diff options
| author | Guy Harris <guy@alum.mit.edu> | 2015-11-20 18:52:02 -0800 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2015-11-21 02:52:57 +0000 |
| commit | 91f4e3b73d6929591d6b0790c7e1a4c1810f045d (patch) | |
| tree | e46395c93860ba78d20177254f0fb539ddcb2cd4 /epan/dissectors/file-pcap.c | |
| parent | fef4714e7255572ec40a877ccf7fb7ca76eb90dc (diff) | |
Have a separate dissector for pcap/pcapng-format packet data.
Put that dissector into its own file, and get handles for it from the
pcap and pcapng file dissectors. Put the value_string of pcap/pcapng
LINKTYPE_ values there, and have the pcap and pcapng file dissectors
import it.
Expand that table to include all LINKTYPE_ values in the current
libpcap.
Change-Id: I9397035efa5711e8a18a26e056d3b54494fd3148
Reviewed-on: https://code.wireshark.org/review/12000
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors/file-pcap.c')
| -rw-r--r-- | epan/dissectors/file-pcap.c | 240 |
1 files changed, 6 insertions, 234 deletions
diff --git a/epan/dissectors/file-pcap.c b/epan/dissectors/file-pcap.c index f9304467ea..d04e7d86df 100644 --- a/epan/dissectors/file-pcap.c +++ b/epan/dissectors/file-pcap.c @@ -1,6 +1,6 @@ /* file-pcap.c * Routines for PCAP File Format - * https://wiki.wireshark.org/Development/LibpcapFileFormat + * http://www.tcpdump.org/manpages/pcap-savefile.5.html * * Copyright 2015, Michal Labedzki for Tieto Corporation * @@ -32,13 +32,11 @@ #include <epan/show_exception.h> #include <epan/wmem/wmem.h> -#include <wiretap/wtap.h> -#include <wiretap/pcap-encap.h> +#include <epan/dissectors/packet-pcap_pktdata.h> static int proto_pcap = -1; -static dissector_handle_t pcap_handle; -dissector_handle_t pcap_pseudoheader_handle; +static dissector_handle_t pcap_pktdata_handle; static int hf_pcap_header = -1; static int hf_pcap_header_magic_number = -1; @@ -55,9 +53,6 @@ static int hf_pcap_packet_timestamp_usec = -1; static int hf_pcap_packet_included_length = -1; static int hf_pcap_packet_origin_length = -1; static int hf_pcap_packet_data = -1; -static int hf_pcap_packet_data_pseudoheader = -1; -static int hf_pcap_packet_data_pseudoheader_bluetooth_direction = -1; -static int hf_pcap_packet_data_data = -1; static expert_field ei_unknown_encoding = EI_INIT; @@ -65,11 +60,8 @@ static gint ett_pcap = -1; static gint ett_pcap_header = -1; static gint ett_pcap_packet = -1; static gint ett_pcap_packet_data = -1; -static gint ett_pcap_pseudoheader = -1; static gint ett_pcap_timestamp = -1; -static dissector_table_t wtap_encap_table; - static gboolean pref_dissect_next_layer = FALSE; static const value_string magic_number_vals[] = { @@ -78,213 +70,10 @@ static const value_string magic_number_vals[] = { { 0, NULL } }; -static const value_string link_type_vals[] = { - { 0, "NULL" }, - { 1, "ETHERNET" }, - { 3, "AX25" }, - { 6, "IEEE802_5" }, - { 7, "ARCNET_BSD" }, - { 8, "SLIP" }, - { 9, "PPP" }, - { 10, "FDDI" }, - { 50, "PPP_HDLC" }, - { 51, "PPP_ETHER" }, - { 100, "ATM_RFC1483" }, - { 101, "RAW" }, - { 104, "C_HDLC" }, - { 105, "IEEE802_11" }, - { 107, "FRELAY" }, - { 108, "LOOP" }, - { 113, "LINUX_SLL" }, - { 114, "LTALK" }, - { 117, "PFLOG" }, - { 119, "IEEE802_11_PRISM" }, - { 122, "IP_OVER_FC" }, - { 123, "SUNATM" }, - { 127, "IEEE802_11_RADIOTAP" }, - { 129, "ARCNET_LINUX" }, - { 138, "APPLE_IP_OVER_IEEE1394" }, - { 139, "MTP2_WITH_PHDR" }, - { 140, "MTP2" }, - { 141, "MTP3" }, - { 142, "SCCP" }, - { 143, "DOCSIS" }, - { 144, "LINUX_IRDA" }, - { 147, "USER_0" }, - { 148, "USER_1" }, - { 149, "USER_2" }, - { 150, "USER_3" }, - { 151, "USER_4" }, - { 152, "USER_5" }, - { 153, "USER_6" }, - { 154, "USER_7" }, - { 155, "USER_8" }, - { 156, "USER_9" }, - { 157, "USER_10" }, - { 158, "USER_11" }, - { 159, "USER_12" }, - { 160, "USER_13" }, - { 161, "USER_14" }, - { 162, "USER_15" }, - { 163, "IEEE802_11_AVS" }, - { 165, "BACNET_MS_TP" }, - { 166, "PPP_PPPD" }, - { 169, "GPRS_LLC" }, - { 177, "LINUX_LAPD" }, - { 187, "BLUETOOTH_HCI_H4" }, - { 189, "USB_LINUX" }, - { 192, "PPI" }, - { 195, "IEEE802_15_4" }, - { 196, "SITA" }, - { 197, "ERF" }, - { 201, "BLUETOOTH_HCI_H4_WITH_PHDR" }, - { 202, "AX25_KISS" }, - { 203, "LAPD" }, - { 204, "PPP_WITH_DIR" }, - { 205, "C_HDLC_WITH_DIR" }, - { 206, "FRELAY_WITH_DIR" }, - { 209, "IPMB_LINUX" }, - { 215, "IEEE802_15_4_NONASK_PHY" }, - { 220, "USB_LINUX_MMAPPED" }, - { 224, "FC_2" }, - { 225, "FC_2_WITH_FRAME_DELIMS" }, - { 226, "IPNET" }, - { 227, "CAN_SOCKETCAN" }, - { 228, "IPV4" }, - { 229, "IPV6" }, - { 230, "IEEE802_15_4_NOFCS" }, - { 231, "DBUS" }, - { 235, "DVB_CI" }, - { 236, "MUX27010" }, - { 237, "STANAG_5066_D_PDU" }, - { 239, "NFLOG" }, - { 240, "NETANALYZER" }, - { 241, "NETANALYZER_TRANSPARENT" }, - { 242, "IPOIB" }, - { 243, "MPEG_2_TS" }, - { 244, "NG40" }, - { 245, "NFC_LLCP" }, - { 247, "INFINIBAND" }, - { 248, "SCTP" }, - { 249, "USBPCAP" }, - { 250, "RTAC_SERIAL" }, - { 251, "BLUETOOTH_LE_LL" }, - { 253, "NETLINK" }, - { 254, "BLUETOOTH_LINUX_MONITOR" }, - { 255, "BLUETOOTH_BREDR_BB" }, - { 256, "BLUETOOTH_LE_LL_WITH_PHDR" }, - { 257, "PROFIBUS_DL" }, - { 258, "PKTAP" }, - { 259, "EPON" }, - { 260, "IPMI_HPM_2" }, - { 261, "ZWAVE_R1_R2" }, - { 262, "ZWAVE_R3" }, - { 263, "WATTSTOPPER_DLM" }, - { 264, "ISO_14443" }, - { 0, NULL } -}; - -static const value_string pseudoheader_bluetooth_direction_vals[] = { - { 0, "Sent" }, - { 1, "Recv" }, - { 0, NULL } -}; - - void proto_register_file_pcap(void); void proto_reg_handoff_file_pcap(void); static int -dissect_pcap_pseudoheader(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) -{ - gint offset = 0; - guint32 *link_type; - guint32 length = 0; - tvbuff_t *next_tvb; - proto_item *pseudoheader_item; - proto_tree *pseudoheader_tree = NULL; - proto_item *packet_item; - proto_tree *packet_tree; - - DISSECTOR_ASSERT(data); - - link_type = (guint32 *) data; - pinfo->phdr->pkt_encap = wtap_pcap_encap_to_wtap_encap(*link_type); - - switch (*link_type) { - case 139: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 196: - length = 5; - break; - case 197: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 201: - length = 4; - break; - case 204: - length = 1; - break; - case 205: - length = 1; - break; - case 206: - length = 1; - break; - case 209: - length = 6; - break; - case 226: - length = 24; - break; - case 227: -/* TODO no description for pseudoheader at http://www.tcpdump.org/linktypes.html */ - break; - case 240: - case 241: - length = 4; - break; - case 244: - length = 20; - break; - case 245: - length = 20; - break; - } - - if (length > 0) { - pseudoheader_item = proto_tree_add_item(tree, hf_pcap_packet_data_pseudoheader, tvb, offset, length, ENC_NA); - pseudoheader_tree = proto_item_add_subtree(pseudoheader_item, ett_pcap_pseudoheader); - } - - switch (*link_type) { - case 201: - proto_tree_add_item(pseudoheader_tree, hf_pcap_packet_data_pseudoheader_bluetooth_direction, tvb, offset, 4, ENC_BIG_ENDIAN); - if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 0) - pinfo->p2p_dir = P2P_DIR_SENT; - else if (tvb_get_guint32(tvb, offset, ENC_BIG_ENDIAN) == 1) - pinfo->p2p_dir = P2P_DIR_RECV; - else - pinfo->p2p_dir = P2P_DIR_UNKNOWN; - offset += 4; - break; - default: - offset += length; - } - - next_tvb = tvb_new_subset_remaining(tvb, offset); - - packet_item = proto_tree_add_item(tree, hf_pcap_packet_data_data, tvb, offset, tvb_reported_length(next_tvb), ENC_NA); - packet_tree = proto_item_add_subtree(packet_item, ett_pcap_packet_data); - - offset = dissector_try_uint_new(wtap_encap_table, pinfo->phdr->pkt_encap, next_tvb, pinfo, packet_tree, TRUE, NULL); - - return offset; -} - -static int dissect_pcap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { static const guint8 pcap_magic[] = { 0xA1, 0xB2, 0xC3, 0xD4 }; @@ -379,7 +168,7 @@ dissect_pcap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_ if (pref_dissect_next_layer) { TRY { - call_dissector_with_data(pcap_pseudoheader_handle, tvb_new_subset(tvb, offset, length, origin_length), pinfo, packet_data_tree, &link_type); + call_dissector_with_data(pcap_pktdata_handle, tvb_new_subset(tvb, offset, length, origin_length), pinfo, packet_data_tree, &link_type); } CATCH_BOUNDS_ERRORS { show_exception(tvb, pinfo, packet_data_tree, EXCEPT_CODE, GET_MESSAGE); @@ -483,21 +272,6 @@ proto_register_file_pcap(void) FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, - { &hf_pcap_packet_data_pseudoheader, - { "Pseudoheader", "pcap.packet.data.pseudoheader", - FT_NONE, BASE_NONE, NULL, 0x00, - NULL, HFILL } - }, - { &hf_pcap_packet_data_pseudoheader_bluetooth_direction, - { "Direction", "pcap.packet.data.pseudoheader.bluetooth.direction", - FT_UINT32, BASE_HEX, VALS(pseudoheader_bluetooth_direction_vals), 0x00, - NULL, HFILL } - }, - { &hf_pcap_packet_data_data, - { "Data", "pcap.packet.data.data", - FT_NONE, BASE_NONE, NULL, 0x00, - NULL, HFILL } - }, }; static ei_register_info ei[] = { @@ -509,7 +283,6 @@ proto_register_file_pcap(void) &ett_pcap_header, &ett_pcap_packet, &ett_pcap_packet_data, - &ett_pcap_pseudoheader, &ett_pcap_timestamp }; @@ -517,8 +290,7 @@ proto_register_file_pcap(void) proto_register_field_array(proto_pcap, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - pcap_handle = new_register_dissector("file-pcap", dissect_pcap, proto_pcap); - pcap_pseudoheader_handle = new_create_dissector_handle(dissect_pcap_pseudoheader, proto_pcap); + new_register_dissector("file-pcap", dissect_pcap, proto_pcap); module = prefs_register_protocol(proto_pcap, NULL); prefs_register_static_text_preference(module, "version", @@ -538,7 +310,7 @@ void proto_reg_handoff_file_pcap(void) { heur_dissector_add("wtap_file", dissect_pcap_heur, "PCAP File", "pcap_wtap", proto_pcap, HEURISTIC_ENABLE); - wtap_encap_table = find_dissector_table("wtap_encap"); + pcap_pktdata_handle = find_dissector("pcap_pktdata"); } /* |