diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
commit | 669db206cb1f270046ad400fff7655e20c63e723 (patch) | |
tree | 4eff24a2e16c8963e497e1fc575f35e6af59bd26 /epan/dissectors/packet-symantec.c | |
parent | ae46c27a38700af669ef907491081f09df6f6b2c (diff) |
Move dissectors to epan/dissectors directory.
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Diffstat (limited to 'epan/dissectors/packet-symantec.c')
-rw-r--r-- | epan/dissectors/packet-symantec.c | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/epan/dissectors/packet-symantec.c b/epan/dissectors/packet-symantec.c new file mode 100644 index 0000000000..1969ab4f3f --- /dev/null +++ b/epan/dissectors/packet-symantec.c @@ -0,0 +1,103 @@ +/* packet-symantec.c + * Routines for dissection of packets from the Axent Raptor firewall/ + * Symantec Enterprise Firewall + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> + +#include <epan/packet.h> + +#include "etypes.h" + +static dissector_table_t ethertype_dissector_table; + +/* protocols and header fields */ +static int proto_symantec = -1; +static int hf_symantec_etype = -1; + +static gint ett_symantec = -1; + +static void +dissect_symantec(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *ti; + proto_tree *symantec_tree = NULL; + guint16 etype; + tvbuff_t *next_tvb; + + /* + * There appears to be 6 bytes of mysterious junk, followed by an + * Ethernet type (or, at least, there's 08 00), followed by 36 bytes + * of 0. + */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_add_str(pinfo->cinfo, COL_PROTOCOL, "Symantec"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_fstr(pinfo->cinfo, COL_INFO, "Symantec Enterprise Firewall"); + if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_symantec, tvb, + 0, 44, "Symantec firewall"); + symantec_tree = proto_item_add_subtree(ti, ett_symantec); + } + etype = tvb_get_ntohs(tvb, 6); + if (tree) { + proto_tree_add_uint(symantec_tree, hf_symantec_etype, tvb, + 6, 2, etype); + } + next_tvb = tvb_new_subset(tvb, 44, -1, -1); + dissector_try_port(ethertype_dissector_table, etype, next_tvb, pinfo, + tree); +} + +void +proto_register_symantec(void) +{ + static hf_register_info hf[] = { + { &hf_symantec_etype, + { "Type", "symantec.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, + "", HFILL }}, + }; + static gint *ett[] = { + &ett_symantec, + }; + + proto_symantec = proto_register_protocol("Symantec Enterprise Firewall", + "Symantec", "symantec"); + proto_register_field_array(proto_symantec, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_symantec(void) +{ + dissector_handle_t symantec_handle; + + ethertype_dissector_table = find_dissector_table("ethertype"); + + symantec_handle = create_dissector_handle(dissect_symantec, + proto_symantec); + dissector_add("wtap_encap", WTAP_ENCAP_SYMANTEC, symantec_handle); +} |