_245_HEADER_TOKENRING 3 +#define SFLOW_245_HEADER_FDDI 4 +#define SFLOW_245_HEADER_FRAME_RELAY 5 +#define SFLOW_245_HEADER_X25 6 +#define SFLOW_245_HEADER_PPP 7 + +/* We don't have an SMDS dissector yet + * + * Switched multimegabit data service (SMDS) was a connectionless service + * used to connect LANs, MANs and WANs to exchange data. SMDS was based on + * the IEEE 802.6 DQDB standard. SMDS fragmented its datagrams into smaller + * "cells" for transport, and can be viewed as a technological precursor of ATM. + */ +#define SFLOW_245_HEADER_SMDS 8 + +/* + * No AAL5 (ATM Adaptation Layer 5) dissector available. + * What does the packet look like? An AAL5 PDU? Where + * do the VPI/VCI pair appear, if anywhere? + */ +#define SFLOW_245_HEADER_AAL5 9 +#define SFLOW_245_HEADER_AAL5_IP 10 + +#define SFLOW_245_HEADER_IPv4 11 +#define SFLOW_245_HEADER_IPv6 12 +#define SFLOW_245_HEADER_MPLS 13 + +/* wireshark does not have POS dissector yet */ +#define SFLOW_5_HEADER_POS 14 + +#define SFLOW_5_HEADER_80211_MAC 15 + +/* XXX - No handles for these, need to be converted into "dissectors" */ +#define SFLOW_5_HEADER_80211_AMPDU 16 /* "wlan_aggregate" */ +#define SFLOW_5_HEADER_80211_AMSDU_SUBFRAME 17 + +#endif diff --git a/epan/dissectors/packet-tr.c b/epan/dissectors/packet-tr.c index 38b358cfe2..404208103a 100644 --- a/epan/dissectors/packet-tr.c +++ b/epan/dissectors/packet-tr.c @@ -32,6 +32,7 @@ #include #include "packet-tr.h" #include "packet-llc.h" +#include "packet-sflow.h" #include #include #include @@ -820,6 +821,7 @@ proto_reg_handoff_tr(void) tr_handle = find_dissector("tr"); dissector_add_uint("wtap_encap", WTAP_ENCAP_TOKEN_RING, tr_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_TOKENRING, tr_handle); } /* diff --git a/epan/dissectors/packet-x25.c b/epan/dissectors/packet-x25.c index a0cfd92ee9..fbefdb5bc0 100644 --- a/epan/dissectors/packet-x25.c +++ b/epan/dissectors/packet-x25.c @@ -39,6 +39,7 @@ #include #include #include +#include "packet-sflow.h" void proto_register_x25(void); void proto_reg_handoff_x25(void); @@ -2473,6 +2474,7 @@ proto_reg_handoff_x25(void) dissector_add_uint("llc.dsap", SAP_X25, x25_handle); dissector_add_uint("lapd.sapi", LAPD_SAPI_X25, x25_handle); dissector_add_uint("ax25.pid", AX25_P_ROSE, x25_handle); + dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_X25, x25_handle); } /* -- cgit v1.2.3