diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-11-20 18:52:02 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2015-11-21 02:52:57 +0000 |
commit | 91f4e3b73d6929591d6b0790c7e1a4c1810f045d (patch) | |
tree | e46395c93860ba78d20177254f0fb539ddcb2cd4 | |
parent | fef4714e7255572ec40a877ccf7fb7ca76eb90dc (diff) |
Have a separate dissector for pcap/pcapng-format packet data.
Put that dissector into its own file, and get handles for it from the
pcap and pcapng file dissectors. Put the value_string of pcap/pcapng
LINKTYPE_ values there, and have the pcap and pcapng file dissectors
import it.
Expand that table to include all LINKTYPE_ values in the current
libpcap.
Change-Id: I9397035efa5711e8a18a26e056d3b54494fd3148
Reviewed-on: https://code.wireshark.org/review/12000
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 2 | ||||
-rw-r--r-- | epan/dissectors/file-pcap.c | 240 | ||||
-rw-r--r-- | epan/dissectors/file-pcapng.c | 154 | ||||
-rw-r--r-- | epan/dissectors/packet-pcap_pktdata.c | 372 | ||||
-rw-r--r-- | epan/dissectors/packet-pcap_pktdata.h | 36 |
6 files changed, 424 insertions, 381 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index f181887316..6635e75ece 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -259,6 +259,7 @@ set(ASN1_DISSECTOR_SRC dissectors/packet-p7.c dissectors/packet-p772.c dissectors/packet-pcap.c + dissectors/packet-pcap_pktdata.c dissectors/packet-pkcs1.c dissectors/packet-pkcs12.c dissectors/packet-pkinit.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index bce9598fcd..324b9b58b6 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -1036,6 +1036,7 @@ DISSECTOR_SRC = \ packet-pagp.c \ packet-paltalk.c \ packet-pana.c \ + packet-pcap_pktdata.c \ packet-pcapng_block.c \ packet-pcep.c \ packet-pcli.c \ @@ -1632,6 +1633,7 @@ DISSECTOR_INCLUDES = \ packet-p22.h \ packet-p7.h \ packet-p772.h \ + packet-pcap_pktdata.h \ packet-pcnfsd.h \ packet-pdcp-lte.h \ packet-per.h \ diff --git a/epan/dissectors/file-pcap.c b/epan/dissectors/file-pcap.c index f9304467ea..d04e7d86df 100644 --- a/epan/dissectors/file-pcap.c +++ b/epan/dissectors/file-pcap.c @@ -1,6 +1,6 @@ /* file-pcap.c * Routines for PCAP File Format - * https://wiki.wireshark.org/Development/LibpcapFileFormat + * http://www.tcpdump.org/manpages/pcap-savefile.5.html * * Copyright 2015, Michal Labedzki for Tieto Corporation * @@ -32,13 +32,11 @@ #include <epan/show_exception.h> #include <epan/wmem/wmem.h> -#include <wiretap/wtap.h> -#include <wiretap/pcap-encap.h> +#include <epan/dissectors/packet-pcap_pktdata.h> static int proto_pcap = -1; -static dissector_handle_t pcap_handle; -dissector_handle_t pcap_pseudoheader_handle; +static dissector_handle_t pcap_pktdata_handle; static int hf_pcap_header = -1; static int hf_pcap_header_magic_number = -1; @@ -55,9 +53,6 @@ static int hf_pcap_packet_timestamp_usec = -1; static int hf_pcap_packet_included_length = -1; static int hf_pcap_packet_origin_length = -1; static int hf_pcap_packet_data = -1; -static int hf_pcap_packet_data_pseudoheader = -1; -static int hf_pcap_packet_data_pseudoheader_bluetooth_direction = -1; -static int hf_pcap_packet_data_data = -1; static expert_field ei_unknown_encoding = EI_INIT; @@ -65,11 +60,8 @@ static gint ett_pcap = -1; static gint ett_pcap_header = -1; static gint ett_pcap_packet = -1; static gint ett_pcap_packet_data = -1; -static gint ett_pcap_pseudoheader = -1; static gint ett_pcap_timestamp = -1; -static dissector_table_t wtap_encap_table; - static gboolean pref_dissect_next_layer = FALSE; static const value_string magic_number_vals[] = { @@ -78,213 +70,10 @@ static const value_string magic_number_vals[] = { { 0, NULL } }; -static const value_string link_type_vals[] = { - { 0, "NULL" }, - { 1, "ETHERNET" }, - { 3, "AX25" }, - { 6, "IEEE802_5" }, - { 7, "ARCNET_BSD" }, - { 8, "SLIP" }, - { 9, "PPP" }, - { 10, "FDDI" }, - { 50, "PPP_HDLC" }, - { 51, "PPP_ETHER" }, - { 100, "ATM_RFC1483" }, - { 101, "RAW" }, - { 104, "C_HDLC" }, - { 105, "IEEE802_11" }, - { 107, "FRELAY" }, - { 108, "LOOP" }, - { 113, "LINUX_SLL" }, - { 114, "LTALK" }, - { 117, "PFLOG" }, - { 119, "IEEE802_11_PRISM" }, - { 122, "IP_OVER_FC" }, - { 123, "SUNATM" }, - { 127, "IEEE802_11_RADIOTAP" }, - { 129, "ARCNET_LINUX" }, - { 138, "APPLE_IP_OVER_IEEE1394" }, - { 139, "MTP2_WITH_PHDR" }, - { 140, "MTP2" }, - { 141, "MTP3" }, - { 142, "SCCP" }, - { 143, "DOCSIS" }, - { 144, "LINUX_IRDA" }, - { 147, "USER_0" }, - { 148, "USER_1" }, - { 149, "USER_2" }, - { 150, "USER_3" }, - { 151, "USER_4" }, - { 152, "USER_5" }, - { 153, "USER_6" }, - { 154, "USER_7" }, - { 155, "USER_8" }, - { 156, "USER_9" }, - { 157, "USER_10" }, - { 158, "USER_11" }, - { 159, "USER_12" }, - { 160, "USER_13" }, - { 161, "USER_14" }, - { 162, "USER_15" }, - { 163, "IEEE802_11_AVS" }, - { 165, "BACNET_MS_TP" }, - { 166, "PPP_PPPD" }, - { 169, "GPRS_LLC" }, - { 177, "LINUX_LAPD" }, - { 187, "BLUETOOTH_HCI_H4" }, - { 189, "USB_LINUX" }, - { 192, "PPI" }, - { 195, "IEEE802_15_4" }, - { 196, "SITA" }, - { 197, "ERF" }, - { 201, "BLUETOOTH_HCI_H4_WITH_PHDR" }, - { 202, "AX25_KISS" }, - { 203, "LAPD" }, - { 204, "PPP_WITH_DIR" }, - { 205, "C_HDLC_WITH_DIR" }, - { 206, "FRELAY_WITH_DIR" }, - { 209, "IPMB_LINUX" }, - { 215, "IEEE802_15_4_NONASK_PHY" }, - { 220, "USB_LINUX_MMAPPED" }, - { 224, "FC_2" }, - { 225, "FC_2_WITH_FRAME_DELIMS" }, - { 226, "IPNET" }, - { 227, "CAN_SOCKETCAN" }, - { 228, "IPV4" }, - { 229, "IPV6" }, - { 230, "IEEE802_15_4_NOFCS" }, - { 231, "DBUS" }, - { 235, "DVB_CI" }, - { 236, "MUX27010" }, - { 237, "STANAG_5066_D_PDU" }, - { 239, "NFLOG" }, - { 240, "NETANALYZER" }, - { 241, "NETANALYZER_TRANSPARENT" }, - { 242, "IPOIB" }, - { 243, "MPEG_2_TS" }, - { 244, "NG40" }, - { 245, "NFC_LLCP" }, - { 247, "INFINIBAND" }, - { 248, "SCTP" }, - { 249, "USBPCAP" }, - { 250, "RTAC_SERIAL" }, - { 251, "BLUETOOTH_LE_LL" }, - { 253, "NETLINK" }, - { 254, "BLUETOOTH_LINUX_MONITOR" }, - { 255, "BLUETOOTH_BREDR_BB" }, - { 256, "BLUETOOTH_LE_LL_WITH_PHDR" }, - { 257, "PROFIBUS_DL" }, - { 258, "PKTAP" }, - { 259, "EPON" }, - { 260, "IPMI_HPM_2" }, - { 261, "ZWAVE_R1_R2" }, - { 262, "ZWAVE_R3" }, - { 263, "WATTSTOPPER_DLM" }, - { 264, "ISO_14443" }, - { 0, NULL } -}; - -static const value_string pseudoheader_bluetooth_direction_vals[] = { - { 0, "Sent" }, - { 1, "Recv" }, - { 0, NULL } -}; - - void proto_register_file_pcap(void); void proto_reg_handoff_file_pcap(void); static int -dissect_pcap_pseudoheader(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) -{ - gint offset = 0; - guint32 *link_type; - guint32 length = 0; - tvbuff_t *next_tvb; - proto_item *pseudoheader_item; - proto_tree *pseudoheader_tree = NULL; - proto_item *packet_item; - proto_tree *packet_tree; - - DISSECTOR_ASSERT(data); - - link_type = (guint32 *) data; - pinfo->phdr->pkt_encap = wtap_pcap_encap_to_wtap_encap(*link_type); - - switch (*link_type) { - case 139: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 196: - length = 5; - break; - case 197: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 201: - length = 4; - break; - case 204: - length = 1; - break; - case 205: - length = 1; - break; - case 206: - length = 1; - break; - case 209: - length = 6; - break; - case 226: - length = 24; - break; - case 227: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 240: - case 241: - length = 4; - break; - case 244: - length = 20; - break; - case 245: - length = 20; - break; - } - - if (length > 0) { - pseudoheader_item = proto_tree_add_item(tree, hf_pcap_packet_data_pseudoheader, tvb, offset, length, ENC_NA); - pseudoheader_tree = proto_item_add_subtree(pseudoheader_item, ett_pcap_pseudoheader); - } - - switch (*link_type) { - case 201: - proto_tree_add_item(pseudoheader_tree, hf_pcap_packet_data_pseudoheader_bluetooth_direction, tvb, offset, 4, ENC_BIG_ENDIAN); - if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 0) - pinfo->p2p_dir = P2P_DIR_SENT; - else if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 1) - pinfo->p2p_dir = P2P_DIR_RECV; - else - pinfo->p2p_dir = P2P_DIR_UNKNOWN; - offset += 4; - break; - default: - offset += length; - } - - next_tvb = tvb_new_subset_remaining(tvb, offset); - - packet_item = proto_tree_add_item(tree, hf_pcap_packet_data_data, tvb, offset, tvb_reported_length(next_tvb), ENC_NA); - packet_tree = proto_item_add_subtree(packet_item, ett_pcap_packet_data); - - offset = dissector_try_uint_new(wtap_encap_table, pinfo->phdr->pkt_encap, next_tvb, pinfo, packet_tree, TRUE, NULL); - - return offset; -} - -static int dissect_pcap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { static const guint8 pcap_magic[] = { 0xA1, 0xB2, 0xC3, 0xD4 }; @@ -379,7 +168,7 @@ dissect_pcap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_ if (pref_dissect_next_layer) { TRY { - call_dissector_with_data(pcap_pseudoheader_handle, tvb_new_subset(tvb, offset, length, origin_length), pinfo, packet_data_tree, &link_type); + call_dissector_with_data(pcap_pktdata_handle, tvb_new_subset(tvb, offset, length, origin_length), pinfo, packet_data_tree, &link_type); } CATCH_BOUNDS_ERRORS { show_exception(tvb, pinfo, packet_data_tree, EXCEPT_CODE, GET_MESSAGE); @@ -483,21 +272,6 @@ proto_register_file_pcap(void) FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, - { &hf_pcap_packet_data_pseudoheader, - { "Pseudoheader", "pcap.packet.data.pseudoheader", - FT_NONE, BASE_NONE, NULL, 0x00, - NULL, HFILL } - }, - { &hf_pcap_packet_data_pseudoheader_bluetooth_direction, - { "Direction", "pcap.packet.data.pseudoheader.bluetooth.direction", - FT_UINT32, BASE_HEX, VALS(pseudoheader_bluetooth_direction_vals), 0x00, - NULL, HFILL } - }, - { &hf_pcap_packet_data_data, - { "Data", "pcap.packet.data.data", - FT_NONE, BASE_NONE, NULL, 0x00, - NULL, HFILL } - }, }; static ei_register_info ei[] = { @@ -509,7 +283,6 @@ proto_register_file_pcap(void) &ett_pcap_header, &ett_pcap_packet, &ett_pcap_packet_data, - &ett_pcap_pseudoheader, &ett_pcap_timestamp }; @@ -517,8 +290,7 @@ proto_register_file_pcap(void) proto_register_field_array(proto_pcap, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - pcap_handle = new_register_dissector("file-pcap", dissect_pcap, proto_pcap); - pcap_pseudoheader_handle = new_create_dissector_handle(dissect_pcap_pseudoheader, proto_pcap); + new_register_dissector("file-pcap", dissect_pcap, proto_pcap); module = prefs_register_protocol(proto_pcap, NULL); prefs_register_static_text_preference(module, "version", @@ -538,7 +310,7 @@ void proto_reg_handoff_file_pcap(void) { heur_dissector_add("wtap_file", dissect_pcap_heur, "PCAP File", "pcap_wtap", proto_pcap, HEURISTIC_ENABLE); - wtap_encap_table = find_dissector_table("wtap_encap"); + pcap_pktdata_handle = find_dissector("pcap_pktdata"); } /* diff --git a/epan/dissectors/file-pcapng.c b/epan/dissectors/file-pcapng.c index 2152130052..f1710bfb75 100644 --- a/epan/dissectors/file-pcapng.c +++ b/epan/dissectors/file-pcapng.c @@ -33,12 +33,11 @@ #include <epan/addr_resolv.h> #include <epan/wmem/wmem.h> -#include <wiretap/wtap.h> +#include <epan/dissectors/packet-pcap_pktdata.h> static int proto_pcapng = -1; -static dissector_handle_t pcapng_handle; -extern dissector_handle_t pcap_pseudoheader_handle; +static dissector_handle_t pcap_pktdata_handle; static int hf_pcapng_block = -1; @@ -339,146 +338,6 @@ static const value_string flags_reception_type_vals[] = { { 0, NULL } }; -/* Mostly PCAP, but add also link type found in wiretap code */ -static const value_string link_type_vals[] = { - { 0, "NULL" }, - { 1, "ETHERNET" }, - { 3, "AX25" }, - { 6, "IEEE802_5" }, - { 7, "ARCNET_BSD" }, - { 8, "SLIP" }, - { 9, "PPP" }, - { 10, "FDDI/FDDI_BITSWAPPED" }, - { 32, "REDBACK" }, - { 50, "PPP_HDLC" }, - { 51, "PPP_ETHER" }, - { 99, "SYMANTEC" }, - { 100, "ATM_RFC1483" }, - { 101, "RAW" }, - { 104, "C_HDLC" }, - { 105, "IEEE802_11" }, - { 106, "LINUX_ATM_CLIP" }, - { 107, "FRELAY" }, - { 108, "LOOP" }, - { 109, "ENC" }, - { 112, "CHDLC" }, - { 113, "LINUX_SLL" }, - { 114, "LTALK" }, - { 117, "PFLOG" }, - { 118, "CISCO_IOS" }, - { 119, "IEEE802_11_PRISM" }, - { 121, "HHDLC" }, - { 122, "IP_OVER_FC" }, - { 123, "SUNATM" }, - { 127, "IEEE802_11_RADIOTAP" }, - { 128, "TZSP" }, - { 129, "ARCNET_LINUX" }, - { 130, "JUNIPER_MLPPP" }, - { 131, "JUNIPER_MLFR" }, - { 133, "JUNIPER_GGSN" }, - { 135, "JUNIPER_ATM2" }, - { 136, "JUNIPER_SVCS" }, - { 137, "JUNIPER_ATM1" }, - { 138, "APPLE_IP_OVER_IEEE1394" }, - { 139, "MTP2_WITH_PHDR" }, - { 140, "MTP2" }, - { 141, "MTP3" }, - { 142, "SCCP" }, - { 143, "DOCSIS" }, - { 144, "LINUX_IRDA" }, - { 147, "USER_0" }, - { 148, "USER_1" }, - { 149, "USER_2" }, - { 150, "USER_3" }, - { 151, "USER_4" }, - { 152, "USER_5" }, - { 153, "USER_6" }, - { 154, "USER_7" }, - { 155, "USER_8" }, - { 156, "USER_9" }, - { 157, "USER_10" }, - { 158, "USER_11" }, - { 159, "USER_12" }, - { 160, "USER_13" }, - { 161, "USER_14" }, - { 162, "USER_15" }, - { 163, "IEEE802_11_AVS" }, - { 165, "BACNET_MS_TP" }, - { 166, "PPP_PPPD" }, - { 167, "JUNIPER_PPPOE" }, - { 169, "GPRS_LLC" }, - { 172, "GCOM_TIE1" }, - { 173, "GCOM_SERIAL" }, - { 177, "LINUX_LAPD" }, - { 178, "JUNIPER_ETHER" }, - { 179, "JUNIPER_PPP" }, - { 180, "JUNIPER_FRELAY" }, - { 181, "JUNIPER_CHDLC" }, - { 183, "JUNIPER_VP" }, - { 186, "USB" }, - { 187, "BLUETOOTH_HCI_H4" }, - { 188, "IEEE802_16_MAC_CPS" }, - { 189, "USB_LINUX" }, - { 190, "CAN20B" }, - { 192, "PPI" }, - { 195, "IEEE802_15_4" }, - { 196, "SITA" }, - { 197, "ERF" }, - { 199, "IPMB" }, - { 201, "BLUETOOTH_HCI_H4_WITH_PHDR" }, - { 202, "AX25_KISS" }, - { 203, "LAPD" }, - { 204, "PPP_WITH_DIR" }, - { 205, "C_HDLC_WITH_DIR" }, - { 206, "FRELAY_WITH_DIR" }, - { 209, "IPMB_LINUX" }, - { 210, "FLEXRAY" }, - { 211, "MOST" }, - { 212, "LIN" }, - { 213, "X2E_SERIAL" }, - { 214, "X2E_XORAYA" }, - { 215, "IEEE802_15_4_NONASK_PHY" }, - { 220, "USB_LINUX_MMAPPED" }, - { 224, "FC_2" }, - { 225, "FC_2_WITH_FRAME_DELIMS" }, - { 226, "IPNET" }, - { 227, "CAN_SOCKETCAN" }, - { 228, "IPV4" }, - { 229, "IPV6" }, - { 230, "IEEE802_15_4_NOFCS" }, - { 231, "DBUS" }, - { 235, "DVB_CI" }, - { 236, "MUX27010" }, - { 237, "STANAG_5066_D_PDU" }, - { 239, "NFLOG" }, - { 240, "NETANALYZER" }, - { 241, "NETANALYZER_TRANSPARENT" }, - { 242, "IPOIB" }, - { 243, "MPEG_2_TS" }, - { 244, "NG40" }, - { 245, "NFC_LLCP" }, - { 247, "INFINIBAND" }, - { 248, "SCTP" }, - { 249, "USBPCAP" }, - { 250, "RTAC_SERIAL" }, - { 251, "BLUETOOTH_LE_LL" }, - { 252, "WIRESHARK_UPPER_PDU" }, - { 253, "NETLINK" }, - { 254, "BLUETOOTH_LINUX_MONITOR" }, - { 255, "BLUETOOTH_BREDR_BB" }, - { 256, "BLUETOOTH_LE_LL_WITH_PHDR" }, - { 257, "PROFIBUS_DL" }, - { 258, "PKTAP" }, - { 259, "EPON" }, - { 260, "IPMI_HPM_2" }, - { 261, "ZWAVE_R1_R2" }, - { 262, "ZWAVE_R3" }, - { 263, "WATTSTOPPER_DLM" }, - { 264, "ISO_14443" }, - { 0, NULL } -}; - - void proto_register_pcapng(void); void proto_reg_handoff_pcapng(void); @@ -1171,7 +1030,7 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, interface_description = (struct interface_description *) wmem_array_index(info->interfaces, interface_id); TRY { - call_dissector_with_data(pcap_pseudoheader_handle, tvb_new_subset(tvb, offset, captured_length, reported_length), + call_dissector_with_data(pcap_pktdata_handle, tvb_new_subset(tvb, offset, captured_length, reported_length), pinfo, packet_data_tree, &interface_description->link_type); } CATCH_BOUNDS_ERRORS { @@ -1209,7 +1068,7 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, interface_description = (struct interface_description *) wmem_array_index(info->interfaces, interface_id); TRY { - call_dissector_with_data(pcap_pseudoheader_handle, tvb_new_subset_length(tvb, offset, captured_length), + call_dissector_with_data(pcap_pktdata_handle, tvb_new_subset_length(tvb, offset, captured_length), pinfo, packet_data_tree, &interface_description->link_type); } CATCH_BOUNDS_ERRORS { @@ -1374,7 +1233,7 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, interface_description = (struct interface_description *) wmem_array_index(info->interfaces, interface_id); TRY { - call_dissector_with_data(pcap_pseudoheader_handle, tvb_new_subset(tvb, offset, captured_length, reported_length), + call_dissector_with_data(pcap_pktdata_handle, tvb_new_subset(tvb, offset, captured_length, reported_length), pinfo, packet_data_tree, &interface_description->link_type); } CATCH_BOUNDS_ERRORS { @@ -1950,7 +1809,7 @@ proto_register_pcapng(void) proto_register_field_array(proto_pcapng, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - pcapng_handle = new_register_dissector("file-pcapng", dissect_pcapng, proto_pcapng); + new_register_dissector("file-pcapng", dissect_pcapng, proto_pcapng); module = prefs_register_protocol(proto_pcapng, NULL); prefs_register_static_text_preference(module, "version", @@ -1970,6 +1829,7 @@ void proto_reg_handoff_pcapng(void) { heur_dissector_add("wtap_file", dissect_pcapng_heur, "PCAPNG File", "pcapng_wtap", proto_pcapng, HEURISTIC_ENABLE); + pcap_pktdata_handle = find_dissector("pcap_pktdata"); } /* diff --git a/epan/dissectors/packet-pcap_pktdata.c b/epan/dissectors/packet-pcap_pktdata.c new file mode 100644 index 0000000000..8e10e291e8 --- /dev/null +++ b/epan/dissectors/packet-pcap_pktdata.c @@ -0,0 +1,372 @@ +/* packet-pcap_pktdata.c + * Dissect packet data from a pcap or pcapng file or from a "remote pcap" + * protocol. + * + * Copyright 2015, Michal Labedzki for Tieto Corporation + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> + +#include <wiretap/wtap.h> +#include <wiretap/pcap-encap.h> + +#include <epan/dissectors/packet-pcap_pktdata.h> + +static int proto_pcap_pktdata = -1; + +static int hf_pcap_pktdata_pseudoheader = -1; +static int hf_pcap_pktdata_pseudoheader_bluetooth_direction = -1; +static int hf_pcap_pktdata_data = -1; + +static gint ett_pcap_pktdata_pseudoheader = -1; +static gint ett_pcap_pktdata_data = -1; + +static dissector_table_t wtap_encap_table; + +/* + * Link-layer header type values. + * + * Includes both the official documented values from + * + * http://www.tcpdump.org/linktypes.html + * + * and values not listed there. The names are, in most cases, the + * LINKTYPE_ names with LINKTYPE_ stripped off. + */ +const value_string link_type_vals[] = { + { 0, "NULL" }, + { 1, "ETHERNET" }, + { 2, "EXP_ETHERNET" }, /* 3Mb experimental Ethernet */ + { 3, "AX25" }, + { 4, "PRONET" }, /* Proteon PRONET */ + { 5, "CHAOS" }, /* MIT Chaosnet */ + { 6, "IEEE802_5" }, + { 7, "ARCNET_BSD" }, + { 8, "SLIP" }, + { 9, "PPP" }, + { 10, "FDDI" }, + { 32, "REDBACK" }, /* Redback SmartEdge 400/800 */ + { 50, "PPP_HDLC" }, + { 51, "PPP_ETHER" }, + { 99, "SYMANTEC_FIREWALL" }, + { 100, "ATM_RFC1483" }, + { 101, "RAW" }, + { 102, "BSD/OS SLIP" }, + { 103, "BSD/OS PPP" }, + { 104, "C_HDLC" }, + { 105, "IEEE802_11" }, + { 106, "LINUX_ATM_CLIP" }, + { 107, "FRELAY" }, + { 108, "LOOP" }, + { 109, "ENC" }, + { 110, "LANE8023" }, /* ATM LANE + 802.3 */ + { 111, "HIPPI" }, /* NetBSD HIPPI */ + { 112, "HDLC" }, /* NetBSD HDLC framing */ + { 113, "LINUX_SLL" }, + { 114, "LTALK" }, + { 115, "ECONET" }, /* Acorn Econet */ + { 116, "IPFILTER" }, /* Reserved for use with OpenBSD ipfilter */ + { 117, "PFLOG" }, + { 118, "CISCO_IOS" }, /* for Cisco-internal use */ + { 119, "IEEE802_11_PRISM" }, + { 120, "IEEE802_11_AIRONET" }, /* 802.11 plus FreeBSD Aironet drive metadata header */ + { 121, "HHDLC" }, /* reserved for Siemens HiPath HDLC - never used */ + { 122, "IP_OVER_FC" }, + { 123, "SUNATM" }, + { 124, "RIO" }, /* Private use for RapidIO */ + { 125, "PCI_EXP" }, /* Private use for PCI Express */ + { 126, "AURORA" }, /* Xilinx Aurora link layer */ + { 127, "IEEE802_11_RADIOTAP" }, + { 128, "TZSP" }, /* reserved for TZSP encapsulation - never used */ + { 129, "ARCNET_LINUX" }, + { 130, "JUNIPER_MLPPP" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 131, "JUNIPER_MLFR" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 132, "JUNIPER_ES" }, /* Juniper-private, but handled by tcpdump */ + { 133, "JUNIPER_GGSN" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 134, "JUNIPER_MFR" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 135, "JUNIPER_ATM2" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 136, "JUNIPER_SVCS" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 137, "JUNIPER_ATM1" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 138, "APPLE_IP_OVER_IEEE1394" }, + { 139, "MTP2_WITH_PHDR" }, + { 140, "MTP2" }, + { 141, "MTP3" }, + { 142, "SCCP" }, + { 143, "DOCSIS" }, + { 144, "LINUX_IRDA" }, + { 145, "IBM_SP" }, /* Reserved for IBM SP switch */ + { 146, "IBM_SN" }, /* Reserved for IBM Next Federation switch */ + { 147, "USER_0" }, + { 148, "USER_1" }, + { 149, "USER_2" }, + { 150, "USER_3" }, + { 151, "USER_4" }, + { 152, "USER_5" }, + { 153, "USER_6" }, + { 154, "USER_7" }, + { 155, "USER_8" }, + { 156, "USER_9" }, + { 157, "USER_10" }, + { 158, "USER_11" }, + { 159, "USER_12" }, + { 160, "USER_13" }, + { 161, "USER_14" }, + { 162, "USER_15" }, + { 163, "IEEE802_11_AVS" }, + { 164, "JUNIPER_MONITOR" }, /* Juniper-private, but handled by tcpdump */ + { 165, "BACNET_MS_TP" }, + { 166, "PPP_PPPD" }, + { 167, "JUNIPER_PPPOE" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 168, "JUNIPER_PPPOE_ATM" }, /* Juniper-private, but handled by tcpdump */ + { 169, "GPRS_LLC" }, + { 170, "GPF_T" }, /* GPF-T (ITU-T G.7041/Y.1303) */ + { 171, "GPF_F" }, /* GPF-F (ITU-T G.7041/Y.1303) */ + { 172, "GCOM_TIE1" }, /* Reserved for Gcom's T1/E1 line monitoring equipment */ + { 173, "GCOM_SERIAL" }, /* Reserved for Gcom's T1/E1 line monitoring equipment */ + { 174, "JUNIPER_PIC_PEER" }, /* Juniper-private */ + { 175, "ERF_ETH" }, /* ERF header followed by Ethernet */ + { 176, "ERF_POS" }, /* ERF header followed by Packet-over-SONET */ + { 177, "LINUX_LAPD" }, + { 178, "JUNIPER_ETHER" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 179, "JUNIPER_PPP" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 180, "JUNIPER_FRELAY" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 181, "JUNIPER_CHDLC" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 182, "MFR" }, /* Multi Link Frame Relay (FRF.16) */ + { 183, "JUNIPER_VP" }, /* Juniper-private, but handled by tcpdump and Wireshark */ + { 184, "A429" }, /* Arinc 429 frames */ + { 185, "A653_ICM" }, /* Aricn 653 Interpartition Communication messages */ + { 186, "USB" }, /* Older USB header */ + { 187, "BLUETOOTH_HCI_H4" }, + { 188, "IEEE802_16_MAC_CPS" }, /* IEEE 802.16 MAC Common Part Sublayer */ + { 189, "USB_LINUX" }, + { 190, "CAN20B" }, /* CAN v2.0B packets */ + { 191, "IEEE802_15_4_LINUX" }, /* IEEE 802.15.4, with address fields padded, as is done by Linux drivers */ + { 192, "PPI" }, + { 193, "IEEE802_16_MAC_CPS_RADIO" }, /* 802.16 MAC Common Part Sublayer plus a radiotap radio header */ + { 194, "JUNIPER_ISM" }, /* Juniper-private */ + { 195, "IEEE802_15_4" }, + { 196, "SITA" }, + { 197, "ERF" }, + { 198, "RAIF1" }, /* Special header prepended to Ethernet packets when capturing from a u10 Networks board */ + { 199, "IPMB" }, /* IPMB packet for IPMI */ + { 200, "JUNIPER_ST" }, /* Juniper-private */ + { 201, "BLUETOOTH_HCI_H4_WITH_PHDR" }, + { 202, "AX25_KISS" }, + { 203, "LAPD" }, + { 204, "PPP_WITH_DIR" }, + { 205, "C_HDLC_WITH_DIR" }, + { 206, "FRELAY_WITH_DIR" }, + { 207, "LAPB_WITH_DIR" }, /* LAPB with direction pseudo-header */ + { 209, "IPMB_LINUX" }, + { 210, "FLEXRAY" }, /* FlexRay automotive bus */ + { 211, "MOST" }, /* Media Oriented Systems Transport */ + { 212, "LIN" }, /* Local Interconnect Network */ + { 213, "X2E_SERIAL" }, /* X2E-private for serial line capture */ + { 214, "X2E_XORAYA" }, /* X2E-private for Xoraya data logger family */ + { 215, "IEEE802_15_4_NONASK_PHY" }, + { 216, "LINUX_EVDEV" }, /* Linux evdev messages */ + { 217, "GSMTAP_UM" }, /* "gsmtap" header followed by GSM Um interface packets */ + { 218, "GSMTAP_UM" }, /* "gsmtap" header followed by GSM Abis interface packets */ + { 219, "MPLS" }, /* MPLS label (stack?) as the link-layer header */ + { 220, "USB_LINUX_MMAPPED" }, + { 221, "DECT" }, /* DECT packets, with a pseudo-header */ + { 222, "AOS" }, /* AOS Space Data Link Protocol */ + { 223, "WIHART" }, /* Wireless HART */ + { 224, "FC_2" }, + { 225, "FC_2_WITH_FRAME_DELIMS" }, + { 226, "IPNET" }, + { 227, "CAN_SOCKETCAN" }, + { 228, "IPV4" }, + { 229, "IPV6" }, + { 230, "IEEE802_15_4_NOFCS" }, + { 231, "DBUS" }, + { 232, "JUNIPER_VS" }, /* Juniper-private */ + { 233, "JUNIPER_SRX_E2E" }, /* Juniper-private */ + { 234, "JUNIPER_FIBRECHANNEL" }, /* Juniper-private */ + { 235, "DVB_CI" }, + { 236, "MUX27010" }, + { 237, "STANAG_5066_D_PDU" }, + { 238, "JUNIPER_ATM_CEMIC" }, /* Juniper-private */ + { 239, "NFLOG" }, + { 240, "NETANALYZER" }, + { 241, "NETANALYZER_TRANSPARENT" }, + { 242, "IPOIB" }, + { 243, "MPEG_2_TS" }, + { 244, "NG40" }, + { 245, "NFC_LLCP" }, + { 246, "PFSYNC" }, + { 247, "INFINIBAND" }, + { 248, "SCTP" }, + { 249, "USBPCAP" }, + { 250, "RTAC_SERIAL" }, + { 251, "BLUETOOTH_LE_LL" }, + { 252, "WIRESHARK_UPPER_PDU" }, /* Upper-layer protocol saves from Wireshark */ + { 253, "NETLINK" }, + { 254, "BLUETOOTH_LINUX_MONITOR" }, + { 255, "BLUETOOTH_BREDR_BB" }, + { 256, "BLUETOOTH_LE_LL_WITH_PHDR" }, + { 257, "PROFIBUS_DL" }, + { 258, "PKTAP" }, + { 259, "EPON" }, + { 260, "IPMI_HPM_2" }, + { 261, "ZWAVE_R1_R2" }, + { 262, "ZWAVE_R3" }, + { 263, "WATTSTOPPER_DLM" }, + { 264, "ISO_14443" }, + { 0, NULL } +}; + +static const value_string pseudoheader_bluetooth_direction_vals[] = { + { 0, "Sent" }, + { 1, "Recv" }, + { 0, NULL } +}; + +static int +dissect_pcap_pktdata(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + gint offset = 0; + guint32 *link_type; + guint32 length = 0; + tvbuff_t *next_tvb; + proto_item *pseudoheader_item; + proto_tree *pseudoheader_tree = NULL; + proto_item *packet_item; + proto_tree *packet_tree; + + DISSECTOR_ASSERT(data); + + link_type = (guint32 *) data; + pinfo->phdr->pkt_encap = wtap_pcap_encap_to_wtap_encap(*link_type); + + switch (*link_type) { + case 139: +/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ + break; + case 196: + length = 5; + break; + case 197: +/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ + break; + case 201: + length = 4; + break; + case 204: + length = 1; + break; + case 205: + length = 1; + break; + case 206: + length = 1; + break; + case 209: + length = 6; + break; + case 226: + length = 24; + break; + case 227: +/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ + break; + case 240: + case 241: + length = 4; + break; + case 244: + length = 20; + break; + case 245: + length = 20; + break; + } + + if (length > 0) { + pseudoheader_item = proto_tree_add_item(tree, hf_pcap_pktdata_pseudoheader, tvb, offset, length, ENC_NA); + pseudoheader_tree = proto_item_add_subtree(pseudoheader_item, ett_pcap_pktdata_pseudoheader); + } + + switch (*link_type) { + case 201: + proto_tree_add_item(pseudoheader_tree, hf_pcap_pktdata_pseudoheader_bluetooth_direction, tvb, offset, 4, ENC_BIG_ENDIAN); + if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 0) + pinfo->p2p_dir = P2P_DIR_SENT; + else if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 1) + pinfo->p2p_dir = P2P_DIR_RECV; + else + pinfo->p2p_dir = P2P_DIR_UNKNOWN; + offset += 4; + break; + default: + offset += length; + } + + next_tvb = tvb_new_subset_remaining(tvb, offset); + + packet_item = proto_tree_add_item(tree, hf_pcap_pktdata_data, tvb, offset, tvb_reported_length(next_tvb), ENC_NA); + packet_tree = proto_item_add_subtree(packet_item, ett_pcap_pktdata_data); + + offset = dissector_try_uint_new(wtap_encap_table, pinfo->phdr->pkt_encap, next_tvb, pinfo, packet_tree, TRUE, NULL); + + return offset; +} + +void +proto_register_pcap_pktdata(void) +{ + static hf_register_info hf[] = { + { &hf_pcap_pktdata_pseudoheader, + { "Pseudoheader", "pcap_pktdata.data.pseudoheader", + FT_NONE, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_pcap_pktdata_pseudoheader_bluetooth_direction, + { "Direction", "pcap_pktdata.pseudoheader.bluetooth.direction", + FT_UINT32, BASE_HEX, VALS(pseudoheader_bluetooth_direction_vals), 0x00, + NULL, HFILL } + }, + { &hf_pcap_pktdata_data, + { "Data", "pcap_pktdata.data", + FT_NONE, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + }; + + static gint *ett[] = { + &ett_pcap_pktdata_pseudoheader, + &ett_pcap_pktdata_data + }; + + proto_pcap_pktdata = proto_register_protocol("pcap/pcapng packet data", "pcap_pktdata", "pcap_pktdata"); + proto_register_field_array(proto_pcap_pktdata, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + new_register_dissector("pcap_pktdata", dissect_pcap_pktdata, proto_pcap_pktdata); +} + +void +proto_reg_handoff_pcap_pktdata(void) +{ + wtap_encap_table = find_dissector_table("wtap_encap"); +} diff --git a/epan/dissectors/packet-pcap_pktdata.h b/epan/dissectors/packet-pcap_pktdata.h new file mode 100644 index 0000000000..31139302a8 --- /dev/null +++ b/epan/dissectors/packet-pcap_pktdata.h @@ -0,0 +1,36 @@ +/* packet-pcap_pktdata.h + * Data exported from the dissector for packet data from a pcap or pcapng + * file or from a "remote pcap" protocol. + * + * Copyright 2015, Michal Labedzki for Tieto Corporation + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* + * Link-layer header type values. + * + * Includes both the official documented values from + * + * http://www.tcpdump.org/linktypes.html + * + * and values not listed there. The names are, in most cases, the + * LINKTYPE_ names with LINKTYPE_ stripped off. + */ +WS_DLL_PUBLIC const value_string link_type_vals[]; |