1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
/*
* exported_pdu.h
* Routines for exported_pdu dissection
* Copyright 2013, Anders Broman <anders-broman@ericsson.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef EXPORTED_PDU_H
#define EXPORTED_PDU_H
#include <config.h>
#include "ws_symbol_export.h"
#include <glib.h>
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/*
* Define different common tap names to extract PDUs at different layers,
* otherwise one packet may be exported several times at different layers
* if all taps are run.
*/
#define EXPORT_PDU_TAP_NAME_LAYER_3 "OSI layer 3"
#define EXPORT_PDU_TAP_NAME_LAYER_7 "OSI layer 7"
/* To add dynamically an export name, call the following function
It returns the registered tap */
WS_DLL_PUBLIC gint register_export_pdu_tap(const char *name);
WS_DLL_PUBLIC GSList *get_export_pdu_tap_list(void);
/**
* This struct is used as the data part of tap_queue_packet() and contains a
* buffer with metadata of the protocol PDU included in the tvb in the struct.
* the meta data is in TLV form, at least one tag MUST indicate what protocol is
* in the PDU.
* Buffer layout:
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Option Code | Option Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* / Option Value /
* / variable length, aligned to 32 bits /
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* / /
* / . . . other options . . . /
* / /
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Option Code == opt_endofopt | Option Length == 0 |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
/* Tag values
*
* Do NOT add new values to this list without asking
* wireshark-dev[AT]wireshark.org for a value. Otherwise, you run the risk of
* using a value that's already being used for some other purpose, and of
* having tools that read exported_pdu captures not being able to handle
* captures with your new tag value, with no hope that they will ever be
* changed to do so (as that would destroy their ability to read captures
* using that value for that other purpose).
*/
#define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */
/* 1 - 9 reserved */
#define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV */
#define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */
#define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string
* of the registered dissector used by Wireshark e.g "sip"
* Will be used to call the next dissector.
*/
#define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string
* containing the heuristic unique short protocol name given
* during registration, e.g "sip_udp"
* Will be used to call the next dissector.
*/
#define EXP_PDU_TAG_DISSECTOR_TABLE_NAME 14 /**< The value part should be an ASCII non NULL terminated string
* containing the dissector table name given
* during registration, e.g "gsm_map.v3.arg.opcode"
* Will be used to call the next dissector.
*/
/* Add protocol type related tags here.
* NOTE Only one protocol type tag may be present in a packet, the first one
* found will be used*/
/* 13 - 19 reserved */
#define EXP_PDU_TAG_IPV4_SRC 20
#define EXP_PDU_TAG_IPV4_DST 21
#define EXP_PDU_TAG_IPV6_SRC 22
#define EXP_PDU_TAG_IPV6_DST 23
#define EXP_PDU_TAG_PORT_TYPE 24 /**< value part is port_type enum from epan/address.h */
#define EXP_PDU_TAG_SRC_PORT 25
#define EXP_PDU_TAG_DST_PORT 26
#define EXP_PDU_TAG_SS7_OPC 28
#define EXP_PDU_TAG_SS7_DPC 29
#define EXP_PDU_TAG_ORIG_FNO 30
#define EXP_PDU_TAG_DVBCI_EVT 31
#define EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL 32 /**< value part is the numeric value to be used calling the dissector table
* given with tag EXP_PDU_TAG_DISSECTOR_TABLE_NAME, must follow immediately after the table tag.
*/
#define EXP_PDU_TAG_COL_PROT_TEXT 33 /**< Text string to put in COL_PROTOCOL, one use case is in conjunction with dissector tables where
* COL_PROTOCOL might not be filled in.
*/
typedef struct _exp_pdu_data_t {
guint tlv_buffer_len;
guint8 *tlv_buffer;
guint tvb_captured_length;
guint tvb_reported_length;
tvbuff_t *pdu_tvb;
} exp_pdu_data_t;
/* 1st byte of optional tags bitmap */
#define EXP_PDU_TAG_IP_SRC_BIT 0x01
#define EXP_PDU_TAG_IP_DST_BIT 0x02
#define EXP_PDU_TAG_SRC_PORT_BIT 0x04
#define EXP_PDU_TAG_DST_PORT_BIT 0x08
#define EXP_PDU_TAG_SS7_OPC_BIT 0x20
#define EXP_PDU_TAG_SS7_DPC_BIT 0x40
#define EXP_PDU_TAG_ORIG_FNO_BIT 0x80
/* 2nd byte of optional tags bitmap */
#define EXP_PDU_TAG_DVBCI_EVT_BIT 0x01
#define EXP_PDU_TAG_IPV4_SRC_LEN 4
#define EXP_PDU_TAG_IPV4_DST_LEN 4
#define EXP_PDU_TAG_IPV6_SRC_LEN 16
#define EXP_PDU_TAG_IPV6_DST_LEN 16
#define EXP_PDU_TAG_PORT_TYPE_LEN 4
#define EXP_PDU_TAG_SRC_PORT_LEN 4
#define EXP_PDU_TAG_DST_PORT_LEN 4
#define EXP_PDU_TAG_SS7_OPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
#define EXP_PDU_TAG_SS7_DPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */
#define EXP_PDU_TAG_ORIG_FNO_LEN 4
#define EXP_PDU_TAG_DVBCI_EVT_LEN 1
/**
* Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags
* bit field of wanted_exp_tags_len bytes length
* tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME
* proto_name interpretation depends on tag_type value
*
* The tags in the tag buffer SHOULD be added in numerical order.
*/
WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name,
guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* EXPORTED_PDU_H */
|
