diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-10-31 11:16:01 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-10-31 11:16:01 +0000 |
commit | 0c689e7297d830aa84bac3439a7aa8fe4df48e51 (patch) | |
tree | 2473c39ecf8f153227f11c4ba64571537e8be582 /epan/dissectors/packet-nbd.c | |
parent | 2d1bb39121cf739517b55c68a84e5d9ad5b31619 (diff) |
new protocol NBD NetworkBlockDevice
svn path=/trunk/; revision=19752
Diffstat (limited to 'epan/dissectors/packet-nbd.c')
-rw-r--r-- | epan/dissectors/packet-nbd.c | 500 |
1 files changed, 500 insertions, 0 deletions
diff --git a/epan/dissectors/packet-nbd.c b/epan/dissectors/packet-nbd.c new file mode 100644 index 0000000000..aaa91d9e2e --- /dev/null +++ b/epan/dissectors/packet-nbd.c @@ -0,0 +1,500 @@ +/* packet-nbd.c + * Routines for Network Block Device (NBD) dissection. + * + * Ronnie sahlberg 2006 + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include <epan/prefs.h> + +#include <glib.h> +#include <epan/packet.h> +#include <epan/conversation.h> +#include <epan/emem.h> +#include "packet-tcp.h" + +static gint proto_nbd = -1; +static int hf_nbd_magic = -1; +static int hf_nbd_type = -1; +static int hf_nbd_error = -1; +static int hf_nbd_handle = -1; +static int hf_nbd_from = -1; +static int hf_nbd_len = -1; +static int hf_nbd_response_in = -1; +static int hf_nbd_response_to = -1; +static int hf_nbd_time = -1; +static int hf_nbd_data = -1; + +static gint ett_nbd = -1; + + +static gboolean nbd_desegment = TRUE; + +typedef struct _nbd_transaction_t { + guint32 req_frame; + guint32 rep_frame; + nstime_t req_time; + guint32 datalen; + guint8 type; +} nbd_transaction_t; +typedef struct _nbd_conv_info_t { + emem_tree_t *unacked_pdus; /* indexed by handle, whichs wraps quite frequently */ + emem_tree_t *acked_pdus; /* indexed by packet# and handle */ +} nbd_conv_info_t; + + +#define NBD_REQUEST_MAGIC 0x25609513 +#define NBD_RESPONSE_MAGIC 0x67446698 + +#define NBD_CMD_READ 0 +#define NBD_CMD_WRITE 1 +#define NBD_CMD_DISC 2 +static const value_string nbd_type_vals[] = { + {NBD_CMD_READ, "NBD_CMD_READ"}, + {NBD_CMD_WRITE, "NBD_CMD_WRITE"}, + {NBD_CMD_DISC, "NBD_CMD_DISC"}, + {0, NULL} +}; + + +/* This function will try to determine the complete size of a PDU + * based on the information in the header. + */ +static guint +get_nbd_tcp_pdu_len(packet_info *pinfo, tvbuff_t *tvb, int offset) +{ + guint32 magic, type, packet; + conversation_t *conversation; + nbd_conv_info_t *nbd_info; + nbd_transaction_t *nbd_trans=NULL; + emem_tree_key_t hkey[3]; + guint64 handle; + + magic=tvb_get_ntohl(tvb, offset); + + switch(magic){ + case NBD_REQUEST_MAGIC: + type=tvb_get_ntohl(tvb, offset+4); + switch(type){ + case NBD_CMD_WRITE: + return tvb_get_ntohl(tvb, offset+24)+28; + break; + default: + return 28; + } + break; + case NBD_RESPONSE_MAGIC: + /* + * Do we have a conversation for this connection? + */ + conversation = find_conversation(pinfo->fd->num, + &pinfo->src, &pinfo->dst, + pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + if (conversation == NULL) { + /* No, so just return the rest of the current packet */ + return tvb_length(tvb); + } + /* + * Do we have a state structure for this conv + */ + nbd_info = conversation_get_proto_data(conversation, proto_nbd); + if (!nbd_info) { + /* No, so just return the rest of the current packet */ + return tvb_length(tvb); + } + if(!pinfo->fd->flags.visited){ + /* + * Do we have a state structure for this transaction + */ + handle=tvb_get_ntoh64(tvb, offset+8); + hkey[0].length=2; + hkey[0].key=(guint32 *)&handle; + hkey[1].length=0; + nbd_trans=se_tree_lookup32_array(nbd_info->unacked_pdus, hkey); + if(!nbd_trans){ + /* No, so just return the rest of the current packet */ + return tvb_length(tvb); + } + } else { + /* + * Do we have a state structure for this transaction + */ + handle=tvb_get_ntoh64(tvb, offset+8); + packet=pinfo->fd->num; + hkey[0].length=1; + hkey[0].key=&packet; + hkey[1].length=2; + hkey[1].key=(guint32 *)&handle; + hkey[2].length=0; + nbd_trans=se_tree_lookup32_array(nbd_info->acked_pdus, hkey); + if(!nbd_trans){ + /* No, so just return the rest of the current packet */ + return tvb_length(tvb); + } + } + /* If this is a read response we must add the datalen to + * the pdu size + */ + if(nbd_trans->type==NBD_CMD_READ){ + return 16+nbd_trans->datalen; + } else { + return 16; + } + break; + default: + /* Did not really look like a NBD packet after all */ + return 0; + } +} + +static void +dissect_nbd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + guint32 magic, error, packet; + guint64 handle=0, from; + int offset=0; + proto_tree *tree=NULL; + proto_item *item=NULL; + conversation_t *conversation; + nbd_conv_info_t *nbd_info; + nbd_transaction_t *nbd_trans=NULL; + emem_tree_key_t hkey[3]; + + if(check_col(pinfo->cinfo, COL_PROTOCOL)){ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBD"); + } + + if(check_col(pinfo->cinfo, COL_INFO)){ + col_clear(pinfo->cinfo, COL_INFO); + } + + item = proto_tree_add_item(parent_tree, proto_nbd, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_nbd); + + + magic=tvb_get_ntohl(tvb, offset); + proto_tree_add_item(tree, hf_nbd_magic, tvb, offset, 4, FALSE); + offset+=4; + + + /* grab what we need to do the request/response matching */ + switch(magic){ + case NBD_REQUEST_MAGIC: + handle=tvb_get_ntoh64(tvb, offset+4); + break; + case NBD_RESPONSE_MAGIC: + handle=tvb_get_ntoh64(tvb, offset+4); + break; + default: + return; + } + + /* + * Do we have a conversation for this connection? + */ + conversation = find_conversation(pinfo->fd->num, + &pinfo->src, &pinfo->dst, + pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + if (conversation == NULL) { + /* We don't yet have a conversation, so create one. */ + conversation = conversation_new(pinfo->fd->num, + &pinfo->src, &pinfo->dst, + pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + } + /* + * Do we already have a state structure for this conv + */ + nbd_info = conversation_get_proto_data(conversation, proto_nbd); + if (!nbd_info) { + /* No. Attach that information to the conversation, and add + * it to the list of information structures. + */ + nbd_info = se_alloc(sizeof(nbd_conv_info_t)); + nbd_info->unacked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_unacked_pdus"); + nbd_info->acked_pdus=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "nbd_acked_pdus"); + + conversation_add_proto_data(conversation, proto_nbd, nbd_info); + } + if(!pinfo->fd->flags.visited){ + if(magic==NBD_REQUEST_MAGIC){ + /* This is a request */ + nbd_trans=se_alloc(sizeof(nbd_transaction_t)); + nbd_trans->req_frame=pinfo->fd->num; + nbd_trans->rep_frame=0; + nbd_trans->req_time=pinfo->fd->abs_ts; + nbd_trans->type=tvb_get_ntohl(tvb, offset); + nbd_trans->datalen=tvb_get_ntohl(tvb, offset+20); + + hkey[0].length=2; + hkey[0].key=(guint32 *)&handle; + hkey[1].length=0; + + se_tree_insert32_array(nbd_info->unacked_pdus, hkey, (void *)nbd_trans); + } else if(magic==NBD_RESPONSE_MAGIC){ + hkey[0].length=2; + hkey[0].key=(guint32 *)&handle; + hkey[1].length=0; + + nbd_trans=se_tree_lookup32_array(nbd_info->unacked_pdus, hkey); + if(nbd_trans){ + nbd_trans->rep_frame=pinfo->fd->num; + + hkey[0].length=1; + hkey[0].key=&nbd_trans->rep_frame; + hkey[1].length=2; + hkey[1].key=(guint32 *)&handle; + hkey[2].length=0; + se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans); + hkey[0].length=1; + hkey[0].key=&nbd_trans->req_frame; + hkey[1].length=2; + hkey[1].key=(guint32 *)&handle; + hkey[2].length=0; + se_tree_insert32_array(nbd_info->acked_pdus, hkey, (void *)nbd_trans); + } + } + } else { + packet=pinfo->fd->num; + hkey[0].length=1; + hkey[0].key=&packet; + hkey[1].length=2; + hkey[1].key=(guint32 *)&handle; + hkey[2].length=0; + + nbd_trans=se_tree_lookup32_array(nbd_info->acked_pdus, hkey); + } + /* The bloody handles are reused !!! eventhough they are 64 bits. + * So we must verify we got the "correct" one + */ + if( (magic==NBD_RESPONSE_MAGIC) + && (nbd_trans) + && (pinfo->fd->num<nbd_trans->req_frame) ){ + /* must have been the wrong one */ + nbd_trans=NULL; + } + + if(!nbd_trans){ + /* create a "fake" nbd_trans structure */ + nbd_trans=ep_alloc(sizeof(nbd_transaction_t)); + nbd_trans->req_frame=0; + nbd_trans->rep_frame=0; + nbd_trans->req_time=pinfo->fd->abs_ts; + nbd_trans->type=0xff; + nbd_trans->datalen=0; + } + + /* print state tracking in the tree */ + if(magic==NBD_REQUEST_MAGIC){ + /* This is a request */ + if(nbd_trans->rep_frame){ + proto_item *it; + + it=proto_tree_add_uint(tree, hf_nbd_response_in, tvb, 0, 0, nbd_trans->rep_frame); + PROTO_ITEM_SET_GENERATED(it); + } + } else if(magic==NBD_RESPONSE_MAGIC){ + /* This is a reply */ + if(nbd_trans->req_frame){ + proto_item *it; + nstime_t ns; + + it=proto_tree_add_uint(tree, hf_nbd_response_to, tvb, 0, 0, nbd_trans->req_frame); + PROTO_ITEM_SET_GENERATED(it); + + nstime_delta(&ns, &pinfo->fd->abs_ts, &nbd_trans->req_time); + it=proto_tree_add_time(tree, hf_nbd_time, tvb, 0, 0, &ns); + PROTO_ITEM_SET_GENERATED(it); + } + } + + + switch(magic){ + case NBD_REQUEST_MAGIC: + proto_tree_add_item(tree, hf_nbd_type, tvb, offset, 4, FALSE); + offset+=4; + + handle=tvb_get_ntoh64(tvb, offset); + proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, FALSE); + offset+=8; + + from=tvb_get_ntoh64(tvb, offset); + proto_tree_add_item(tree, hf_nbd_from, tvb, offset, 8, FALSE); + offset+=8; + + proto_tree_add_item(tree, hf_nbd_len, tvb, offset, 4, FALSE); + offset+=4; + + if(check_col(pinfo->cinfo, COL_INFO)){ + col_add_fstr(pinfo->cinfo, COL_INFO, "%s 0x%"PRIx64" %d", val_to_str(nbd_trans->type, nbd_type_vals, "unknown:%x"), from, nbd_trans->datalen); + } + + if(nbd_trans->type==NBD_CMD_WRITE){ + proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, FALSE); + } + break; + case NBD_RESPONSE_MAGIC: + error=tvb_get_ntohl(tvb, offset); + proto_tree_add_item(tree, hf_nbd_error, tvb, offset, 4, FALSE); + offset+=4; + + handle=tvb_get_ntoh64(tvb, offset); + proto_tree_add_item(tree, hf_nbd_handle, tvb, offset, 8, FALSE); + offset+=8; + + if(check_col(pinfo->cinfo, COL_INFO)){ + col_add_fstr(pinfo->cinfo, COL_INFO, "%s Error:%d", val_to_str(nbd_trans->type, nbd_type_vals, "unknown:%x"), error); + } + + if(nbd_trans->type==NBD_CMD_READ){ + proto_tree_add_item(tree, hf_nbd_data, tvb, offset, nbd_trans->datalen, FALSE); + } + break; + } + + return; +} + +static gboolean +dissect_nbd_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + guint32 magic, type; + guint64 handle, from; + + /* We need at least this much to tell whether this is NBD or not */ + if(tvb_length(tvb)<4){ + return FALSE; + } + + /* Check if it looks like NBD */ + magic=tvb_get_ntohl(tvb, 0); + switch(magic){ + case NBD_REQUEST_MAGIC: + /* requests are 28 bytes or more */ + if(tvb_length(tvb)<28){ + return FALSE; + } + /* verify type */ + type=tvb_get_ntohl(tvb, 4); + switch(type){ + case NBD_CMD_READ: + case NBD_CMD_WRITE: + case NBD_CMD_DISC: + break; + default: + return FALSE; + } + + handle=tvb_get_ntoh64(tvb, 8); + from=tvb_get_ntoh64(tvb, 16); + + tcp_dissect_pdus(tvb, pinfo, tree, nbd_desegment, 28, get_nbd_tcp_pdu_len, dissect_nbd_tcp_pdu); + return TRUE; + break; + case NBD_RESPONSE_MAGIC: + /* responses are 16 bytes or more */ + if(tvb_length(tvb)<16){ + return FALSE; + } + tcp_dissect_pdus(tvb, pinfo, tree, nbd_desegment, 16, get_nbd_tcp_pdu_len, dissect_nbd_tcp_pdu); + return TRUE; + default: + return FALSE; + } + + return FALSE; +} + +void proto_register_nbd(void) +{ + static hf_register_info hf[] = { + { &hf_nbd_magic, + { "Magic", "nbd.magic", FT_UINT32, BASE_HEX, + NULL, 0x0, "", HFILL }}, + { &hf_nbd_type, + { "Type", "nbd.type", FT_UINT32, BASE_DEC, + VALS(nbd_type_vals), 0x0, "", HFILL }}, + { &hf_nbd_error, + { "Error", "nbd.error", FT_UINT32, BASE_DEC, + NULL, 0x0, "", HFILL }}, + { &hf_nbd_len, + { "Length", "nbd.len", FT_UINT32, BASE_DEC, + NULL, 0x0, "", HFILL }}, + { &hf_nbd_handle, + { "Handle", "nbd.handle", FT_UINT64, BASE_HEX, + NULL, 0x0, "", HFILL }}, + { &hf_nbd_from, + { "From", "nbd.from", FT_UINT64, BASE_HEX, + NULL, 0x0, "", HFILL }}, + { &hf_nbd_response_in, + { "Response In", "nbd.response_in", FT_FRAMENUM, BASE_DEC, + NULL, 0x0, "The response to this NBD request is in this frame", HFILL }}, + { &hf_nbd_response_to, + { "Request In", "nbd.response_to", FT_FRAMENUM, BASE_DEC, + NULL, 0x0, "This is a response to the NBD request in this frame", HFILL }}, + { &hf_nbd_time, + { "Time", "nbd.time", FT_RELATIVE_TIME, BASE_NONE, + NULL, 0x0, "The time between the Call and the Reply", HFILL }}, + + { &hf_nbd_data, + { "Data", "nbd.data", FT_BYTES, BASE_HEX, + NULL, 0x0, "", HFILL }}, + + }; + + + static gint *ett[] = { + &ett_nbd, + }; + + module_t *nbd_module; + + proto_nbd = proto_register_protocol("Network Block Device", + "NBD", "nbd"); + proto_register_field_array(proto_nbd, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + nbd_module = prefs_register_protocol(proto_nbd, NULL); + prefs_register_bool_preference(nbd_module, "desegment_nbd_messages", + "Reassemble NBD messages spanning multiple TCP segments", + "Whether the NBD dissector should reassemble messages spanning multiple TCP segments." + " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings", + &nbd_desegment); + +} + +void +proto_reg_handoff_nbd(void) +{ + heur_dissector_add("tcp", dissect_nbd_tcp_heur, proto_nbd); +} |