diff options
author | Jörg Mayer <jmayer@loplof.de> | 2006-10-07 14:48:04 +0000 |
---|---|---|
committer | Jörg Mayer <jmayer@loplof.de> | 2006-10-07 14:48:04 +0000 |
commit | 7cf6ac9327ad6bff1f910b78c54fb251c1760e4a (patch) | |
tree | 155f5904e5e4b9b00ac23e8d8f6bb15d58e63ced /epan/dissectors/packet-wlccp.c | |
parent | 926ed8aa0104a9a8b9567528c122b3dde75b3535 (diff) |
Stephen Fisher:
packet-cisco-wireless.c is actually trying to dissect WLCCP:
I have attached a dissector I wrote from scratch for the
frames that I'm seeing. It has #defines for the field offsets and
lengths so it should be easier to merge. I also attached a sample
capture with one of the frames that I'm seeing. There are more fields
in the frame I haven't yet figured out, hopefully your dissector has
those that I'm missing.
Me: - Commented in wlccp over udp as well, it works most of the time.
- Leave the file packet-cisco-wireless.c in for the time being to
copy over knowledge until no usable info is left in the file.
svn path=/trunk/; revision=19447
Diffstat (limited to 'epan/dissectors/packet-wlccp.c')
-rw-r--r-- | epan/dissectors/packet-wlccp.c | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/epan/dissectors/packet-wlccp.c b/epan/dissectors/packet-wlccp.c new file mode 100644 index 0000000000..804a23a029 --- /dev/null +++ b/epan/dissectors/packet-wlccp.c @@ -0,0 +1,247 @@ +/* packet-wlccp.c + * Routines for Cisco Wireless LAN Context Control Protocol dissection + * Copyright 2006, Stephen Fisher <stephentfisher@yahoo.com> + * + * $Id: README.developer 18639 2006-07-03 09:26:19Z jake $ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <glib.h> + +#include <epan/packet.h> +#include <epan/prefs.h> +#include <epan/etypes.h> + +/* WLCCP uses both ETHERTYPE_WLCCP (0x872d) from etypes.h and UDP port 2887 */ +#define WLCCP_UDP_PORT 2887 + +/* Field locations and lengths */ +#define WLCCP_LENGTH_OFFSET 4 +#define WLCCP_LENGTH_LENGTH 2 + +#define WLCCP_FLAGS_OFFSET 10 +#define WLCCP_FLAGS_LENGTH 2 + +#define WLCCP_RSP_ID_OFFSET 21 +#define WLCCP_RSP_ID_LENGTH 1 + +#define WLCCP_RSP_OFFSET 22 +#define WLCCP_RSP_LENGTH 6 + +#define WLCCP_PRIORITY_OFFSET 38 +#define WLCCP_PRIORITY_LENGTH 1 + +#define WLCCP_AGE_OFFSET 48 +#define WLCCP_AGE_LENGTH 4 + +#define WLCCP_PERIOD_OFFSET 55 +#define WLCCP_PERIOD_LENGTH 1 + +#define WLCCP_IPV4_ADDRESS_OFFSET 76 +#define WLCCP_IPV4_ADDRESS_LENGTH 4 + + +/* Forward declaration we need below */ +void proto_reg_handoff_wlccp(void); + +/* Initialize the protocol and registered fields */ +static int proto_wlccp = -1; + +static int hf_wlccp_length = -1; +static int hf_wlccp_flags = -1; +static int hf_wlccp_rsp_id = -1; +static int hf_wlccp_rsp = -1; +static int hf_wlccp_priority = -1; +static int hf_wlccp_age = -1; +static int hf_wlccp_period = -1; +static int hf_wlccp_ipv4_address = -1; + +/* Initialize the subtree pointers */ +static gint ett_wlccp = -1; + +/* Code to actually dissect the packets */ +static void +dissect_wlccp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + + /* Set up structures needed to add the protocol subtree and manage it */ + proto_item *ti; + proto_tree *wlccp_tree; + + guint32 ipv4_address; /* For extracting an IPv4 address from packet */ + + /* Make entries in Protocol column and Info column on summary display */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLCCP"); + + if (check_col(pinfo->cinfo, COL_INFO)) + col_set_str(pinfo->cinfo, COL_INFO, "WLCCP frame"); + + if (tree) { + /* create display subtree for the protocol */ + ti = proto_tree_add_item(tree, proto_wlccp, tvb, 0, -1, FALSE); + + wlccp_tree = proto_item_add_subtree(ti, ett_wlccp); + + proto_tree_add_item(wlccp_tree, hf_wlccp_length, tvb, + WLCCP_LENGTH_OFFSET, + WLCCP_LENGTH_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_flags, tvb, + WLCCP_FLAGS_OFFSET, + WLCCP_FLAGS_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_rsp_id, tvb, + WLCCP_RSP_ID_OFFSET, + WLCCP_RSP_ID_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_rsp, tvb, + WLCCP_RSP_OFFSET, + WLCCP_RSP_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_priority, tvb, + WLCCP_PRIORITY_OFFSET, + WLCCP_PRIORITY_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_age, tvb, + WLCCP_AGE_OFFSET, + WLCCP_AGE_LENGTH, FALSE); + + proto_tree_add_item(wlccp_tree, hf_wlccp_period, tvb, + WLCCP_PERIOD_OFFSET, + WLCCP_PERIOD_LENGTH, FALSE); + + ipv4_address = tvb_get_ipv4(tvb, WLCCP_IPV4_ADDRESS_OFFSET); + proto_tree_add_ipv4(wlccp_tree, hf_wlccp_ipv4_address, tvb, + WLCCP_IPV4_ADDRESS_OFFSET, + WLCCP_IPV4_ADDRESS_LENGTH, ipv4_address); + + + } + + + /* If this protocol has a sub-dissector call it here, see section 1.8 */ +} + + +/* Register the protocol with Wireshark */ + +/* this format is require because a script is used to build the C function + that calls all the protocol registration. +*/ + +void +proto_register_wlccp(void) +{ + /* Setup list of header fields See Section 1.6.1 for details*/ + static hf_register_info hf[] = { + { &hf_wlccp_length, + { "Length", "wlccp.length", + FT_UINT16, BASE_DEC, NULL, 0, + "Length of WLCCP payload (bytes)", HFILL } + }, + + { &hf_wlccp_flags, + { "Flags", "wlccp.flags", + FT_UINT16, BASE_HEX, NULL, 0, + "Flags (unknown purpose)", HFILL } + }, + + { &hf_wlccp_rsp_id, + { "Rsp ID", "wlccp.rsp_id", + FT_UINT8, BASE_DEC, NULL, 0, + "Rsp MAC address identifier (unknown purpose)", HFILL } + }, + + { &hf_wlccp_rsp, + { "Rsp", "wlccp.rsp", + FT_ETHER, BASE_NONE, NULL, 0, + "Rsp MAC address (unknown purpose)", HFILL } + }, + + { &hf_wlccp_priority, + { "Priority", "wlccp.priority", + FT_UINT8, BASE_DEC, NULL, 0, + "WDS priority of this access point", HFILL } + }, + + { &hf_wlccp_age, + { "Age", "wlccp.age", + FT_UINT32, BASE_DEC, NULL, 0, + "Age (unknown purpose)", HFILL } + }, + + { &hf_wlccp_period, + { "Period", "wlccp.period", + FT_UINT8, BASE_DEC, NULL, 0, + "Interval between announcements (seconds)", HFILL } + }, + + { &hf_wlccp_ipv4_address, + { "IPv4 Address", "wlccp.ipv4_address", + FT_IPv4, BASE_NONE, NULL, 0, + "IPv4 address of this access point", HFILL } + } + }; + + /* Setup protocol subtree array */ + static gint *ett[] = { + &ett_wlccp, + }; + + /* Register the protocol name and description */ + proto_wlccp = proto_register_protocol("Cisco Wireless LAN Context Control Protocol", + "WLCCP", "wlccp"); + + /* Required function calls to register the header fields and subtrees used */ + proto_register_field_array(proto_wlccp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + +} + + +void +proto_reg_handoff_wlccp(void) +{ + static gboolean inited = FALSE; + + if( !inited ) { + + dissector_handle_t wlccp_handle; + + wlccp_handle = create_dissector_handle(dissect_wlccp, + proto_wlccp); + + dissector_add("ethertype", ETHERTYPE_WLCCP, wlccp_handle); + dissector_add("udp.port", WLCCP_UDP_PORT, wlccp_handle); + + inited = TRUE; + } + +} |